Malware Analysis Report

2024-12-07 16:49

Sample ID 241113-l91r3atjdn
Target Screenshot Nov 7 2024 from Remove.bg (1).png
SHA256 90290a4cb229cad7589e62160200711502288439c68fb721ce5deefa969876fd
Tags
defense_evasion discovery execution phishing
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

90290a4cb229cad7589e62160200711502288439c68fb721ce5deefa969876fd

Threat Level: Likely malicious

The file Screenshot Nov 7 2024 from Remove.bg (1).png was found to be: Likely malicious.

Malicious Activity Summary

defense_evasion discovery execution phishing

Blocklisted process makes network request

A potential corporate email address has been identified in the URL: [email protected]

A potential corporate email address has been identified in the URL: [email protected]

Loads dropped DLL

A potential corporate email address has been identified in the URL: =@L

Executes dropped EXE

Command and Scripting Interpreter: PowerShell

Obfuscated Files or Information: Command Obfuscation

Enumerates processes with tasklist

Drops file in Program Files directory

Launches sc.exe

Drops file in Windows directory

Browser Information Discovery

System Network Configuration Discovery: Internet Connection Discovery

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Modifies registry class

Uses Task Scheduler COM API

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies data under HKEY_USERS

Runs ping.exe

Suspicious use of FindShellTrayWindow

Modifies registry key

Suspicious use of SendNotifyMessage

Checks SCSI registry key(s)

Suspicious use of AdjustPrivilegeToken

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-13 10:14

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-13 10:14

Reported

2024-11-13 10:41

Platform

win11-20241007-en

Max time kernel

1371s

Max time network

1160s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\Screenshot Nov 7 2024 from Remove.bg (1).png"

Signatures

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

A potential corporate email address has been identified in the URL: =@L

phishing

A potential corporate email address has been identified in the URL: [email protected]

phishing

A potential corporate email address has been identified in the URL: [email protected]

phishing

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\BA2549D1-BB80-48DB-953B-5AA600DAFFD9\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BA2549D1-BB80-48DB-953B-5AA600DAFFD9\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BA2549D1-BB80-48DB-953B-5AA600DAFFD9\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BA2549D1-BB80-48DB-953B-5AA600DAFFD9\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BA2549D1-BB80-48DB-953B-5AA600DAFFD9\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BA2549D1-BB80-48DB-953B-5AA600DAFFD9\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BA2549D1-BB80-48DB-953B-5AA600DAFFD9\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BA2549D1-BB80-48DB-953B-5AA600DAFFD9\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BA2549D1-BB80-48DB-953B-5AA600DAFFD9\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BA2549D1-BB80-48DB-953B-5AA600DAFFD9\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BA2549D1-BB80-48DB-953B-5AA600DAFFD9\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BA2549D1-BB80-48DB-953B-5AA600DAFFD9\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BA2549D1-BB80-48DB-953B-5AA600DAFFD9\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BA2549D1-BB80-48DB-953B-5AA600DAFFD9\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BA2549D1-BB80-48DB-953B-5AA600DAFFD9\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BA2549D1-BB80-48DB-953B-5AA600DAFFD9\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BA2549D1-BB80-48DB-953B-5AA600DAFFD9\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BA2549D1-BB80-48DB-953B-5AA600DAFFD9\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BA2549D1-BB80-48DB-953B-5AA600DAFFD9\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BA2549D1-BB80-48DB-953B-5AA600DAFFD9\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BA2549D1-BB80-48DB-953B-5AA600DAFFD9\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BA2549D1-BB80-48DB-953B-5AA600DAFFD9\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BA2549D1-BB80-48DB-953B-5AA600DAFFD9\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BC1E8C57-6D12-4E19-82CD-C2505618D898\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BC1E8C57-6D12-4E19-82CD-C2505618D898\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BC1E8C57-6D12-4E19-82CD-C2505618D898\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BC1E8C57-6D12-4E19-82CD-C2505618D898\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BC1E8C57-6D12-4E19-82CD-C2505618D898\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BC1E8C57-6D12-4E19-82CD-C2505618D898\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BC1E8C57-6D12-4E19-82CD-C2505618D898\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BC1E8C57-6D12-4E19-82CD-C2505618D898\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BC1E8C57-6D12-4E19-82CD-C2505618D898\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BC1E8C57-6D12-4E19-82CD-C2505618D898\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BC1E8C57-6D12-4E19-82CD-C2505618D898\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BC1E8C57-6D12-4E19-82CD-C2505618D898\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BC1E8C57-6D12-4E19-82CD-C2505618D898\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BC1E8C57-6D12-4E19-82CD-C2505618D898\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BC1E8C57-6D12-4E19-82CD-C2505618D898\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BC1E8C57-6D12-4E19-82CD-C2505618D898\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BC1E8C57-6D12-4E19-82CD-C2505618D898\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BC1E8C57-6D12-4E19-82CD-C2505618D898\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BC1E8C57-6D12-4E19-82CD-C2505618D898\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BC1E8C57-6D12-4E19-82CD-C2505618D898\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BC1E8C57-6D12-4E19-82CD-C2505618D898\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BC1E8C57-6D12-4E19-82CD-C2505618D898\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BC1E8C57-6D12-4E19-82CD-C2505618D898\dismhost.exe N/A

Obfuscated Files or Information: Command Obfuscation

defense_evasion

Enumerates processes with tasklist

discovery
Description Indicator Process Target
N/A N/A C:\Windows\System32\tasklist.exe N/A
N/A N/A C:\Windows\System32\tasklist.exe N/A
N/A N/A C:\Windows\System32\tasklist.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\vfs\System\sppcs.dll C:\Windows\System32\cmd.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\System\sppc.dll C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Logs\DISM\dism.log C:\Windows\System32\Dism.exe N/A
File opened for modification C:\Windows\Logs\DISM\dism.log C:\Windows\System32\Dism.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Windows\SystemTemp\temC005.tmp C:\Windows\system32\Clipup.exe N/A
File opened for modification C:\Windows\Logs\DISM\dism.log C:\Users\Admin\AppData\Local\Temp\BA2549D1-BB80-48DB-953B-5AA600DAFFD9\dismhost.exe N/A
File opened for modification C:\Windows\Logs\DISM\dism.log C:\Users\Admin\AppData\Local\Temp\BC1E8C57-6D12-4E19-82CD-C2505618D898\dismhost.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\Crashpad\metadata C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\Crashpad\settings.dat C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe N/A

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Network Configuration Discovery: Internet Connection Discovery

discovery
Description Indicator Process Target
N/A N/A C:\Windows\System32\cmd.exe N/A
N/A N/A C:\Windows\System32\PING.EXE N/A
N/A N/A C:\Windows\System32\cmd.exe N/A
N/A N/A C:\Windows\System32\PING.EXE N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\System32\clipup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Windows\system32\Clipup.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID C:\Windows\system32\Clipup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 C:\Windows\system32\Clipup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Windows\System32\clipup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 C:\Windows\System32\clipup.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs C:\Windows\System32\clipup.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs C:\Windows\system32\Clipup.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\system32\Clipup.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs C:\Windows\system32\Clipup.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID C:\Windows\System32\clipup.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs C:\Windows\System32\clipup.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key deleted \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Policies\0ff1ce15-a989-479d-af46-f275c6370663\85dd8b5f-eaa4-4af3-a628-cce9e77c9a03 C:\Windows\System32\reg.exe N/A
Key deleted \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Policies\0ff1ce15-a989-479d-af46-f275c6370663 C:\Windows\System32\reg.exe N/A
Key created \REGISTRY\USER\DEFTEMP-12688\Software\Microsoft\Office\16.0\Common\Licensing\Resiliency C:\Windows\System32\reg.exe N/A
Key created \REGISTRY\USER\DEFTEMP-12688\Software\Microsoft\Office C:\Windows\System32\reg.exe N/A
Key created \REGISTRY\USER\DEFTEMP-12688\Software\Microsoft\Office\16.0\Common\Licensing C:\Windows\System32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133759665667906092" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\DEFTEMP-12688\Software\Microsoft C:\Windows\System32\reg.exe N/A
Key created \REGISTRY\USER\DEFTEMP-12688\Software\Microsoft\Office\16.0\Common C:\Windows\System32\reg.exe N/A
Key created \REGISTRY\USER\DEFTEMP-12688 C:\Windows\System32\reg.exe N/A
Key created \REGISTRY\USER\DEFTEMP-12688\Software\Microsoft\Office\16.0 C:\Windows\System32\reg.exe N/A
Key created \REGISTRY\USER\DEFTEMP-12688\Software C:\Windows\System32\reg.exe N/A
Set value (str) \REGISTRY\USER\DEFTEMP-12688\Software\Microsoft\Office\16.0\Common\Licensing\Resiliency\TimeOfLastHeartbeatFailure = "2040-01-01T00:00:00Z" C:\Windows\System32\reg.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2584844841-1405471295-1760131749-1000\{02E0206E-8EA0-4F90-9ADB-319596EB4301} C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix C:\Windows\system32\BackgroundTransferHost.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\system32\BackgroundTransferHost.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\system32\BackgroundTransferHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\MuiCache C:\Windows\system32\BackgroundTransferHost.exe N/A

Modifies registry key

Description Indicator Process Target
N/A N/A C:\Windows\System32\reg.exe N/A
N/A N/A C:\Windows\System32\reg.exe N/A
N/A N/A C:\Windows\System32\reg.exe N/A
N/A N/A C:\Windows\System32\reg.exe N/A
N/A N/A C:\Windows\System32\reg.exe N/A
N/A N/A C:\Windows\System32\reg.exe N/A
N/A N/A C:\Windows\System32\reg.exe N/A
N/A N/A C:\Windows\System32\reg.exe N/A
N/A N/A C:\Windows\System32\reg.exe N/A
N/A N/A C:\Windows\System32\reg.exe N/A
N/A N/A C:\Windows\System32\reg.exe N/A
N/A N/A C:\Windows\System32\reg.exe N/A
N/A N/A C:\Windows\System32\reg.exe N/A
N/A N/A C:\Windows\System32\reg.exe N/A
N/A N/A C:\Windows\System32\reg.exe N/A
N/A N/A C:\Windows\System32\reg.exe N/A
N/A N/A C:\Windows\System32\reg.exe N/A
N/A N/A C:\Windows\System32\reg.exe N/A
N/A N/A C:\Windows\System32\reg.exe N/A
N/A N/A C:\Windows\System32\reg.exe N/A
N/A N/A C:\Windows\System32\reg.exe N/A
N/A N/A C:\Windows\System32\reg.exe N/A
N/A N/A C:\Windows\System32\reg.exe N/A
N/A N/A C:\Windows\System32\reg.exe N/A
N/A N/A C:\Windows\System32\reg.exe N/A
N/A N/A C:\Windows\System32\reg.exe N/A
N/A N/A C:\Windows\System32\reg.exe N/A
N/A N/A C:\Windows\System32\reg.exe N/A
N/A N/A C:\Windows\System32\reg.exe N/A
N/A N/A C:\Windows\System32\reg.exe N/A
N/A N/A C:\Windows\System32\reg.exe N/A
N/A N/A C:\Windows\System32\reg.exe N/A
N/A N/A C:\Windows\System32\reg.exe N/A
N/A N/A C:\Windows\System32\reg.exe N/A
N/A N/A C:\Windows\System32\reg.exe N/A
N/A N/A C:\Windows\System32\reg.exe N/A
N/A N/A C:\Windows\System32\reg.exe N/A
N/A N/A C:\Windows\System32\reg.exe N/A
N/A N/A C:\Windows\System32\reg.exe N/A
N/A N/A C:\Windows\System32\reg.exe N/A
N/A N/A C:\Windows\System32\reg.exe N/A
N/A N/A C:\Windows\System32\reg.exe N/A
N/A N/A C:\Windows\System32\reg.exe N/A
N/A N/A C:\Windows\System32\reg.exe N/A
N/A N/A C:\Windows\System32\reg.exe N/A
N/A N/A C:\Windows\System32\reg.exe N/A
N/A N/A C:\Windows\System32\reg.exe N/A
N/A N/A C:\Windows\System32\reg.exe N/A
N/A N/A C:\Windows\System32\reg.exe N/A
N/A N/A C:\Windows\System32\reg.exe N/A
N/A N/A C:\Windows\System32\reg.exe N/A
N/A N/A C:\Windows\System32\reg.exe N/A
N/A N/A C:\Windows\System32\reg.exe N/A
N/A N/A C:\Windows\System32\reg.exe N/A
N/A N/A C:\Windows\System32\reg.exe N/A
N/A N/A C:\Windows\System32\reg.exe N/A
N/A N/A C:\Windows\System32\reg.exe N/A
N/A N/A C:\Windows\System32\reg.exe N/A
N/A N/A C:\Windows\System32\reg.exe N/A
N/A N/A C:\Windows\System32\reg.exe N/A
N/A N/A C:\Windows\System32\reg.exe N/A
N/A N/A C:\Windows\System32\reg.exe N/A
N/A N/A C:\Windows\System32\reg.exe N/A
N/A N/A C:\Windows\System32\reg.exe N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\System32\PING.EXE N/A
N/A N/A C:\Windows\System32\PING.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1424 wrote to memory of 2424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1424 wrote to memory of 2424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1424 wrote to memory of 4820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1424 wrote to memory of 4820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1424 wrote to memory of 4820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1424 wrote to memory of 4820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1424 wrote to memory of 4820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1424 wrote to memory of 4820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1424 wrote to memory of 4820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1424 wrote to memory of 4820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1424 wrote to memory of 4820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1424 wrote to memory of 4820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1424 wrote to memory of 4820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1424 wrote to memory of 4820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1424 wrote to memory of 4820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1424 wrote to memory of 4820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1424 wrote to memory of 4820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1424 wrote to memory of 4820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1424 wrote to memory of 4820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1424 wrote to memory of 4820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1424 wrote to memory of 4820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1424 wrote to memory of 4820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1424 wrote to memory of 4820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1424 wrote to memory of 4820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1424 wrote to memory of 4820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1424 wrote to memory of 4820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1424 wrote to memory of 4820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1424 wrote to memory of 4820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1424 wrote to memory of 4820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1424 wrote to memory of 4820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1424 wrote to memory of 4820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1424 wrote to memory of 4820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1424 wrote to memory of 5020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1424 wrote to memory of 5020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1424 wrote to memory of 3180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1424 wrote to memory of 3180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1424 wrote to memory of 3180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1424 wrote to memory of 3180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1424 wrote to memory of 3180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1424 wrote to memory of 3180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1424 wrote to memory of 3180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1424 wrote to memory of 3180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1424 wrote to memory of 3180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1424 wrote to memory of 3180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1424 wrote to memory of 3180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1424 wrote to memory of 3180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1424 wrote to memory of 3180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1424 wrote to memory of 3180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1424 wrote to memory of 3180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1424 wrote to memory of 3180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1424 wrote to memory of 3180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1424 wrote to memory of 3180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1424 wrote to memory of 3180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1424 wrote to memory of 3180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1424 wrote to memory of 3180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1424 wrote to memory of 3180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1424 wrote to memory of 3180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1424 wrote to memory of 3180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1424 wrote to memory of 3180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1424 wrote to memory of 3180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1424 wrote to memory of 3180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1424 wrote to memory of 3180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1424 wrote to memory of 3180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1424 wrote to memory of 3180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\Screenshot Nov 7 2024 from Remove.bg (1).png"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb4e4acc40,0x7ffb4e4acc4c,0x7ffb4e4acc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1784,i,12864195415861464751,426918732824562425,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1780 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2116,i,12864195415861464751,426918732824562425,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2124 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2204,i,12864195415861464751,426918732824562425,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2180 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,12864195415861464751,426918732824562425,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3264 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3184,i,12864195415861464751,426918732824562425,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3304 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4448,i,12864195415861464751,426918732824562425,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4384 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4656,i,12864195415861464751,426918732824562425,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4652 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4612,i,12864195415861464751,426918732824562425,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4588 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4872,i,12864195415861464751,426918732824562425,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4812 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4580,i,12864195415861464751,426918732824562425,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4400 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4796,i,12864195415861464751,426918732824562425,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4648 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5212,i,12864195415861464751,426918732824562425,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4876 /prefetch:8

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"

C:\Windows\system32\BackgroundTransferHost.exe

"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe" /c ""C:\Windows\Temp\MAS_7faedfbd-33d9-4432-a020-e7f1421cbfc1.cmd" "

C:\Windows\System32\sc.exe

sc query Null

C:\Windows\System32\find.exe

find /i "RUNNING"

C:\Windows\System32\findstr.exe

findstr /v "$" "MAS_7faedfbd-33d9-4432-a020-e7f1421cbfc1.cmd"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c ver

C:\Windows\System32\reg.exe

reg query "HKCU\Console" /v ForceV2

C:\Windows\System32\find.exe

find /i "0x0"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo "AMD64 " "

C:\Windows\System32\find.exe

find /i "ARM64"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c echo prompt $E | cmd

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo prompt $E "

C:\Windows\System32\cmd.exe

cmd

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo "C:\Windows\Temp\MAS_7faedfbd-33d9-4432-a020-e7f1421cbfc1.cmd" "

C:\Windows\System32\find.exe

find /i "C:\Users\Admin\AppData\Local\Temp"

C:\Windows\System32\cmd.exe

cmd /c "powershell.exe "$f=[io.file]::ReadAllText('C:\Windows\Temp\MAS_7faedfbd-33d9-4432-a020-e7f1421cbfc1.cmd') -split ':PowerShellTest:\s*';iex ($f[1])""

C:\Windows\System32\find.exe

find /i "FullLanguage"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe "$f=[io.file]::ReadAllText('C:\Windows\Temp\MAS_7faedfbd-33d9-4432-a020-e7f1421cbfc1.cmd') -split ':PowerShellTest:\s*';iex ($f[1])"

C:\Windows\System32\fltMC.exe

fltmc

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe "$TB = [AppDomain]::CurrentDomain.DefineDynamicAssembly(4, 1).DefineDynamicModule(2, $False).DefineType(0); [void]$TB.DefinePInvokeMethod('GetConsoleWindow', 'kernel32.dll', 22, 1, [IntPtr], @(), 1, 3).SetImplementationFlags(128); [void]$TB.DefinePInvokeMethod('SendMessageW', 'user32.dll', 22, 1, [IntPtr], @([IntPtr], [UInt32], [IntPtr], [IntPtr]), 1, 3).SetImplementationFlags(128); $hIcon = $TB.CreateType(); $hWnd = $hIcon::GetConsoleWindow(); echo $($hIcon::SendMessageW($hWnd, 127, 0, 0) -ne [IntPtr]::Zero);"

C:\Windows\System32\find.exe

find /i "True"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe "$t=[AppDomain]::CurrentDomain.DefineDynamicAssembly(4, 1).DefineDynamicModule(2, $False).DefineType(0); $t.DefinePInvokeMethod('GetStdHandle', 'kernel32.dll', 22, 1, [IntPtr], @([Int32]), 1, 3).SetImplementationFlags(128); $t.DefinePInvokeMethod('SetConsoleMode', 'kernel32.dll', 22, 1, [Boolean], @([IntPtr], [Int32]), 1, 3).SetImplementationFlags(128); $k=$t.CreateType(); $b=$k::SetConsoleMode($k::GetStdHandle(-10), 0x0080); & cmd.exe '/c' '"""C:\Windows\Temp\MAS_7faedfbd-33d9-4432-a020-e7f1421cbfc1.cmd""" -el -qedit'"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""C:\Windows\Temp\MAS_7faedfbd-33d9-4432-a020-e7f1421cbfc1.cmd" -el -qedit"

C:\Windows\System32\sc.exe

sc query Null

C:\Windows\System32\find.exe

find /i "RUNNING"

C:\Windows\System32\findstr.exe

findstr /v "$" "MAS_7faedfbd-33d9-4432-a020-e7f1421cbfc1.cmd"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo "-el -qedit" "

C:\Windows\System32\find.exe

find /i "/"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c ver

C:\Windows\System32\reg.exe

reg query "HKCU\Console" /v ForceV2

C:\Windows\System32\find.exe

find /i "0x0"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo "AMD64 " "

C:\Windows\System32\find.exe

find /i "ARM64"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c echo prompt $E | cmd

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo prompt $E "

C:\Windows\System32\cmd.exe

cmd

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo "C:\Windows\Temp\MAS_7faedfbd-33d9-4432-a020-e7f1421cbfc1.cmd" "

C:\Windows\System32\find.exe

find /i "C:\Users\Admin\AppData\Local\Temp"

C:\Windows\System32\cmd.exe

cmd /c "powershell.exe "$f=[io.file]::ReadAllText('C:\Windows\Temp\MAS_7faedfbd-33d9-4432-a020-e7f1421cbfc1.cmd') -split ':PowerShellTest:\s*';iex ($f[1])""

C:\Windows\System32\find.exe

find /i "FullLanguage"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe "$f=[io.file]::ReadAllText('C:\Windows\Temp\MAS_7faedfbd-33d9-4432-a020-e7f1421cbfc1.cmd') -split ':PowerShellTest:\s*';iex ($f[1])"

C:\Windows\System32\fltMC.exe

fltmc

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe "$TB = [AppDomain]::CurrentDomain.DefineDynamicAssembly(4, 1).DefineDynamicModule(2, $False).DefineType(0); [void]$TB.DefinePInvokeMethod('GetConsoleWindow', 'kernel32.dll', 22, 1, [IntPtr], @(), 1, 3).SetImplementationFlags(128); [void]$TB.DefinePInvokeMethod('SendMessageW', 'user32.dll', 22, 1, [IntPtr], @([IntPtr], [UInt32], [IntPtr], [IntPtr]), 1, 3).SetImplementationFlags(128); $hIcon = $TB.CreateType(); $hWnd = $hIcon::GetConsoleWindow(); echo $($hIcon::SendMessageW($hWnd, 127, 0, 0) -ne [IntPtr]::Zero);"

C:\Windows\System32\find.exe

find /i "True"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c ping -4 -n 1 updatecheck.massgrave.dev

C:\Windows\System32\PING.EXE

ping -4 -n 1 updatecheck.massgrave.dev

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo "127.69.2.8" "

C:\Windows\System32\find.exe

find "127.69"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo "127.69.2.8" "

C:\Windows\System32\find.exe

find "127.69.2.8"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo "-el -qedit" "

C:\Windows\System32\find.exe

find /i "/S"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo "-el -qedit" "

C:\Windows\System32\find.exe

find /i "/"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" /v Desktop

C:\Windows\System32\reg.exe

reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" /v Desktop

C:\Windows\System32\mode.com

mode 76, 33

C:\Windows\System32\choice.exe

choice /C:123456789H0 /N

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5368,i,12864195415861464751,426918732824562425,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2252 /prefetch:8

C:\Windows\System32\mode.com

mode 110, 34

C:\Windows\System32\reg.exe

reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\taskcache\tasks" /f Path /s

C:\Windows\System32\find.exe

find /i "AutoPico"

C:\Windows\System32\find.exe

find /i "avira.com" C:\Windows\System32\drivers\etc\hosts

C:\Windows\System32\find.exe

find /i "kaspersky.com" C:\Windows\System32\drivers\etc\hosts

C:\Windows\System32\find.exe

find /i "virustotal.com" C:\Windows\System32\drivers\etc\hosts

C:\Windows\System32\find.exe

find /i "mcafee.com" C:\Windows\System32\drivers\etc\hosts

C:\Windows\System32\sc.exe

sc start sppsvc

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo "1056" "

C:\Windows\System32\findstr.exe

findstr "577 225"

C:\Windows\System32\cmd.exe

cmd /c "wmic path Win32_ComputerSystem get CreationClassName /value"

C:\Windows\System32\find.exe

find /i "computersystem"

C:\Windows\System32\Wbem\WMIC.exe

wmic path Win32_ComputerSystem get CreationClassName /value

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c "powershell.exe $AssemblyBuilder = [AppDomain]::CurrentDomain.DefineDynamicAssembly(4, 1); $ModuleBuilder = $AssemblyBuilder.DefineDynamicModule(2, $False); $TypeBuilder = $ModuleBuilder.DefineType(0); [void]$TypeBuilder.DefinePInvokeMethod('SLGetWindowsInformationDWORD', 'slc.dll', 'Public, Static', 1, [int], @([String], [int].MakeByRefType()), 1, 3); $Sku = 0; [void]$TypeBuilder.CreateType()::SLGetWindowsInformationDWORD('Kernel-BrandingInfo', [ref]$Sku); $Sku"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe $AssemblyBuilder = [AppDomain]::CurrentDomain.DefineDynamicAssembly(4, 1); $ModuleBuilder = $AssemblyBuilder.DefineDynamicModule(2, $False); $TypeBuilder = $ModuleBuilder.DefineType(0); [void]$TypeBuilder.DefinePInvokeMethod('SLGetWindowsInformationDWORD', 'slc.dll', 'Public, Static', 1, [int], @([String], [int].MakeByRefType()), 1, 3); $Sku = 0; [void]$TypeBuilder.CreateType()::SLGetWindowsInformationDWORD('Kernel-BrandingInfo', [ref]$Sku); $Sku

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c reg query "HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions" /v OSProductPfn 2>nul

C:\Windows\System32\reg.exe

reg query "HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions" /v OSProductPfn

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c "wmic Path Win32_OperatingSystem Get OperatingSystemSKU /format:LIST" 2>nul

C:\Windows\System32\Wbem\WMIC.exe

wmic Path Win32_OperatingSystem Get OperatingSystemSKU /format:LIST

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe "$f=[io.file]::ReadAllText('C:\Windows\Temp\MAS_7faedfbd-33d9-4432-a020-e7f1421cbfc1.cmd') -split ':winsubstatus\:.*';iex ($f[1])"

C:\Windows\System32\find.exe

find /i "Subscription_is_activated"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c "powershell.exe $AssemblyBuilder = [AppDomain]::CurrentDomain.DefineDynamicAssembly(4, 1); $ModuleBuilder = $AssemblyBuilder.DefineDynamicModule(2, $False); $TypeBuilder = $ModuleBuilder.DefineType(0); $meth = $TypeBuilder.DefinePInvokeMethod('BrandingFormatString', 'winbrand.dll', 'Public, Static', 1, [String], @([String]), 1, 3); $meth.SetImplementationFlags(128); $TypeBuilder.CreateType()::BrandingFormatString('%WINDOWS_LONG%')"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe $AssemblyBuilder = [AppDomain]::CurrentDomain.DefineDynamicAssembly(4, 1); $ModuleBuilder = $AssemblyBuilder.DefineDynamicModule(2, $False); $TypeBuilder = $ModuleBuilder.DefineType(0); $meth = $TypeBuilder.DefinePInvokeMethod('BrandingFormatString', 'winbrand.dll', 'Public, Static', 1, [String], @([String]), 1, 3); $meth.SetImplementationFlags(128); $TypeBuilder.CreateType()::BrandingFormatString('%WINDOWS_LONG%')

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo "Windows 11 Pro" "

C:\Windows\System32\find.exe

find /i "Windows"

C:\Windows\System32\sc.exe

sc start sppsvc

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe "$job = Start-Job { (Get-WmiObject -Query 'SELECT * FROM SoftwareLicensingService').Version }; if (-not (Wait-Job $job -Timeout 30)) {write-host 'sppsvc is not working correctly. Help - https://massgrave.dev/troubleshoot'}"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile

C:\Windows\System32\Wbem\WMIC.exe

wmic path SoftwareLicensingProduct where (LicenseStatus='1' and GracePeriodRemaining='0' and PartialProductKey is not NULL AND LicenseDependsOn is NULL) get Name /value

C:\Windows\System32\findstr.exe

findstr /i "Windows"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c reg query "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment" /v PROCESSOR_ARCHITECTURE

C:\Windows\System32\reg.exe

reg query "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment" /v PROCESSOR_ARCHITECTURE

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c ver

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c ping -n 1 l.root-servers.net

C:\Windows\System32\PING.EXE

ping -n 1 l.root-servers.net

C:\Windows\System32\reg.exe

reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\taskcache\tasks" /f Path /s

C:\Windows\System32\find.exe

find /i "AutoPico"

C:\Windows\System32\find.exe

find /i "avira.com" C:\Windows\System32\drivers\etc\hosts

C:\Windows\System32\find.exe

find /i "kaspersky.com" C:\Windows\System32\drivers\etc\hosts

C:\Windows\System32\find.exe

find /i "virustotal.com" C:\Windows\System32\drivers\etc\hosts

C:\Windows\System32\find.exe

find /i "mcafee.com" C:\Windows\System32\drivers\etc\hosts

C:\Windows\System32\sc.exe

sc start sppsvc

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo "1056" "

C:\Windows\System32\findstr.exe

findstr "577 225"

C:\Windows\System32\sc.exe

sc query Null

C:\Windows\System32\sc.exe

sc start ClipSVC

C:\Windows\System32\sc.exe

sc query ClipSVC

C:\Windows\System32\reg.exe

reg query HKLM\SYSTEM\CurrentControlSet\Services\ClipSVC /v DependOnService

C:\Windows\System32\reg.exe

reg query HKLM\SYSTEM\CurrentControlSet\Services\ClipSVC /v Description

C:\Windows\System32\reg.exe

reg query HKLM\SYSTEM\CurrentControlSet\Services\ClipSVC /v DisplayName

C:\Windows\System32\reg.exe

reg query HKLM\SYSTEM\CurrentControlSet\Services\ClipSVC /v ErrorControl

C:\Windows\System32\reg.exe

reg query HKLM\SYSTEM\CurrentControlSet\Services\ClipSVC /v ImagePath

C:\Windows\System32\reg.exe

reg query HKLM\SYSTEM\CurrentControlSet\Services\ClipSVC /v ObjectName

C:\Windows\System32\reg.exe

reg query HKLM\SYSTEM\CurrentControlSet\Services\ClipSVC /v Start

C:\Windows\System32\reg.exe

reg query HKLM\SYSTEM\CurrentControlSet\Services\ClipSVC /v Type

C:\Windows\System32\sc.exe

sc start wlidsvc

C:\Windows\System32\sc.exe

sc query wlidsvc

C:\Windows\System32\reg.exe

reg query HKLM\SYSTEM\CurrentControlSet\Services\wlidsvc /v DependOnService

C:\Windows\System32\reg.exe

reg query HKLM\SYSTEM\CurrentControlSet\Services\wlidsvc /v Description

C:\Windows\System32\reg.exe

reg query HKLM\SYSTEM\CurrentControlSet\Services\wlidsvc /v DisplayName

C:\Windows\System32\reg.exe

reg query HKLM\SYSTEM\CurrentControlSet\Services\wlidsvc /v ErrorControl

C:\Windows\System32\reg.exe

reg query HKLM\SYSTEM\CurrentControlSet\Services\wlidsvc /v ImagePath

C:\Windows\System32\reg.exe

reg query HKLM\SYSTEM\CurrentControlSet\Services\wlidsvc /v ObjectName

C:\Windows\System32\reg.exe

reg query HKLM\SYSTEM\CurrentControlSet\Services\wlidsvc /v Start

C:\Windows\System32\reg.exe

reg query HKLM\SYSTEM\CurrentControlSet\Services\wlidsvc /v Type

C:\Windows\System32\sc.exe

sc start sppsvc

C:\Windows\System32\sc.exe

sc query sppsvc

C:\Windows\System32\reg.exe

reg query HKLM\SYSTEM\CurrentControlSet\Services\sppsvc /v DependOnService

C:\Windows\System32\reg.exe

reg query HKLM\SYSTEM\CurrentControlSet\Services\sppsvc /v Description

C:\Windows\System32\reg.exe

reg query HKLM\SYSTEM\CurrentControlSet\Services\sppsvc /v DisplayName

C:\Windows\System32\reg.exe

reg query HKLM\SYSTEM\CurrentControlSet\Services\sppsvc /v ErrorControl

C:\Windows\System32\reg.exe

reg query HKLM\SYSTEM\CurrentControlSet\Services\sppsvc /v ImagePath

C:\Windows\System32\reg.exe

reg query HKLM\SYSTEM\CurrentControlSet\Services\sppsvc /v ObjectName

C:\Windows\System32\reg.exe

reg query HKLM\SYSTEM\CurrentControlSet\Services\sppsvc /v Start

C:\Windows\System32\reg.exe

reg query HKLM\SYSTEM\CurrentControlSet\Services\sppsvc /v Type

C:\Windows\System32\sc.exe

sc start KeyIso

C:\Windows\System32\sc.exe

sc query KeyIso

C:\Windows\System32\reg.exe

reg query HKLM\SYSTEM\CurrentControlSet\Services\KeyIso /v DependOnService

C:\Windows\System32\reg.exe

reg query HKLM\SYSTEM\CurrentControlSet\Services\KeyIso /v Description

C:\Windows\System32\reg.exe

reg query HKLM\SYSTEM\CurrentControlSet\Services\KeyIso /v DisplayName

C:\Windows\System32\reg.exe

reg query HKLM\SYSTEM\CurrentControlSet\Services\KeyIso /v ErrorControl

C:\Windows\System32\reg.exe

reg query HKLM\SYSTEM\CurrentControlSet\Services\KeyIso /v ImagePath

C:\Windows\System32\reg.exe

reg query HKLM\SYSTEM\CurrentControlSet\Services\KeyIso /v ObjectName

C:\Windows\System32\reg.exe

reg query HKLM\SYSTEM\CurrentControlSet\Services\KeyIso /v Start

C:\Windows\System32\reg.exe

reg query HKLM\SYSTEM\CurrentControlSet\Services\KeyIso /v Type

C:\Windows\System32\sc.exe

sc start LicenseManager

C:\Windows\System32\sc.exe

sc query LicenseManager

C:\Windows\System32\reg.exe

reg query HKLM\SYSTEM\CurrentControlSet\Services\LicenseManager /v DependOnService

C:\Windows\System32\reg.exe

reg query HKLM\SYSTEM\CurrentControlSet\Services\LicenseManager /v Description

C:\Windows\System32\reg.exe

reg query HKLM\SYSTEM\CurrentControlSet\Services\LicenseManager /v DisplayName

C:\Windows\System32\reg.exe

reg query HKLM\SYSTEM\CurrentControlSet\Services\LicenseManager /v ErrorControl

C:\Windows\System32\reg.exe

reg query HKLM\SYSTEM\CurrentControlSet\Services\LicenseManager /v ImagePath

C:\Windows\System32\reg.exe

reg query HKLM\SYSTEM\CurrentControlSet\Services\LicenseManager /v ObjectName

C:\Windows\System32\reg.exe

reg query HKLM\SYSTEM\CurrentControlSet\Services\LicenseManager /v Start

C:\Windows\System32\reg.exe

reg query HKLM\SYSTEM\CurrentControlSet\Services\LicenseManager /v Type

C:\Windows\System32\sc.exe

sc start Winmgmt

C:\Windows\System32\sc.exe

sc query Winmgmt

C:\Windows\System32\reg.exe

reg query HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt /v DependOnService

C:\Windows\System32\reg.exe

reg query HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt /v Description

C:\Windows\System32\reg.exe

reg query HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt /v DisplayName

C:\Windows\System32\reg.exe

reg query HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt /v ErrorControl

C:\Windows\System32\reg.exe

reg query HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt /v ImagePath

C:\Windows\System32\reg.exe

reg query HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt /v ObjectName

C:\Windows\System32\reg.exe

reg query HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt /v Start

C:\Windows\System32\reg.exe

reg query HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt /v Type

C:\Windows\System32\sc.exe

sc start ClipSVC

C:\Windows\System32\sc.exe

sc start wlidsvc

C:\Windows\System32\sc.exe

sc start sppsvc

C:\Windows\System32\sc.exe

sc start KeyIso

C:\Windows\System32\sc.exe

sc start LicenseManager

C:\Windows\System32\sc.exe

sc start Winmgmt

C:\Windows\System32\sc.exe

sc query ClipSVC

C:\Windows\System32\find.exe

find /i "RUNNING"

C:\Windows\System32\sc.exe

sc start ClipSVC

C:\Windows\System32\sc.exe

sc query wlidsvc

C:\Windows\System32\find.exe

find /i "RUNNING"

C:\Windows\System32\sc.exe

sc start wlidsvc

C:\Windows\System32\sc.exe

sc query sppsvc

C:\Windows\System32\find.exe

find /i "RUNNING"

C:\Windows\System32\sc.exe

sc start sppsvc

C:\Windows\System32\sc.exe

sc query KeyIso

C:\Windows\System32\find.exe

find /i "RUNNING"

C:\Windows\System32\sc.exe

sc start KeyIso

C:\Windows\System32\sc.exe

sc query LicenseManager

C:\Windows\System32\find.exe

find /i "RUNNING"

C:\Windows\System32\sc.exe

sc start LicenseManager

C:\Windows\System32\sc.exe

sc query Winmgmt

C:\Windows\System32\find.exe

find /i "RUNNING"

C:\Windows\System32\sc.exe

sc start Winmgmt

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\State" /v ImageState

C:\Windows\System32\reg.exe

reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\State" /v ImageState

C:\Windows\System32\reg.exe

reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinPE" /v InstRoot

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c powershell.exe "$f=[io.file]::ReadAllText('C:\Windows\Temp\MAS_7faedfbd-33d9-4432-a020-e7f1421cbfc1.cmd') -split ':wpatest\:.*';iex ($f[1])" 2>nul

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe "$f=[io.file]::ReadAllText('C:\Windows\Temp\MAS_7faedfbd-33d9-4432-a020-e7f1421cbfc1.cmd') -split ':wpatest\:.*';iex ($f[1])"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo "11" "

C:\Windows\System32\find.exe

find /i "Error Found"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c "wmic path SoftwareLicensingProduct where (ApplicationID='55c92734-d682-4d71-983e-d6ec3f16059f' AND LicenseDependsOn is NULL AND PartialProductKey IS NOT NULL) get LicenseFamily /VALUE" 2>nul

C:\Windows\System32\Wbem\WMIC.exe

wmic path SoftwareLicensingProduct where (ApplicationID='55c92734-d682-4d71-983e-d6ec3f16059f' AND LicenseDependsOn is NULL AND PartialProductKey IS NOT NULL) get LicenseFamily /VALUE

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe "try { $null=([WMISEARCHER]'SELECT * FROM SoftwareLicensingService').Get().Version; exit 0 } catch { exit $_.Exception.InnerException.HResult }"

C:\Windows\System32\cmd.exe

cmd /c exit /b 0

C:\Windows\System32\Wbem\WMIC.exe

wmic path Win32_ComputerSystem get CreationClassName /value

C:\Windows\System32\find.exe

find /i "computersystem"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo "0" "

C:\Windows\System32\findstr.exe

findstr /i "0x800410 0x800440 0x80131501"

C:\Windows\System32\reg.exe

reg query "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\PersistedTSReArmed"

C:\Windows\System32\reg.exe

reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ClipSVC\Volatile\PersistedSystemState"

C:\Windows\System32\reg.exe

reg query "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion"

C:\Windows\System32\reg.exe

reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe"

C:\Windows\System32\reg.exe

reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sppsvc.exe"

C:\Windows\System32\reg.exe

reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sppsvc.exe\PerfOptions"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" /v "SkipRearm" 2>nul

C:\Windows\System32\reg.exe

reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" /v "SkipRearm"

C:\Windows\System32\reg.exe

reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Plugins\Objects\msft:rm/algorithm/hwid/4.0" /f ba02fed39662 /d

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" /v TokenStore 2>nul

C:\Windows\System32\reg.exe

reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" /v TokenStore

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c "wmic path SoftwareLicensingProduct where (ApplicationID='55c92734-d682-4d71-983e-d6ec3f16059f' and PartialProductKey is not null) get ID /VALUE" 2>nul

C:\Windows\System32\Wbem\WMIC.exe

wmic path SoftwareLicensingProduct where (ApplicationID='55c92734-d682-4d71-983e-d6ec3f16059f' and PartialProductKey is not null) get ID /VALUE

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c powershell.exe "(Get-ScheduledTask -TaskName 'SvcRestartTask' -TaskPath '\Microsoft\Windows\SoftwareProtectionPlatform\').State" 2>nul

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe "(Get-ScheduledTask -TaskName 'SvcRestartTask' -TaskPath '\Microsoft\Windows\SoftwareProtectionPlatform\').State"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo "

C:\Windows\System32\find.exe

find /i "Ready"

C:\Windows\System32\reg.exe

reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" /v "actionlist" /f

C:\Windows\System32\reg.exe

reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe "$acl = (Get-Acl 'C:\Windows\System32\spp\store\2.0' | fl | Out-String); if (-not ($acl -match 'NT SERVICE\\sppsvc Allow FullControl') -or ($acl -match 'NT SERVICE\\sppsvc Deny')) {Exit 2}"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe "$acl = (Get-Acl 'HKLM:\SYSTEM\WPA' | fl | Out-String); if (-not ($acl -match 'NT SERVICE\\sppsvc Allow QueryValues, EnumerateSubKeys, WriteKey') -or ($acl -match 'NT SERVICE\\sppsvc Deny')) {Exit 2}"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe "$acl = (Get-Acl 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' | fl | Out-String); if (-not ($acl -match 'NT SERVICE\\sppsvc Allow SetValue') -or ($acl -match 'NT SERVICE\\sppsvc Deny')) {Exit 2}"

C:\Windows\System32\reg.exe

reg query "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion"

C:\Windows\System32\reg.exe

reg query "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Policies"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe "$netServ = (New-Object Security.Principal.SecurityIdentifier('S-1-5-20')).Translate([Security.Principal.NTAccount]).Value; $aclString = Get-Acl 'Registry::HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Policies' | Format-List | Out-String; if (-not ($aclString.Contains($netServ + ' Allow FullControl') -or $aclString.Contains('NT SERVICE\sppsvc Allow FullControl')) -or ($aclString.Contains('Deny'))) {Exit 3}"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c "wmic path SoftwareLicensingProduct where (ApplicationID='55c92734-d682-4d71-983e-d6ec3f16059f') get ID /VALUE" 2>nul

C:\Windows\System32\Wbem\WMIC.exe

wmic path SoftwareLicensingProduct where (ApplicationID='55c92734-d682-4d71-983e-d6ec3f16059f') get ID /VALUE

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo "040fa323-92b1-4baf-97a2-5b67feaefddb 0724cb7d-3437-4cb7-93cb-830375d0079d 0ad2ac98-7bb9-4201-8d92-312299201369 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5 221a02da-e2a1-4b75-864c-0a4410a33fdf 291ece0e-9c38-40ca-a9e1-32cc7ec19507 2936d1d2-913a-4542-b54e-ce5a602a2a38 2c293c26-a45a-4a2a-a350-c69a67097529 2de67392-b7a7-462a-b1ca-108dd189f588 2ffd8952-423e-4903-b993-72a1aa44cf82 30a42c86-b7a0-4a34-8c90-ff177cb2acb7 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf 3502365a-f88a-4ba4-822a-5769d3073b65 377333b1-8b5d-48d6-9679-1225c872d37c 3df374ef-d444-4494-a5a1-4b0d9fd0e203 3f1afc82-f8ac-4f6c-8005-1d233e606eee 49cd895b-53b2-4dc4-a5f7-b18aa019ad37 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c 4f3da0d2-271d-4508-ae81-626b60809a38 5d78c4e9-aeb3-4b40-8ac2-6a6005e0ad6d 60b3ec1b-9545-4921-821f-311b129dd6f6 613d217f-7f13-4268-9907-1662339531cd 62f0c100-9c53-4e02-b886-a3528ddfe7f6 6365275e-368d-46ca-a0ef-fc0404119333 721f9237-9341-4453-a661-09e8baa6cca5 73111121-5638-40f6-bc11-f1d7b0d64300 7a802526-4c94-4bd1-ba14-835a1aca2120 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69 82bbc092-bc50-4e16-8e18-b74fc486aec3 8ab9bdd1-1f67-4997-82d9-8878520837d9 8b351c9c-f398-4515-9900-09df49427262 90da7373-1c51-430b-bf26-c97e9c5cdc31 92fb8726-92a8-4ffc-94ce-f82e07444653 95dca82f-385d-4d39-b85b-5c73fa285d6f a48938aa-62fa-4966-9d44-9f04da3f72f2 b0773a15-df3a-4312-9ad2-83d69648e356 b4bfe195-541e-4e64-ad23-6177f19e395e b68e61d2-68ca-4757-be45-0cc2f3e68eee bd3762d7-270d-4760-8fb3-d829ca45278a c86d5194-4840-4dae-9c1c-0301003a5ab0 ca7df2e3-5ea0-47b8-9ac1-b1be4d8edd69 d552befb-48cc-4327-8f39-47d2d94f987c d6eadb3b-5ca8-4a6b-986e-35b550756111 df96023b-dcd9-4be2-afa0-c6c871159ebe e0c42288-980c-4788-a014-c080d2e1926e e4db50ea-bda1-4566-b047-0ca50abc6f07 e558417a-5123-4f6f-91e7-385c1c7ca9d4 e7a950a2-e548-4f10-bf16-02ec848e0643 eb6d346f-1c60-4643-b960-40ec31596c45 ec868e65-fadf-4759-b23e-93fe37f2cc29 ef51e000-2659-4f25-8345-3de70a9cf4c4 f7af7d09-40e4-419c-a49b-eae366689ebd fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab fe74f55b-0338-41d6-b267-4a201abe7285 " "

C:\Windows\System32\find.exe

find /i "4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c"

C:\Windows\System32\Wbem\WMIC.exe

wmic path SoftwareLicensingService where __CLASS='SoftwareLicensingService' call InstallProductKey ProductKey="VK7JG-NPHTM-C97JM-9MPGT-3V66T"

C:\Windows\System32\cmd.exe

cmd /c exit /b 0

C:\Windows\System32\Wbem\WMIC.exe

wmic path SoftwareLicensingService where __CLASS='SoftwareLicensingService' call RefreshLicenseStatus

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c reg query "HKCU\Control Panel\International\Geo" /v Name 2>nul

C:\Windows\System32\reg.exe

reg query "HKCU\Control Panel\International\Geo" /v Name

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c reg query "HKCU\Control Panel\International\Geo" /v Nation 2>nul

C:\Windows\System32\reg.exe

reg query "HKCU\Control Panel\International\Geo" /v Nation

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c powershell.exe [convert]::ToBase64String([Text.Encoding]::Unicode.GetBytes("""OSMajorVersion=5;OSMinorVersion=1;OSPlatformId=2;PP=0;Pfn=Microsoft.Windows.48.X19-98841_8wekyb3d8bbwe;PKeyIID=465145217131314304264339481117862266242033457260311819664735280;$([char]0)"""))

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe [convert]::ToBase64String([Text.Encoding]::Unicode.GetBytes("""OSMajorVersion=5;OSMinorVersion=1;OSPlatformId=2;PP=0;Pfn=Microsoft.Windows.48.X19-98841_8wekyb3d8bbwe;PKeyIID=465145217131314304264339481117862266242033457260311819664735280;$([char]0)"""))

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo "TwBTAE0AYQBqAG8AcgBWAGUAcgBzAGkAbwBuAD0ANQA7AE8AUwBNAGkAbgBvAHIAVgBlAHIAcwBpAG8AbgA9ADEAOwBPAFMAUABsAGEAdABmAG8AcgBtAEkAZAA9ADIAOwBQAFAAPQAwADsAUABmAG4APQBNAGkAYwByAG8AcwBvAGYAdAAuAFcAaQBuAGQAbwB3AHMALgA0ADgALgBYADEAOQAtADkAOAA4ADQAMQBfADgAdwBlAGsAeQBiADMAZAA4AGIAYgB3AGUAOwBQAEsAZQB5AEkASQBEAD0ANAA2ADUAMQA0ADUAMgAxADcAMQAzADEAMwAxADQAMwAwADQAMgA2ADQAMwAzADkANAA4ADEAMQAxADcAOAA2ADIAMgA2ADYAMgA0ADIAMAAzADMANAA1ADcAMgA2ADAAMwAxADEAOAAxADkANgA2ADQANwAzADUAMgA4ADAAOwAAAA==" "

C:\Windows\System32\find.exe

find "AAAA"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe "Start-Job { Restart-Service ClipSVC } | Wait-Job -Timeout 20 | Out-Null"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile

C:\Windows\system32\Clipup.exe

"C:\Windows\system32\Clipup.exe" -o

C:\Windows\system32\Clipup.exe

"C:\Windows\system32\Clipup.exe" -o -ppl C:\Windows\SystemTemp\temC005.tmp

C:\Windows\System32\ClipUp.exe

clipup -v -o

C:\Windows\System32\clipup.exe

clipup -v -o -ppl C:\Users\Admin\AppData\Local\Temp\temC758.tmp

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c "powershell.exe $AssemblyBuilder = [AppDomain]::CurrentDomain.DefineDynamicAssembly(4, 1); $ModuleBuilder = $AssemblyBuilder.DefineDynamicModule(2, $False); $TypeBuilder = $ModuleBuilder.DefineType(0); $meth = $TypeBuilder.DefinePInvokeMethod('BrandingFormatString', 'winbrand.dll', 'Public, Static', 1, [String], @([String]), 1, 3); $meth.SetImplementationFlags(128); $TypeBuilder.CreateType()::BrandingFormatString('%WINDOWS_LONG%')"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe $AssemblyBuilder = [AppDomain]::CurrentDomain.DefineDynamicAssembly(4, 1); $ModuleBuilder = $AssemblyBuilder.DefineDynamicModule(2, $False); $TypeBuilder = $ModuleBuilder.DefineType(0); $meth = $TypeBuilder.DefinePInvokeMethod('BrandingFormatString', 'winbrand.dll', 'Public, Static', 1, [String], @([String]), 1, 3); $meth.SetImplementationFlags(128); $TypeBuilder.CreateType()::BrandingFormatString('%WINDOWS_LONG%')

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo "Windows 11 Pro" "

C:\Windows\System32\find.exe

find /i "Windows"

C:\Windows\System32\Wbem\WMIC.exe

wmic path SoftwareLicensingProduct where "ApplicationID='55c92734-d682-4d71-983e-d6ec3f16059f' AND PartialProductKey IS NOT NULL AND LicenseDependsOn is NULL" call Activate

C:\Windows\System32\cmd.exe

cmd /c exit /b 0

C:\Windows\System32\Wbem\WMIC.exe

wmic path SoftwareLicensingProduct where (LicenseStatus='1' and GracePeriodRemaining='0' and PartialProductKey is not NULL AND LicenseDependsOn is NULL) get Name /value

C:\Windows\System32\findstr.exe

findstr /i "Windows"

C:\Windows\System32\reg.exe

reg delete "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\PersistedSystemState" /v "State" /f

C:\Windows\System32\reg.exe

reg delete "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\PersistedSystemState" /v "SuppressRulesEngine" /f

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe "Start-Job { Stop-Service sppsvc -force } | Wait-Job -Timeout 20 | Out-Null; $TB = [AppDomain]::CurrentDomain.DefineDynamicAssembly(4, 1).DefineDynamicModule(2, $False).DefineType(0); [void]$TB.DefinePInvokeMethod('SLpTriggerServiceWorker', 'sppc.dll', 22, 1, [Int32], @([UInt32], [IntPtr], [String], [UInt32]), 1, 3); [void]$TB.CreateType()::SLpTriggerServiceWorker(0, 0, 'reeval', 0)"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile

C:\Windows\System32\mode.com

mode 76, 33

C:\Windows\System32\choice.exe

choice /C:123456789H0 /N

C:\Windows\System32\mode.com

mode 98, 30

C:\Windows\System32\cmd.exe

cmd /c "wmic path Win32_ComputerSystem get CreationClassName /value"

C:\Windows\System32\find.exe

find /i "computersystem"

C:\Windows\System32\Wbem\WMIC.exe

wmic path Win32_ComputerSystem get CreationClassName /value

C:\Windows\System32\sc.exe

sc start sppsvc

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe "$job = Start-Job { (Get-WmiObject -Query 'SELECT * FROM SoftwareLicensingService').Version }; if (-not (Wait-Job $job -Timeout 30)) {write-host 'sppsvc is not working correctly. Help - https://massgrave.dev/troubleshoot'}"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c ver

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c "wmic path SoftwareLicensingProduct where (ApplicationID='55c92734-d682-4d71-983e-d6ec3f16059f' and PartialProductKey is not null) get ID /VALUE" 2>nul

C:\Windows\System32\Wbem\WMIC.exe

wmic path SoftwareLicensingProduct where (ApplicationID='55c92734-d682-4d71-983e-d6ec3f16059f' and PartialProductKey is not null) get ID /VALUE

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c DISM /English /Online /Get-CurrentEdition 2>nul | find /i "Current Edition :"

C:\Windows\System32\Dism.exe

DISM /English /Online /Get-CurrentEdition

C:\Windows\System32\find.exe

find /i "Current Edition :"

C:\Users\Admin\AppData\Local\Temp\BA2549D1-BB80-48DB-953B-5AA600DAFFD9\dismhost.exe

C:\Users\Admin\AppData\Local\Temp\BA2549D1-BB80-48DB-953B-5AA600DAFFD9\dismhost.exe {3405701D-FA9F-48EF-A636-A7ADF2F0F962}

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c "wmic path SoftwareLicensingProduct where (ApplicationID='55c92734-d682-4d71-983e-d6ec3f16059f' AND LicenseDependsOn is NULL AND PartialProductKey IS NOT NULL) get LicenseFamily /VALUE" 2>nul

C:\Windows\System32\Wbem\WMIC.exe

wmic path SoftwareLicensingProduct where (ApplicationID='55c92734-d682-4d71-983e-d6ec3f16059f' AND LicenseDependsOn is NULL AND PartialProductKey IS NOT NULL) get LicenseFamily /VALUE

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v EditionID 2>nul

C:\Windows\System32\reg.exe

reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v EditionID

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v BuildBranch 2>nul

C:\Windows\System32\reg.exe

reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v BuildBranch

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c dism /online /english /Get-TargetEditions | findstr /i /c:"Target Edition : "

C:\Windows\System32\Dism.exe

dism /online /english /Get-TargetEditions

C:\Windows\System32\findstr.exe

findstr /i /c:"Target Edition : "

C:\Users\Admin\AppData\Local\Temp\BC1E8C57-6D12-4E19-82CD-C2505618D898\dismhost.exe

C:\Users\Admin\AppData\Local\Temp\BC1E8C57-6D12-4E19-82CD-C2505618D898\dismhost.exe {66A8D2FB-9B44-4F0E-96BB-5F54777F08AF}

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c "wmic path SoftwareLicensingProduct where (ApplicationID='55c92734-d682-4d71-983e-d6ec3f16059f' AND LicenseDependsOn is NULL) get LicenseFamily /VALUE" 2>nul

C:\Windows\System32\Wbem\WMIC.exe

wmic path SoftwareLicensingProduct where (ApplicationID='55c92734-d682-4d71-983e-d6ec3f16059f' AND LicenseDependsOn is NULL) get LicenseFamily /VALUE

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo "" "

C:\Windows\System32\find.exe

find /i " ProfessionalWorkstation "

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo " ProfessionalWorkstation " "

C:\Windows\System32\find.exe

find /i " ServerRdsh "

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo " ProfessionalWorkstation ServerRdsh " "

C:\Windows\System32\find.exe

find /i " Education "

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo " ProfessionalWorkstation ServerRdsh Education " "

C:\Windows\System32\find.exe

find /i " ServerRdsh "

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo " ProfessionalWorkstation ServerRdsh Education " "

C:\Windows\System32\find.exe

find /i " Education "

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo " ProfessionalWorkstation ServerRdsh Education " "

C:\Windows\System32\find.exe

find /i " Enterprise "

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo " ProfessionalWorkstation ServerRdsh Education Enterprise " "

C:\Windows\System32\find.exe

find /i " ProfessionalWorkstation "

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo " ProfessionalWorkstation ServerRdsh Education Enterprise " "

C:\Windows\System32\find.exe

find /i " ProfessionalEducation "

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo " ProfessionalWorkstation ServerRdsh Education Enterprise ProfessionalEducation " "

C:\Windows\System32\find.exe

find /i " ProfessionalWorkstation "

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo " ProfessionalWorkstation ServerRdsh Education Enterprise ProfessionalEducation " "

C:\Windows\System32\find.exe

find /i " ProfessionalEducation "

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo " ProfessionalWorkstation ServerRdsh Education Enterprise ProfessionalEducation " "

C:\Windows\System32\find.exe

find /i " ProfessionalEducation "

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo " ProfessionalWorkstation ServerRdsh Education Enterprise ProfessionalEducation " "

C:\Windows\System32\find.exe

find /i " CloudEdition "

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo " ProfessionalWorkstation ServerRdsh Education Enterprise ProfessionalEducation CloudEdition " "

C:\Windows\System32\find.exe

find /i " ProfessionalWorkstation "

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo " ProfessionalWorkstation ServerRdsh Education Enterprise ProfessionalEducation CloudEdition " "

C:\Windows\System32\find.exe

find /i " ProfessionalEducation "

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo " ProfessionalWorkstation ServerRdsh Education Enterprise ProfessionalEducation CloudEdition " "

C:\Windows\System32\find.exe

find /i " ProfessionalWorkstation "

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo " ProfessionalWorkstation ServerRdsh Education Enterprise ProfessionalEducation CloudEdition " "

C:\Windows\System32\find.exe

find /i " ProfessionalWorkstation "

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo " ProfessionalWorkstation ServerRdsh Education Enterprise ProfessionalEducation CloudEdition " "

C:\Windows\System32\find.exe

find /i " Enterprise "

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo " ProfessionalWorkstation ServerRdsh Education Enterprise ProfessionalEducation CloudEdition " "

C:\Windows\System32\find.exe

find /i " ProfessionalWorkstation "

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo " ProfessionalWorkstation ServerRdsh Education Enterprise ProfessionalEducation CloudEdition " "

C:\Windows\System32\find.exe

find /i " Enterprise "

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo " ProfessionalWorkstation ServerRdsh Education Enterprise ProfessionalEducation CloudEdition " "

C:\Windows\System32\find.exe

find /i " ProfessionalWorkstation "

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo " ProfessionalWorkstation ServerRdsh Education Enterprise ProfessionalEducation CloudEdition " "

C:\Windows\System32\find.exe

find /i " IoTEnterprise "

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo " ProfessionalWorkstation ServerRdsh Education Enterprise ProfessionalEducation CloudEdition IoTEnterprise " "

C:\Windows\System32\find.exe

find /i " Enterprise "

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo " ProfessionalWorkstation ServerRdsh Education Enterprise ProfessionalEducation CloudEdition IoTEnterprise " "

C:\Windows\System32\find.exe

find /i " ProfessionalWorkstation "

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo " ProfessionalWorkstation ServerRdsh Education Enterprise ProfessionalEducation CloudEdition IoTEnterprise " "

C:\Windows\System32\find.exe

find /i " CloudEdition "

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo " ProfessionalWorkstation ServerRdsh Education Enterprise ProfessionalEducation CloudEdition IoTEnterprise " "

C:\Windows\System32\find.exe

find /i " ProfessionalWorkstation "

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo " ProfessionalWorkstation ServerRdsh Education Enterprise ProfessionalEducation CloudEdition IoTEnterprise " "

C:\Windows\System32\find.exe

find /i " ProfessionalSingleLanguage "

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo " ProfessionalWorkstation ServerRdsh Education Enterprise ProfessionalEducation CloudEdition IoTEnterprise ProfessionalSingleLanguage " "

C:\Windows\System32\find.exe

find /i " Education "

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo " ProfessionalWorkstation ServerRdsh Education Enterprise ProfessionalEducation CloudEdition IoTEnterprise ProfessionalSingleLanguage " "

C:\Windows\System32\find.exe

find /i " IoTEnterprise "

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo " ProfessionalWorkstation ServerRdsh Education Enterprise ProfessionalEducation CloudEdition IoTEnterprise ProfessionalSingleLanguage " "

C:\Windows\System32\find.exe

find /i " CloudEdition "

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo " ProfessionalWorkstation ServerRdsh Education Enterprise ProfessionalEducation CloudEdition IoTEnterprise ProfessionalSingleLanguage " "

C:\Windows\System32\find.exe

find /i " ProfessionalWorkstation "

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo " ProfessionalWorkstation ServerRdsh Education Enterprise ProfessionalEducation CloudEdition IoTEnterprise ProfessionalSingleLanguage " "

C:\Windows\System32\find.exe

find /i " ServerRdsh "

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo " ProfessionalWorkstation ServerRdsh Education Enterprise ProfessionalEducation CloudEdition IoTEnterprise ProfessionalSingleLanguage " "

C:\Windows\System32\find.exe

find /i " Education "

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo " ProfessionalWorkstation ServerRdsh Education Enterprise ProfessionalEducation CloudEdition IoTEnterprise ProfessionalSingleLanguage " "

C:\Windows\System32\find.exe

find /i " ServerRdsh "

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo " ProfessionalWorkstation ServerRdsh Education Enterprise ProfessionalEducation CloudEdition IoTEnterprise ProfessionalSingleLanguage " "

C:\Windows\System32\find.exe

find /i " Education "

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo " ProfessionalWorkstation ServerRdsh Education Enterprise ProfessionalEducation CloudEdition IoTEnterprise ProfessionalSingleLanguage " "

C:\Windows\System32\find.exe

find /i " ProfessionalEducation "

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo " ProfessionalWorkstation ServerRdsh Education Enterprise ProfessionalEducation CloudEdition IoTEnterprise ProfessionalSingleLanguage " "

C:\Windows\System32\find.exe

find /i " ProfessionalWorkstation "

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo " ProfessionalWorkstation ServerRdsh Education Enterprise ProfessionalEducation CloudEdition IoTEnterprise ProfessionalSingleLanguage " "

C:\Windows\System32\find.exe

find /i " ServerRdsh "

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo " ProfessionalWorkstation ServerRdsh Education Enterprise ProfessionalEducation CloudEdition IoTEnterprise ProfessionalSingleLanguage " "

C:\Windows\System32\find.exe

find /i " ProfessionalCountrySpecific "

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo " ProfessionalWorkstation ServerRdsh Education Enterprise ProfessionalEducation CloudEdition IoTEnterprise ProfessionalSingleLanguage ProfessionalCountrySpecific " "

C:\Windows\System32\find.exe

find /i " ServerRdsh "

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo ProfessionalWorkstation "

C:\Windows\System32\findstr.exe

findstr /i "CountrySpecific CloudEdition"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo ServerRdsh "

C:\Windows\System32\findstr.exe

findstr /i "CountrySpecific CloudEdition"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo Education "

C:\Windows\System32\findstr.exe

findstr /i "CountrySpecific CloudEdition"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo Enterprise "

C:\Windows\System32\findstr.exe

findstr /i "CountrySpecific CloudEdition"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo ProfessionalEducation "

C:\Windows\System32\findstr.exe

findstr /i "CountrySpecific CloudEdition"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo CloudEdition "

C:\Windows\System32\findstr.exe

findstr /i "CountrySpecific CloudEdition"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo IoTEnterprise "

C:\Windows\System32\findstr.exe

findstr /i "CountrySpecific CloudEdition"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo ProfessionalSingleLanguage "

C:\Windows\System32\findstr.exe

findstr /i "CountrySpecific CloudEdition"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo ProfessionalCountrySpecific "

C:\Windows\System32\findstr.exe

findstr /i "CountrySpecific CloudEdition"

C:\Windows\System32\mode.com

mode 98, 30

C:\Windows\System32\mode.com

mode 76, 33

C:\Windows\System32\choice.exe

choice /C:123456789H0 /N

C:\Windows\System32\mode.com

mode 76, 25

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c tasklist | findstr /I ".exe" 2>nul

C:\Windows\System32\tasklist.exe

tasklist

C:\Windows\System32\findstr.exe

findstr /I ".exe"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo -smss.exe- -csrss.exe- -wininit.exe- -csrss.exe- -winlogon.exe- -services.exe- -lsass.exe- -svchost.exe- -fontdrvhost.exe- -fontdrvhost.exe- -svchost.exe- -svchost.exe- -dwm.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -spoolsv.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sysmon.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sihost.exe- -svchost.exe- -unsecapp.exe- -explorer.exe- -svchost.exe- -svchost.exe- -SearchHost.exe- -RuntimeBroker.exe- -RuntimeBroker.exe- -svchost.exe- -dllhost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -OfficeClickToRun.exe- -svchost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -chrome.exe- -powershell.exe- -conhost.exe- -svchost.exe- -cmd.exe- -conhost.exe- -powershell.exe- -cmd.exe- -WmiPrvSE.exe- -svchost.exe- -sppsvc.exe- -cmd.exe- -tasklist.exe- -findstr.exe- "

C:\Windows\System32\find.exe

find /i "-msaccess.exe-"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo -smss.exe- -csrss.exe- -wininit.exe- -csrss.exe- -winlogon.exe- -services.exe- -lsass.exe- -svchost.exe- -fontdrvhost.exe- -fontdrvhost.exe- -svchost.exe- -svchost.exe- -dwm.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -spoolsv.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sysmon.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sihost.exe- -svchost.exe- -unsecapp.exe- -explorer.exe- -svchost.exe- -svchost.exe- -SearchHost.exe- -RuntimeBroker.exe- -RuntimeBroker.exe- -svchost.exe- -dllhost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -OfficeClickToRun.exe- -svchost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -chrome.exe- -powershell.exe- -conhost.exe- -svchost.exe- -cmd.exe- -conhost.exe- -powershell.exe- -cmd.exe- -WmiPrvSE.exe- -svchost.exe- -sppsvc.exe- -cmd.exe- -tasklist.exe- -findstr.exe- "

C:\Windows\System32\find.exe

find /i "-excel.exe-"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo -smss.exe- -csrss.exe- -wininit.exe- -csrss.exe- -winlogon.exe- -services.exe- -lsass.exe- -svchost.exe- -fontdrvhost.exe- -fontdrvhost.exe- -svchost.exe- -svchost.exe- -dwm.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -spoolsv.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sysmon.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sihost.exe- -svchost.exe- -unsecapp.exe- -explorer.exe- -svchost.exe- -svchost.exe- -SearchHost.exe- -RuntimeBroker.exe- -RuntimeBroker.exe- -svchost.exe- -dllhost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -OfficeClickToRun.exe- -svchost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -chrome.exe- -powershell.exe- -conhost.exe- -svchost.exe- -cmd.exe- -conhost.exe- -powershell.exe- -cmd.exe- -WmiPrvSE.exe- -svchost.exe- -sppsvc.exe- -cmd.exe- -tasklist.exe- -findstr.exe- "

C:\Windows\System32\find.exe

find /i "-groove.exe-"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo -smss.exe- -csrss.exe- -wininit.exe- -csrss.exe- -winlogon.exe- -services.exe- -lsass.exe- -svchost.exe- -fontdrvhost.exe- -fontdrvhost.exe- -svchost.exe- -svchost.exe- -dwm.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -spoolsv.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sysmon.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sihost.exe- -svchost.exe- -unsecapp.exe- -explorer.exe- -svchost.exe- -svchost.exe- -SearchHost.exe- -RuntimeBroker.exe- -RuntimeBroker.exe- -svchost.exe- -dllhost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -OfficeClickToRun.exe- -svchost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -chrome.exe- -powershell.exe- -conhost.exe- -svchost.exe- -cmd.exe- -conhost.exe- -powershell.exe- -cmd.exe- -WmiPrvSE.exe- -svchost.exe- -sppsvc.exe- -cmd.exe- -tasklist.exe- -findstr.exe- "

C:\Windows\System32\find.exe

find /i "-lync.exe-"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo -smss.exe- -csrss.exe- -wininit.exe- -csrss.exe- -winlogon.exe- -services.exe- -lsass.exe- -svchost.exe- -fontdrvhost.exe- -fontdrvhost.exe- -svchost.exe- -svchost.exe- -dwm.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -spoolsv.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sysmon.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sihost.exe- -svchost.exe- -unsecapp.exe- -explorer.exe- -svchost.exe- -svchost.exe- -SearchHost.exe- -RuntimeBroker.exe- -RuntimeBroker.exe- -svchost.exe- -dllhost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -OfficeClickToRun.exe- -svchost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -chrome.exe- -powershell.exe- -conhost.exe- -svchost.exe- -cmd.exe- -conhost.exe- -powershell.exe- -cmd.exe- -WmiPrvSE.exe- -svchost.exe- -sppsvc.exe- -cmd.exe- -tasklist.exe- -findstr.exe- "

C:\Windows\System32\find.exe

find /i "-onenote.exe-"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo -smss.exe- -csrss.exe- -wininit.exe- -csrss.exe- -winlogon.exe- -services.exe- -lsass.exe- -svchost.exe- -fontdrvhost.exe- -fontdrvhost.exe- -svchost.exe- -svchost.exe- -dwm.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -spoolsv.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sysmon.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sihost.exe- -svchost.exe- -unsecapp.exe- -explorer.exe- -svchost.exe- -svchost.exe- -SearchHost.exe- -RuntimeBroker.exe- -RuntimeBroker.exe- -svchost.exe- -dllhost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -OfficeClickToRun.exe- -svchost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -chrome.exe- -powershell.exe- -conhost.exe- -svchost.exe- -cmd.exe- -conhost.exe- -powershell.exe- -cmd.exe- -WmiPrvSE.exe- -svchost.exe- -sppsvc.exe- -cmd.exe- -tasklist.exe- -findstr.exe- "

C:\Windows\System32\find.exe

find /i "-outlook.exe-"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo -smss.exe- -csrss.exe- -wininit.exe- -csrss.exe- -winlogon.exe- -services.exe- -lsass.exe- -svchost.exe- -fontdrvhost.exe- -fontdrvhost.exe- -svchost.exe- -svchost.exe- -dwm.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -spoolsv.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sysmon.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sihost.exe- -svchost.exe- -unsecapp.exe- -explorer.exe- -svchost.exe- -svchost.exe- -SearchHost.exe- -RuntimeBroker.exe- -RuntimeBroker.exe- -svchost.exe- -dllhost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -OfficeClickToRun.exe- -svchost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -chrome.exe- -powershell.exe- -conhost.exe- -svchost.exe- -cmd.exe- -conhost.exe- -powershell.exe- -cmd.exe- -WmiPrvSE.exe- -svchost.exe- -sppsvc.exe- -cmd.exe- -tasklist.exe- -findstr.exe- "

C:\Windows\System32\find.exe

find /i "-powerpnt.exe-"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo -smss.exe- -csrss.exe- -wininit.exe- -csrss.exe- -winlogon.exe- -services.exe- -lsass.exe- -svchost.exe- -fontdrvhost.exe- -fontdrvhost.exe- -svchost.exe- -svchost.exe- -dwm.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -spoolsv.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sysmon.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sihost.exe- -svchost.exe- -unsecapp.exe- -explorer.exe- -svchost.exe- -svchost.exe- -SearchHost.exe- -RuntimeBroker.exe- -RuntimeBroker.exe- -svchost.exe- -dllhost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -OfficeClickToRun.exe- -svchost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -chrome.exe- -powershell.exe- -conhost.exe- -svchost.exe- -cmd.exe- -conhost.exe- -powershell.exe- -cmd.exe- -WmiPrvSE.exe- -svchost.exe- -sppsvc.exe- -cmd.exe- -tasklist.exe- -findstr.exe- "

C:\Windows\System32\find.exe

find /i "-winproj.exe-"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo -smss.exe- -csrss.exe- -wininit.exe- -csrss.exe- -winlogon.exe- -services.exe- -lsass.exe- -svchost.exe- -fontdrvhost.exe- -fontdrvhost.exe- -svchost.exe- -svchost.exe- -dwm.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -spoolsv.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sysmon.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sihost.exe- -svchost.exe- -unsecapp.exe- -explorer.exe- -svchost.exe- -svchost.exe- -SearchHost.exe- -RuntimeBroker.exe- -RuntimeBroker.exe- -svchost.exe- -dllhost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -OfficeClickToRun.exe- -svchost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -chrome.exe- -powershell.exe- -conhost.exe- -svchost.exe- -cmd.exe- -conhost.exe- -powershell.exe- -cmd.exe- -WmiPrvSE.exe- -svchost.exe- -sppsvc.exe- -cmd.exe- -tasklist.exe- -findstr.exe- "

C:\Windows\System32\find.exe

find /i "-mspub.exe-"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo -smss.exe- -csrss.exe- -wininit.exe- -csrss.exe- -winlogon.exe- -services.exe- -lsass.exe- -svchost.exe- -fontdrvhost.exe- -fontdrvhost.exe- -svchost.exe- -svchost.exe- -dwm.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -spoolsv.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sysmon.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sihost.exe- -svchost.exe- -unsecapp.exe- -explorer.exe- -svchost.exe- -svchost.exe- -SearchHost.exe- -RuntimeBroker.exe- -RuntimeBroker.exe- -svchost.exe- -dllhost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -OfficeClickToRun.exe- -svchost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -chrome.exe- -powershell.exe- -conhost.exe- -svchost.exe- -cmd.exe- -conhost.exe- -powershell.exe- -cmd.exe- -WmiPrvSE.exe- -svchost.exe- -sppsvc.exe- -cmd.exe- -tasklist.exe- -findstr.exe- "

C:\Windows\System32\find.exe

find /i "-visio.exe-"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo -smss.exe- -csrss.exe- -wininit.exe- -csrss.exe- -winlogon.exe- -services.exe- -lsass.exe- -svchost.exe- -fontdrvhost.exe- -fontdrvhost.exe- -svchost.exe- -svchost.exe- -dwm.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -spoolsv.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sysmon.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sihost.exe- -svchost.exe- -unsecapp.exe- -explorer.exe- -svchost.exe- -svchost.exe- -SearchHost.exe- -RuntimeBroker.exe- -RuntimeBroker.exe- -svchost.exe- -dllhost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -OfficeClickToRun.exe- -svchost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -chrome.exe- -powershell.exe- -conhost.exe- -svchost.exe- -cmd.exe- -conhost.exe- -powershell.exe- -cmd.exe- -WmiPrvSE.exe- -svchost.exe- -sppsvc.exe- -cmd.exe- -tasklist.exe- -findstr.exe- "

C:\Windows\System32\find.exe

find /i "-winword.exe-"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo -smss.exe- -csrss.exe- -wininit.exe- -csrss.exe- -winlogon.exe- -services.exe- -lsass.exe- -svchost.exe- -fontdrvhost.exe- -fontdrvhost.exe- -svchost.exe- -svchost.exe- -dwm.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -spoolsv.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sysmon.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sihost.exe- -svchost.exe- -unsecapp.exe- -explorer.exe- -svchost.exe- -svchost.exe- -SearchHost.exe- -RuntimeBroker.exe- -RuntimeBroker.exe- -svchost.exe- -dllhost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -OfficeClickToRun.exe- -svchost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -chrome.exe- -powershell.exe- -conhost.exe- -svchost.exe- -cmd.exe- -conhost.exe- -powershell.exe- -cmd.exe- -WmiPrvSE.exe- -svchost.exe- -sppsvc.exe- -cmd.exe- -tasklist.exe- -findstr.exe- "

C:\Windows\System32\find.exe

find /i "-lime.exe-"

C:\Windows\System32\choice.exe

choice /C:1230 /N

C:\Windows\System32\mode.com

mode 130, 32

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe "&{$W=$Host.UI.RawUI.WindowSize;$B=$Host.UI.RawUI.BufferSize;$W.Height=32;$B.Height=300;$Host.UI.RawUI.WindowSize=$W;$Host.UI.RawUI.BufferSize=$B;}"

C:\Windows\System32\reg.exe

reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\taskcache\tasks" /f Path /s

C:\Windows\System32\find.exe

find /i "AutoPico"

C:\Windows\System32\find.exe

find /i "avira.com" C:\Windows\System32\drivers\etc\hosts

C:\Windows\System32\find.exe

find /i "kaspersky.com" C:\Windows\System32\drivers\etc\hosts

C:\Windows\System32\find.exe

find /i "virustotal.com" C:\Windows\System32\drivers\etc\hosts

C:\Windows\System32\find.exe

find /i "mcafee.com" C:\Windows\System32\drivers\etc\hosts

C:\Windows\System32\sc.exe

sc start sppsvc

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo "1056" "

C:\Windows\System32\findstr.exe

findstr "577 225"

C:\Windows\System32\cmd.exe

cmd /c "wmic path Win32_ComputerSystem get CreationClassName /value"

C:\Windows\System32\find.exe

find /i "computersystem"

C:\Windows\System32\Wbem\WMIC.exe

wmic path Win32_ComputerSystem get CreationClassName /value

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c "powershell.exe $AssemblyBuilder = [AppDomain]::CurrentDomain.DefineDynamicAssembly(4, 1); $ModuleBuilder = $AssemblyBuilder.DefineDynamicModule(2, $False); $TypeBuilder = $ModuleBuilder.DefineType(0); $meth = $TypeBuilder.DefinePInvokeMethod('BrandingFormatString', 'winbrand.dll', 'Public, Static', 1, [String], @([String]), 1, 3); $meth.SetImplementationFlags(128); $TypeBuilder.CreateType()::BrandingFormatString('%WINDOWS_LONG%')"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe $AssemblyBuilder = [AppDomain]::CurrentDomain.DefineDynamicAssembly(4, 1); $ModuleBuilder = $AssemblyBuilder.DefineDynamicModule(2, $False); $TypeBuilder = $ModuleBuilder.DefineType(0); $meth = $TypeBuilder.DefinePInvokeMethod('BrandingFormatString', 'winbrand.dll', 'Public, Static', 1, [String], @([String]), 1, 3); $meth.SetImplementationFlags(128); $TypeBuilder.CreateType()::BrandingFormatString('%WINDOWS_LONG%')

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo "Windows 11 Pro" "

C:\Windows\System32\find.exe

find /i "Windows"

C:\Windows\System32\sc.exe

sc start sppsvc

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe "$job = Start-Job { (Get-WmiObject -Query 'SELECT * FROM SoftwareLicensingService').Version }; if (-not (Wait-Job $job -Timeout 30)) {write-host 'sppsvc is not working correctly. Help - https://massgrave.dev/troubleshoot'}"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c reg query "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment" /v PROCESSOR_ARCHITECTURE

C:\Windows\System32\reg.exe

reg query "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment" /v PROCESSOR_ARCHITECTURE

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c ver

C:\Windows\System32\reg.exe

reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\taskcache\tasks" /f Path /s

C:\Windows\System32\find.exe

find /i "AutoPico"

C:\Windows\System32\find.exe

find /i "avira.com" C:\Windows\System32\drivers\etc\hosts

C:\Windows\System32\find.exe

find /i "kaspersky.com" C:\Windows\System32\drivers\etc\hosts

C:\Windows\System32\find.exe

find /i "virustotal.com" C:\Windows\System32\drivers\etc\hosts

C:\Windows\System32\find.exe

find /i "mcafee.com" C:\Windows\System32\drivers\etc\hosts

C:\Windows\System32\sc.exe

sc start sppsvc

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo "1056" "

C:\Windows\System32\findstr.exe

findstr "577 225"

C:\Windows\System32\sc.exe

sc query Null

C:\Windows\System32\sc.exe

sc start sppsvc

C:\Windows\System32\sc.exe

sc query sppsvc

C:\Windows\System32\reg.exe

reg query HKLM\SYSTEM\CurrentControlSet\Services\sppsvc /v DependOnService

C:\Windows\System32\reg.exe

reg query HKLM\SYSTEM\CurrentControlSet\Services\sppsvc /v Description

C:\Windows\System32\reg.exe

reg query HKLM\SYSTEM\CurrentControlSet\Services\sppsvc /v DisplayName

C:\Windows\System32\reg.exe

reg query HKLM\SYSTEM\CurrentControlSet\Services\sppsvc /v ErrorControl

C:\Windows\System32\reg.exe

reg query HKLM\SYSTEM\CurrentControlSet\Services\sppsvc /v ImagePath

C:\Windows\System32\reg.exe

reg query HKLM\SYSTEM\CurrentControlSet\Services\sppsvc /v ObjectName

C:\Windows\System32\reg.exe

reg query HKLM\SYSTEM\CurrentControlSet\Services\sppsvc /v Start

C:\Windows\System32\reg.exe

reg query HKLM\SYSTEM\CurrentControlSet\Services\sppsvc /v Type

C:\Windows\System32\sc.exe

sc start Winmgmt

C:\Windows\System32\sc.exe

sc query Winmgmt

C:\Windows\System32\reg.exe

reg query HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt /v DependOnService

C:\Windows\System32\reg.exe

reg query HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt /v Description

C:\Windows\System32\reg.exe

reg query HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt /v DisplayName

C:\Windows\System32\reg.exe

reg query HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt /v ErrorControl

C:\Windows\System32\reg.exe

reg query HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt /v ImagePath

C:\Windows\System32\reg.exe

reg query HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt /v ObjectName

C:\Windows\System32\reg.exe

reg query HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt /v Start

C:\Windows\System32\reg.exe

reg query HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt /v Type

C:\Windows\System32\sc.exe

sc start sppsvc

C:\Windows\System32\sc.exe

sc start Winmgmt

C:\Windows\System32\sc.exe

sc query sppsvc

C:\Windows\System32\find.exe

find /i "RUNNING"

C:\Windows\System32\sc.exe

sc start sppsvc

C:\Windows\System32\sc.exe

sc query Winmgmt

C:\Windows\System32\find.exe

find /i "RUNNING"

C:\Windows\System32\sc.exe

sc start Winmgmt

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\State" /v ImageState

C:\Windows\System32\reg.exe

reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\State" /v ImageState

C:\Windows\System32\reg.exe

reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinPE" /v InstRoot

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c powershell.exe "$f=[io.file]::ReadAllText('C:\Windows\Temp\MAS_7faedfbd-33d9-4432-a020-e7f1421cbfc1.cmd') -split ':wpatest\:.*';iex ($f[1])" 2>nul

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe "$f=[io.file]::ReadAllText('C:\Windows\Temp\MAS_7faedfbd-33d9-4432-a020-e7f1421cbfc1.cmd') -split ':wpatest\:.*';iex ($f[1])"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo "12" "

C:\Windows\System32\find.exe

find /i "Error Found"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c "wmic path SoftwareLicensingProduct where (ApplicationID='55c92734-d682-4d71-983e-d6ec3f16059f' AND LicenseDependsOn is NULL AND PartialProductKey IS NOT NULL) get LicenseFamily /VALUE" 2>nul

C:\Windows\System32\Wbem\WMIC.exe

wmic path SoftwareLicensingProduct where (ApplicationID='55c92734-d682-4d71-983e-d6ec3f16059f' AND LicenseDependsOn is NULL AND PartialProductKey IS NOT NULL) get LicenseFamily /VALUE

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe "try { $null=([WMISEARCHER]'SELECT * FROM SoftwareLicensingService').Get().Version; exit 0 } catch { exit $_.Exception.InnerException.HResult }"

C:\Windows\System32\cmd.exe

cmd /c exit /b 0

C:\Windows\System32\Wbem\WMIC.exe

wmic path Win32_ComputerSystem get CreationClassName /value

C:\Windows\System32\find.exe

find /i "computersystem"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo "0" "

C:\Windows\System32\findstr.exe

findstr /i "0x800410 0x800440 0x80131501"

C:\Windows\System32\reg.exe

reg query "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\PersistedTSReArmed"

C:\Windows\System32\reg.exe

reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ClipSVC\Volatile\PersistedSystemState"

C:\Windows\System32\reg.exe

reg query "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion"

C:\Windows\System32\reg.exe

reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe"

C:\Windows\System32\reg.exe

reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sppsvc.exe"

C:\Windows\System32\reg.exe

reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sppsvc.exe\PerfOptions"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" /v "SkipRearm" 2>nul

C:\Windows\System32\reg.exe

reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" /v "SkipRearm"

C:\Windows\System32\reg.exe

reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Plugins\Objects\msft:rm/algorithm/hwid/4.0" /f ba02fed39662 /d

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" /v TokenStore 2>nul

C:\Windows\System32\reg.exe

reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" /v TokenStore

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c "wmic path SoftwareLicensingProduct where (ApplicationID='55c92734-d682-4d71-983e-d6ec3f16059f' and PartialProductKey is not null) get ID /VALUE" 2>nul

C:\Windows\System32\Wbem\WMIC.exe

wmic path SoftwareLicensingProduct where (ApplicationID='55c92734-d682-4d71-983e-d6ec3f16059f' and PartialProductKey is not null) get ID /VALUE

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c powershell.exe "(Get-ScheduledTask -TaskName 'SvcRestartTask' -TaskPath '\Microsoft\Windows\SoftwareProtectionPlatform\').State" 2>nul

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe "(Get-ScheduledTask -TaskName 'SvcRestartTask' -TaskPath '\Microsoft\Windows\SoftwareProtectionPlatform\').State"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo "

C:\Windows\System32\find.exe

find /i "Ready"

C:\Windows\System32\reg.exe

reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" /v "actionlist" /f

C:\Windows\System32\reg.exe

reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe "$acl = (Get-Acl 'C:\Windows\System32\spp\store\2.0' | fl | Out-String); if (-not ($acl -match 'NT SERVICE\\sppsvc Allow FullControl') -or ($acl -match 'NT SERVICE\\sppsvc Deny')) {Exit 2}"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe "$acl = (Get-Acl 'HKLM:\SYSTEM\WPA' | fl | Out-String); if (-not ($acl -match 'NT SERVICE\\sppsvc Allow QueryValues, EnumerateSubKeys, WriteKey') -or ($acl -match 'NT SERVICE\\sppsvc Deny')) {Exit 2}"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe "$acl = (Get-Acl 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' | fl | Out-String); if (-not ($acl -match 'NT SERVICE\\sppsvc Allow SetValue') -or ($acl -match 'NT SERVICE\\sppsvc Deny')) {Exit 2}"

C:\Windows\System32\reg.exe

reg query "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion"

C:\Windows\System32\reg.exe

reg query "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Policies"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe "$netServ = (New-Object Security.Principal.SecurityIdentifier('S-1-5-20')).Translate([Security.Principal.NTAccount]).Value; $aclString = Get-Acl 'Registry::HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Policies' | Format-List | Out-String; if (-not ($aclString.Contains($netServ + ' Allow FullControl') -or $aclString.Contains('NT SERVICE\sppsvc Allow FullControl')) -or ($aclString.Contains('Deny'))) {Exit 3}"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c "reg query HKLM\SOFTWARE\Wow6432Node\Microsoft\Office\14.0\Common\InstallRoot /v Path" 2>nul

C:\Windows\System32\reg.exe

reg query HKLM\SOFTWARE\Wow6432Node\Microsoft\Office\14.0\Common\InstallRoot /v Path

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c "reg query HKLM\SOFTWARE\Microsoft\Office\14.0\Common\InstallRoot /v Path" 2>nul

C:\Windows\System32\reg.exe

reg query HKLM\SOFTWARE\Microsoft\Office\14.0\Common\InstallRoot /v Path

C:\Windows\System32\reg.exe

reg query HKLM\SOFTWARE\Microsoft\Office\14.0\CVH /f Click2run /k

C:\Windows\System32\reg.exe

reg query HKLM\SOFTWARE\Wow6432Node\Microsoft\Office\14.0\CVH /f Click2run /k

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c powershell.exe "(Get-AppxPackage -name 'Microsoft.Office.Desktop' | Select-Object -ExpandProperty InstallLocation)" 2>nul

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe "(Get-AppxPackage -name 'Microsoft.Office.Desktop' | Select-Object -ExpandProperty InstallLocation)"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe "Get-AppxPackage -name "Microsoft.MicrosoftOfficeHub""

C:\Windows\System32\find.exe

find /i "Office"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c "reg query HKLM\SOFTWARE\Wow6432Node\Microsoft\Office\ClickToRun /v InstallPath" 2>nul

C:\Windows\System32\reg.exe

reg query HKLM\SOFTWARE\Wow6432Node\Microsoft\Office\ClickToRun /v InstallPath

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c "reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun /v InstallPath" 2>nul

C:\Windows\System32\reg.exe

reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun /v InstallPath

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c "reg query HKLM\SOFTWARE\Wow6432Node\Microsoft\Office\15.0\ClickToRun /v InstallPath" 2>nul

C:\Windows\System32\reg.exe

reg query HKLM\SOFTWARE\Wow6432Node\Microsoft\Office\15.0\ClickToRun /v InstallPath

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c "reg query HKLM\SOFTWARE\Microsoft\Office\15.0\ClickToRun /v InstallPath" 2>nul

C:\Windows\System32\reg.exe

reg query HKLM\SOFTWARE\Microsoft\Office\15.0\ClickToRun /v InstallPath

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c "reg query HKLM\SOFTWARE\Wow6432Node\Microsoft\Office\16.0\Common\InstallRoot /v Path" 2>nul

C:\Windows\System32\reg.exe

reg query HKLM\SOFTWARE\Wow6432Node\Microsoft\Office\16.0\Common\InstallRoot /v Path

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c "reg query HKLM\SOFTWARE\Microsoft\Office\16.0\Common\InstallRoot /v Path" 2>nul

C:\Windows\System32\reg.exe

reg query HKLM\SOFTWARE\Microsoft\Office\16.0\Common\InstallRoot /v Path

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c "reg query HKLM\SOFTWARE\Wow6432Node\Microsoft\Office\15.0\Common\InstallRoot /v Path" 2>nul

C:\Windows\System32\reg.exe

reg query HKLM\SOFTWARE\Wow6432Node\Microsoft\Office\15.0\Common\InstallRoot /v Path

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c "reg query HKLM\SOFTWARE\Microsoft\Office\15.0\Common\InstallRoot /v Path" 2>nul

C:\Windows\System32\reg.exe

reg query HKLM\SOFTWARE\Microsoft\Office\15.0\Common\InstallRoot /v Path

C:\Windows\System32\sc.exe

sc query ClickToRunSvc

C:\Windows\System32\sc.exe

sc query OfficeSvc

C:\Windows\System32\reg.exe

reg query "HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions" /v ProductType

C:\Windows\System32\find.exe

find /i "WinNT"

C:\Windows\System32\reg.exe

reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v EditionID

C:\Windows\System32\find.exe

find /i "Server"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c powershell.exe "(Get-WmiObject -Query 'SELECT LicenseFamily, Name FROM SoftwareLicensingProduct WHERE ApplicationID=''0ff1ce15-a989-479d-af46-f275c6370663'' AND LicenseStatus=1 AND GracePeriodRemaining=0 AND PartialProductKey IS NOT NULL' | Where-Object { $_.Name -notlike '*Office 15*' }).LicenseFamily" 2>nul

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe "(Get-WmiObject -Query 'SELECT LicenseFamily, Name FROM SoftwareLicensingProduct WHERE ApplicationID=''0ff1ce15-a989-479d-af46-f275c6370663'' AND LicenseStatus=1 AND GracePeriodRemaining=0 AND PartialProductKey IS NOT NULL' | Where-Object { $_.Name -notlike '*Office 15*' }).LicenseFamily"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c "wmic path SoftwareLicensingProduct where (ApplicationID='0ff1ce15-a989-479d-af46-f275c6370663') get ID /VALUE" 2>nul

C:\Windows\System32\Wbem\WMIC.exe

wmic path SoftwareLicensingProduct where (ApplicationID='0ff1ce15-a989-479d-af46-f275c6370663') get ID /VALUE

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c "reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun /v InstallPath" 2>nul

C:\Windows\System32\reg.exe

reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun /v InstallPath

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c "reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration /v Platform" 2>nul

C:\Windows\System32\reg.exe

reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration /v Platform

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c "reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration /v VersionToReport" 2>nul

C:\Windows\System32\reg.exe

reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration /v VersionToReport

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c "reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration /v AudienceData" 2>nul

C:\Windows\System32\reg.exe

reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration /v AudienceData

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c "reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration /v ProductReleaseIds" 2>nul

C:\Windows\System32\reg.exe

reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration /v ProductReleaseIds

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo "HKLM\SOFTWARE\Microsoft\Office\ClickToRun" "

C:\Windows\System32\find.exe

find /i "Wow6432Node"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c reg query "HKLM\SOFTWARE\Microsoft\Office\ClickToRun\ProductReleaseIDs" /s /f ".16" /k 2>nul | findstr /i "Retail Volume"

C:\Windows\System32\reg.exe

reg query "HKLM\SOFTWARE\Microsoft\Office\ClickToRun\ProductReleaseIDs" /s /f ".16" /k

C:\Windows\System32\findstr.exe

findstr /i "Retail Volume"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo "" "

C:\Windows\System32\find.exe

find /i " ProPlusRetail.16 "

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c "reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration /v ProductReleaseIds" 2>nul

C:\Windows\System32\reg.exe

reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration /v ProductReleaseIds

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo ProPlusRetail "

C:\Windows\System32\findstr.exe

findstr /I " ProPlusRetail "

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo ProPlusRetail "

C:\Windows\System32\findstr.exe

findstr /I "ProPlusRetail"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo: "

C:\Windows\System32\find.exe

find /i "-ProPlusRetail-"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo ProPlusRetail "

C:\Windows\System32\find.exe

find /i "2024"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo "Retail" "

C:\Windows\System32\find.exe

find /i "Subscription"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo "26b394d7-7ad7-4aab-8fcc-6ea678395a91 339a5901-9bde-4f48-a88d-d048a42b54b1 5829fd99-2b17-4be4-9814-381145e49019 596bf8ec-7cab-4a98-83ae-459db70d24e4 60afa663-984d-47a6-ac9c-00346ff5e8f0 6755c7a7-4dfe-46f5-bce8-427be8e9dc62 6c1bed1d-0273-4045-90d2-e0836f3c380b 70d9ceb6-6dfa-4da4-b413-18c1c3c76e2e 84832881-46ef-4124-8abc-eb493cdcf78e 85dd8b5f-eaa4-4af3-a628-cce9e77c9a03 aa64f755-8a7b-4519-bc32-cab66deb92cb c8ce6adc-ede7-4ce2-8e7b-c49f462ab8c3 de52bd50-9564-4adc-8fcb-a345c17f84f9 e1fef7e5-6886-458c-8e45-7c1e9daab00c" "

C:\Windows\System32\find.exe

find /i "de52bd50-9564-4adc-8fcb-a345c17f84f9"

C:\Windows\System32\Wbem\WMIC.exe

wmic path SoftwareLicensingService where __CLASS='SoftwareLicensingService' call InstallProductKey ProductKey="GM43N-F742Q-6JDDK-M622J-J8GDV"

C:\Windows\System32\cmd.exe

cmd /c exit /b 0

C:\Windows\System32\Wbem\WMIC.exe

wmic path SoftwareLicensingService where __CLASS='SoftwareLicensingService' call RefreshLicenseStatus

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe "$f=[io.file]::ReadAllText('C:\Windows\Temp\MAS_7faedfbd-33d9-4432-a020-e7f1421cbfc1.cmd') -split ':sppc64.dll\:.*';$encoded = ($f[1]) -replace '-', 'A' -replace '_', 'a';$bytes = [Convert]::FromBase64String($encoded); $PePath='"C:\Program Files\Microsoft Office\root\vfs\System\sppc.dll"'; $offset='"3076"'; $m=[io.file]::ReadAllText('C:\Windows\Temp\MAS_7faedfbd-33d9-4432-a020-e7f1421cbfc1.cmd') -split ':hexedit\:.*';iex ($m[1]);"

C:\Windows\System32\find.exe

find /i "Error found"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo " ProPlusRetail " "

C:\Windows\System32\find.exe

find /i "Volume"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c powershell.exe "$p = 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList'; Get-ChildItem $p | ForEach-Object { $pi = (Get-ItemProperty """"$p\$($_.PSChildName)"""").ProfileImagePath; if ($pi -like '*\Users\*' -and (Test-Path """"$pi\NTUSER.DAT"""") -and -not ($_.PSChildName -match '\.bak$')) { Split-Path $_.PSPath -Leaf } }" 2>nul

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe "$p = 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList'; Get-ChildItem $p | ForEach-Object { $pi = (Get-ItemProperty """"$p\$($_.PSChildName)"""").ProfileImagePath; if ($pi -like '*\Users\*' -and (Test-Path """"$pi\NTUSER.DAT"""") -and -not ($_.PSChildName -match '\.bak$')) { Split-Path $_.PSPath -Leaf } }"

C:\Windows\System32\reg.exe

reg query HKU\S-1-5-21-2584844841-1405471295-1760131749-1000\Software

C:\Windows\System32\reg.exe

reg delete HKU\S-1-5-21-2584844841-1405471295-1760131749-1000\Software\Microsoft\Office\15.0\Common\Licensing /f

C:\Windows\System32\reg.exe

reg delete HKU\S-1-5-21-2584844841-1405471295-1760131749-1000\Software\Microsoft\Office\15.0\Common\Identity /f

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c "reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2584844841-1405471295-1760131749-1000" /v ProfileImagePath" 2>nul

C:\Windows\System32\reg.exe

reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2584844841-1405471295-1760131749-1000" /v ProfileImagePath

C:\Windows\System32\reg.exe

reg delete "HKLM\SOFTWARE\Microsoft\Office\15.0\Common\Licensing" /f

C:\Windows\System32\reg.exe

reg delete "HKLM\SOFTWARE\Microsoft\Office\15.0\Common\Licensing" /f /reg:32

C:\Windows\System32\reg.exe

reg delete "HKLM\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Licensing" /f

C:\Windows\System32\reg.exe

reg delete "HKLM\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Licensing" /f /reg:32

C:\Windows\System32\reg.exe

reg delete HKU\S-1-5-21-2584844841-1405471295-1760131749-1000\Software\Microsoft\Office\16.0\Common\Licensing /f

C:\Windows\System32\reg.exe

reg delete HKU\S-1-5-21-2584844841-1405471295-1760131749-1000\Software\Microsoft\Office\16.0\Common\Identity /f

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c "reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2584844841-1405471295-1760131749-1000" /v ProfileImagePath" 2>nul

C:\Windows\System32\reg.exe

reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2584844841-1405471295-1760131749-1000" /v ProfileImagePath

C:\Windows\System32\reg.exe

reg delete "HKLM\SOFTWARE\Microsoft\Office\16.0\Common\Licensing" /f

C:\Windows\System32\reg.exe

reg delete "HKLM\SOFTWARE\Microsoft\Office\16.0\Common\Licensing" /f /reg:32

C:\Windows\System32\reg.exe

reg delete "HKLM\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Licensing" /f

C:\Windows\System32\reg.exe

reg delete "HKLM\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Licensing" /f /reg:32

C:\Windows\System32\reg.exe

reg delete HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration /v SharedComputerLicensing /f

C:\Windows\System32\reg.exe

reg delete HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration /v SharedComputerLicensing /f /reg:32

C:\Windows\System32\reg.exe

reg delete HKLM\SOFTWARE\Microsoft\Office\15.0\ClickToRun\Configuration /v SharedComputerLicensing /f

C:\Windows\System32\reg.exe

reg delete HKLM\SOFTWARE\Microsoft\Office\15.0\ClickToRun\Configuration /v SharedComputerLicensing /f /reg:32

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c reg query "HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration" /f *.DeviceBasedLicensing 2>nul | findstr REG_

C:\Windows\System32\reg.exe

reg query "HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration" /f *.DeviceBasedLicensing

C:\Windows\System32\findstr.exe

findstr REG_

C:\Windows\System32\reg.exe

reg delete "HKLM\SOFTWARE\Microsoft\Office\15.0\Common\OEM" /f

C:\Windows\System32\reg.exe

reg delete "HKLM\SOFTWARE\Microsoft\Office\15.0\Common\OEM" /f /reg:32

C:\Windows\System32\reg.exe

reg delete "HKLM\SOFTWARE\Microsoft\Office\16.0\Common\OEM" /f

C:\Windows\System32\reg.exe

reg delete "HKLM\SOFTWARE\Microsoft\Office\16.0\Common\OEM" /f /reg:32

C:\Windows\System32\reg.exe

reg delete "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Policies\0ff1ce15-a989-479d-af46-f275c6370663" /f

C:\Windows\System32\reg.exe

reg delete "HKU\S-1-5-20\Software\Microsoft\OfficeSoftwareProtectionPlatform\Policies\0ff1ce15-a989-479d-af46-f275c6370663" /f

C:\Windows\System32\reg.exe

reg delete "HKU\S-1-5-20\Software\Microsoft\OfficeSoftwareProtectionPlatform\Policies\59a52881-a989-479d-af46-f275c6370663" /f

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c "reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" /v Default" 2>nul

C:\Windows\System32\reg.exe

reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" /v Default

C:\Windows\System32\reg.exe

reg load HKU\DEFTEMP-12688 "C:\Users\Default\NTUSER.DAT"

C:\Windows\System32\reg.exe

reg query HKU\DEFTEMP-12688\Software

C:\Windows\System32\reg.exe

reg add HKU\DEFTEMP-12688\Software\Microsoft\Office\16.0\Common\Licensing\Resiliency /v "TimeOfLastHeartbeatFailure" /t REG_SZ /d "2040-01-01T00:00:00Z" /f

C:\Windows\System32\reg.exe

reg unload HKU\DEFTEMP-12688

C:\Windows\System32\reg.exe

reg delete HKU\S-1-5-21-2584844841-1405471295-1760131749-1000\Software\Microsoft\Office\16.0\Common\Licensing\Resiliency /f

C:\Windows\System32\reg.exe

reg add HKU\S-1-5-21-2584844841-1405471295-1760131749-1000\Software\Microsoft\Office\16.0\Common\Licensing\Resiliency /v "TimeOfLastHeartbeatFailure" /t REG_SZ /d "2040-01-01T00:00:00Z" /f

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c "wmic path SoftwareLicensingProduct where (ApplicationID='0ff1ce15-a989-479d-af46-f275c6370663' and PartialProductKey is not null) get ID /VALUE" 2>nul

C:\Windows\System32\Wbem\WMIC.exe

wmic path SoftwareLicensingProduct where (ApplicationID='0ff1ce15-a989-479d-af46-f275c6370663' and PartialProductKey is not null) get ID /VALUE

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c powershell.exe "(Get-WmiObject -Query 'SELECT ID FROM SoftwareLicensingProduct WHERE ApplicationID=''0ff1ce15-a989-479d-af46-f275c6370663'' AND LicenseStatus=1 AND GracePeriodRemaining=0 AND PartialProductKey IS NOT NULL').ID" 2>nul

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe "(Get-WmiObject -Query 'SELECT ID FROM SoftwareLicensingProduct WHERE ApplicationID=''0ff1ce15-a989-479d-af46-f275c6370663'' AND LicenseStatus=1 AND GracePeriodRemaining=0 AND PartialProductKey IS NOT NULL').ID"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo " de52bd50-9564-4adc-8fcb-a345c17f84f9" "

C:\Windows\System32\find.exe

find /i "85dd8b5f-eaa4-4af3-a628-cce9e77c9a03"

C:\Windows\System32\Wbem\WMIC.exe

wmic path SoftwareLicensingProduct where ID='85dd8b5f-eaa4-4af3-a628-cce9e77c9a03' call UninstallProductKey

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo " de52bd50-9564-4adc-8fcb-a345c17f84f9" "

C:\Windows\System32\find.exe

find /i "de52bd50-9564-4adc-8fcb-a345c17f84f9"

C:\Windows\System32\mode.com

mode 76, 33

C:\Windows\System32\choice.exe

choice /C:123456789H0 /N

C:\Windows\System32\mode.com

mode 98, 30

C:\Windows\System32\cmd.exe

cmd /c "wmic path Win32_ComputerSystem get CreationClassName /value"

C:\Windows\System32\find.exe

find /i "computersystem"

C:\Windows\System32\Wbem\WMIC.exe

wmic path Win32_ComputerSystem get CreationClassName /value

C:\Windows\System32\sc.exe

sc start sppsvc

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe "$job = Start-Job { (Get-WmiObject -Query 'SELECT * FROM SoftwareLicensingService').Version }; if (-not (Wait-Job $job -Timeout 30)) {write-host 'sppsvc is not working correctly. Help - https://massgrave.dev/troubleshoot'}"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c ver

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c "wmic path SoftwareLicensingProduct where (ApplicationID='55c92734-d682-4d71-983e-d6ec3f16059f' AND LicenseDependsOn is NULL AND PartialProductKey IS NOT NULL) get LicenseFamily /VALUE" 2>nul

C:\Windows\System32\Wbem\WMIC.exe

wmic path SoftwareLicensingProduct where (ApplicationID='55c92734-d682-4d71-983e-d6ec3f16059f' AND LicenseDependsOn is NULL AND PartialProductKey IS NOT NULL) get LicenseFamily /VALUE

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c "reg query HKLM\SOFTWARE\Wow6432Node\Microsoft\Office\ClickToRun /v InstallPath" 2>nul

C:\Windows\System32\reg.exe

reg query HKLM\SOFTWARE\Wow6432Node\Microsoft\Office\ClickToRun /v InstallPath

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c "reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun /v InstallPath" 2>nul

C:\Windows\System32\reg.exe

reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun /v InstallPath

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c "reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun /v InstallPath" 2>nul

C:\Windows\System32\reg.exe

reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun /v InstallPath

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c "reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration /v Platform" 2>nul

C:\Windows\System32\reg.exe

reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration /v Platform

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c "reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration /v ClientFolder" 2>nul

C:\Windows\System32\reg.exe

reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration /v ClientFolder

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c "reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration /v AudienceId" 2>nul

C:\Windows\System32\reg.exe

reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration /v AudienceId

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c "reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration /v ClientCulture" 2>nul

C:\Windows\System32\reg.exe

reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration /v ClientCulture

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c "reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration /v ClientVersionToReport" 2>nul

C:\Windows\System32\reg.exe

reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration /v ClientVersionToReport

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c "reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration /v VersionToReport" 2>nul

C:\Windows\System32\reg.exe

reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration /v VersionToReport

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c "reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration /v AudienceData" 2>nul

C:\Windows\System32\reg.exe

reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration /v AudienceData

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c "reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun\ProductReleaseIDs /v ActiveConfiguration" 2>nul

C:\Windows\System32\reg.exe

reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun\ProductReleaseIDs /v ActiveConfiguration

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo "HKLM\SOFTWARE\Microsoft\Office\ClickToRun" "

C:\Windows\System32\find.exe

find /i "Wow6432Node"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c reg query "HKLM\SOFTWARE\Microsoft\Office\ClickToRun\ProductReleaseIDs\50013EA2-E284-4D73-9D7F-3962DA10F878" /f ".16" /k 2>nul | findstr /i "Retail Volume"

C:\Windows\System32\reg.exe

reg query "HKLM\SOFTWARE\Microsoft\Office\ClickToRun\ProductReleaseIDs\50013EA2-E284-4D73-9D7F-3962DA10F878" /f ".16" /k

C:\Windows\System32\findstr.exe

findstr /i "Retail Volume"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo 16.0.12527.20470 16.0.12527.20482 "

C:\Windows\System32\findstr.exe

findstr "16.0.103 16.0.104 16.0.105"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo 16.0.12527.20470 16.0.12527.20482 "

C:\Windows\System32\findstr.exe

findstr "16.0.14332"

C:\Windows\System32\mode.com

mode 76, 25

C:\Windows\System32\choice.exe

choice /C:123450 /N

C:\Windows\System32\mode.com

mode 76, 33

C:\Windows\System32\choice.exe

choice /C:123456789H0 /N

C:\Windows\System32\mode.com

mode 76, 25

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c tasklist | findstr /I ".exe" 2>nul

C:\Windows\System32\tasklist.exe

tasklist

C:\Windows\System32\findstr.exe

findstr /I ".exe"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo -smss.exe- -csrss.exe- -wininit.exe- -csrss.exe- -winlogon.exe- -services.exe- -lsass.exe- -svchost.exe- -fontdrvhost.exe- -fontdrvhost.exe- -svchost.exe- -svchost.exe- -dwm.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -spoolsv.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sysmon.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sihost.exe- -svchost.exe- -unsecapp.exe- -explorer.exe- -svchost.exe- -svchost.exe- -SearchHost.exe- -RuntimeBroker.exe- -RuntimeBroker.exe- -svchost.exe- -dllhost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -OfficeClickToRun.exe- -svchost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -chrome.exe- -powershell.exe- -conhost.exe- -cmd.exe- -conhost.exe- -powershell.exe- -cmd.exe- -WmiPrvSE.exe- -svchost.exe- -sppsvc.exe- -cmd.exe- -tasklist.exe- -findstr.exe- "

C:\Windows\System32\find.exe

find /i "-msaccess.exe-"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo -smss.exe- -csrss.exe- -wininit.exe- -csrss.exe- -winlogon.exe- -services.exe- -lsass.exe- -svchost.exe- -fontdrvhost.exe- -fontdrvhost.exe- -svchost.exe- -svchost.exe- -dwm.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -spoolsv.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sysmon.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sihost.exe- -svchost.exe- -unsecapp.exe- -explorer.exe- -svchost.exe- -svchost.exe- -SearchHost.exe- -RuntimeBroker.exe- -RuntimeBroker.exe- -svchost.exe- -dllhost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -OfficeClickToRun.exe- -svchost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -chrome.exe- -powershell.exe- -conhost.exe- -cmd.exe- -conhost.exe- -powershell.exe- -cmd.exe- -WmiPrvSE.exe- -svchost.exe- -sppsvc.exe- -cmd.exe- -tasklist.exe- -findstr.exe- "

C:\Windows\System32\find.exe

find /i "-excel.exe-"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo -smss.exe- -csrss.exe- -wininit.exe- -csrss.exe- -winlogon.exe- -services.exe- -lsass.exe- -svchost.exe- -fontdrvhost.exe- -fontdrvhost.exe- -svchost.exe- -svchost.exe- -dwm.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -spoolsv.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sysmon.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sihost.exe- -svchost.exe- -unsecapp.exe- -explorer.exe- -svchost.exe- -svchost.exe- -SearchHost.exe- -RuntimeBroker.exe- -RuntimeBroker.exe- -svchost.exe- -dllhost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -OfficeClickToRun.exe- -svchost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -chrome.exe- -powershell.exe- -conhost.exe- -cmd.exe- -conhost.exe- -powershell.exe- -cmd.exe- -WmiPrvSE.exe- -svchost.exe- -sppsvc.exe- -cmd.exe- -tasklist.exe- -findstr.exe- "

C:\Windows\System32\find.exe

find /i "-groove.exe-"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo -smss.exe- -csrss.exe- -wininit.exe- -csrss.exe- -winlogon.exe- -services.exe- -lsass.exe- -svchost.exe- -fontdrvhost.exe- -fontdrvhost.exe- -svchost.exe- -svchost.exe- -dwm.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -spoolsv.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sysmon.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sihost.exe- -svchost.exe- -unsecapp.exe- -explorer.exe- -svchost.exe- -svchost.exe- -SearchHost.exe- -RuntimeBroker.exe- -RuntimeBroker.exe- -svchost.exe- -dllhost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -OfficeClickToRun.exe- -svchost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -chrome.exe- -powershell.exe- -conhost.exe- -cmd.exe- -conhost.exe- -powershell.exe- -cmd.exe- -WmiPrvSE.exe- -svchost.exe- -sppsvc.exe- -cmd.exe- -tasklist.exe- -findstr.exe- "

C:\Windows\System32\find.exe

find /i "-lync.exe-"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo -smss.exe- -csrss.exe- -wininit.exe- -csrss.exe- -winlogon.exe- -services.exe- -lsass.exe- -svchost.exe- -fontdrvhost.exe- -fontdrvhost.exe- -svchost.exe- -svchost.exe- -dwm.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -spoolsv.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sysmon.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sihost.exe- -svchost.exe- -unsecapp.exe- -explorer.exe- -svchost.exe- -svchost.exe- -SearchHost.exe- -RuntimeBroker.exe- -RuntimeBroker.exe- -svchost.exe- -dllhost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -OfficeClickToRun.exe- -svchost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -chrome.exe- -powershell.exe- -conhost.exe- -cmd.exe- -conhost.exe- -powershell.exe- -cmd.exe- -WmiPrvSE.exe- -svchost.exe- -sppsvc.exe- -cmd.exe- -tasklist.exe- -findstr.exe- "

C:\Windows\System32\find.exe

find /i "-onenote.exe-"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo -smss.exe- -csrss.exe- -wininit.exe- -csrss.exe- -winlogon.exe- -services.exe- -lsass.exe- -svchost.exe- -fontdrvhost.exe- -fontdrvhost.exe- -svchost.exe- -svchost.exe- -dwm.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -spoolsv.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sysmon.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sihost.exe- -svchost.exe- -unsecapp.exe- -explorer.exe- -svchost.exe- -svchost.exe- -SearchHost.exe- -RuntimeBroker.exe- -RuntimeBroker.exe- -svchost.exe- -dllhost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -OfficeClickToRun.exe- -svchost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -chrome.exe- -powershell.exe- -conhost.exe- -cmd.exe- -conhost.exe- -powershell.exe- -cmd.exe- -WmiPrvSE.exe- -svchost.exe- -sppsvc.exe- -cmd.exe- -tasklist.exe- -findstr.exe- "

C:\Windows\System32\find.exe

find /i "-outlook.exe-"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo -smss.exe- -csrss.exe- -wininit.exe- -csrss.exe- -winlogon.exe- -services.exe- -lsass.exe- -svchost.exe- -fontdrvhost.exe- -fontdrvhost.exe- -svchost.exe- -svchost.exe- -dwm.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -spoolsv.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sysmon.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sihost.exe- -svchost.exe- -unsecapp.exe- -explorer.exe- -svchost.exe- -svchost.exe- -SearchHost.exe- -RuntimeBroker.exe- -RuntimeBroker.exe- -svchost.exe- -dllhost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -OfficeClickToRun.exe- -svchost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -chrome.exe- -powershell.exe- -conhost.exe- -cmd.exe- -conhost.exe- -powershell.exe- -cmd.exe- -WmiPrvSE.exe- -svchost.exe- -sppsvc.exe- -cmd.exe- -tasklist.exe- -findstr.exe- "

C:\Windows\System32\find.exe

find /i "-powerpnt.exe-"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo -smss.exe- -csrss.exe- -wininit.exe- -csrss.exe- -winlogon.exe- -services.exe- -lsass.exe- -svchost.exe- -fontdrvhost.exe- -fontdrvhost.exe- -svchost.exe- -svchost.exe- -dwm.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -spoolsv.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sysmon.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sihost.exe- -svchost.exe- -unsecapp.exe- -explorer.exe- -svchost.exe- -svchost.exe- -SearchHost.exe- -RuntimeBroker.exe- -RuntimeBroker.exe- -svchost.exe- -dllhost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -OfficeClickToRun.exe- -svchost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -chrome.exe- -powershell.exe- -conhost.exe- -cmd.exe- -conhost.exe- -powershell.exe- -cmd.exe- -WmiPrvSE.exe- -svchost.exe- -sppsvc.exe- -cmd.exe- -tasklist.exe- -findstr.exe- "

C:\Windows\System32\find.exe

find /i "-winproj.exe-"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo -smss.exe- -csrss.exe- -wininit.exe- -csrss.exe- -winlogon.exe- -services.exe- -lsass.exe- -svchost.exe- -fontdrvhost.exe- -fontdrvhost.exe- -svchost.exe- -svchost.exe- -dwm.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -spoolsv.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sysmon.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sihost.exe- -svchost.exe- -unsecapp.exe- -explorer.exe- -svchost.exe- -svchost.exe- -SearchHost.exe- -RuntimeBroker.exe- -RuntimeBroker.exe- -svchost.exe- -dllhost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -OfficeClickToRun.exe- -svchost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -chrome.exe- -powershell.exe- -conhost.exe- -cmd.exe- -conhost.exe- -powershell.exe- -cmd.exe- -WmiPrvSE.exe- -svchost.exe- -sppsvc.exe- -cmd.exe- -tasklist.exe- -findstr.exe- "

C:\Windows\System32\find.exe

find /i "-mspub.exe-"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo -smss.exe- -csrss.exe- -wininit.exe- -csrss.exe- -winlogon.exe- -services.exe- -lsass.exe- -svchost.exe- -fontdrvhost.exe- -fontdrvhost.exe- -svchost.exe- -svchost.exe- -dwm.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -spoolsv.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sysmon.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sihost.exe- -svchost.exe- -unsecapp.exe- -explorer.exe- -svchost.exe- -svchost.exe- -SearchHost.exe- -RuntimeBroker.exe- -RuntimeBroker.exe- -svchost.exe- -dllhost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -OfficeClickToRun.exe- -svchost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -chrome.exe- -powershell.exe- -conhost.exe- -cmd.exe- -conhost.exe- -powershell.exe- -cmd.exe- -WmiPrvSE.exe- -svchost.exe- -sppsvc.exe- -cmd.exe- -tasklist.exe- -findstr.exe- "

C:\Windows\System32\find.exe

find /i "-visio.exe-"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo -smss.exe- -csrss.exe- -wininit.exe- -csrss.exe- -winlogon.exe- -services.exe- -lsass.exe- -svchost.exe- -fontdrvhost.exe- -fontdrvhost.exe- -svchost.exe- -svchost.exe- -dwm.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -spoolsv.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sysmon.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sihost.exe- -svchost.exe- -unsecapp.exe- -explorer.exe- -svchost.exe- -svchost.exe- -SearchHost.exe- -RuntimeBroker.exe- -RuntimeBroker.exe- -svchost.exe- -dllhost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -OfficeClickToRun.exe- -svchost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -chrome.exe- -powershell.exe- -conhost.exe- -cmd.exe- -conhost.exe- -powershell.exe- -cmd.exe- -WmiPrvSE.exe- -svchost.exe- -sppsvc.exe- -cmd.exe- -tasklist.exe- -findstr.exe- "

C:\Windows\System32\find.exe

find /i "-winword.exe-"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo -smss.exe- -csrss.exe- -wininit.exe- -csrss.exe- -winlogon.exe- -services.exe- -lsass.exe- -svchost.exe- -fontdrvhost.exe- -fontdrvhost.exe- -svchost.exe- -svchost.exe- -dwm.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -spoolsv.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sysmon.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sihost.exe- -svchost.exe- -unsecapp.exe- -explorer.exe- -svchost.exe- -svchost.exe- -SearchHost.exe- -RuntimeBroker.exe- -RuntimeBroker.exe- -svchost.exe- -dllhost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -OfficeClickToRun.exe- -svchost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -chrome.exe- -powershell.exe- -conhost.exe- -cmd.exe- -conhost.exe- -powershell.exe- -cmd.exe- -WmiPrvSE.exe- -svchost.exe- -sppsvc.exe- -cmd.exe- -tasklist.exe- -findstr.exe- "

C:\Windows\System32\find.exe

find /i "-lime.exe-"

C:\Windows\System32\choice.exe

choice /C:1230 /N

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://massgrave.dev/genuine-installation-media

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb4e193cb8,0x7ffb4e193cc8,0x7ffb4e193cd8

C:\Windows\System32\mode.com

mode 76, 25

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c tasklist | findstr /I ".exe" 2>nul

C:\Windows\System32\tasklist.exe

tasklist

C:\Windows\System32\findstr.exe

findstr /I ".exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,7219532480772302226,7259413889571951952,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1904 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,7219532480772302226,7259413889571951952,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,7219532480772302226,7259413889571951952,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7219532480772302226,7259413889571951952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7219532480772302226,7259413889571951952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo -smss.exe- -csrss.exe- -wininit.exe- -csrss.exe- -winlogon.exe- -services.exe- -lsass.exe- -svchost.exe- -fontdrvhost.exe- -fontdrvhost.exe- -svchost.exe- -svchost.exe- -dwm.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -spoolsv.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sysmon.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sihost.exe- -svchost.exe- -unsecapp.exe- -explorer.exe- -svchost.exe- -svchost.exe- -SearchHost.exe- -RuntimeBroker.exe- -RuntimeBroker.exe- -svchost.exe- -dllhost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -OfficeClickToRun.exe- -svchost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -chrome.exe- -powershell.exe- -conhost.exe- -cmd.exe- -conhost.exe- -powershell.exe- -cmd.exe- -WmiPrvSE.exe- -svchost.exe- -sppsvc.exe- -msedge.exe- -msedge.exe- -cmd.exe- -tasklist.exe- -findstr.exe- "

C:\Windows\System32\find.exe

find /i "-msaccess.exe-"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo -smss.exe- -csrss.exe- -wininit.exe- -csrss.exe- -winlogon.exe- -services.exe- -lsass.exe- -svchost.exe- -fontdrvhost.exe- -fontdrvhost.exe- -svchost.exe- -svchost.exe- -dwm.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -spoolsv.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sysmon.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sihost.exe- -svchost.exe- -unsecapp.exe- -explorer.exe- -svchost.exe- -svchost.exe- -SearchHost.exe- -RuntimeBroker.exe- -RuntimeBroker.exe- -svchost.exe- -dllhost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -OfficeClickToRun.exe- -svchost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -chrome.exe- -powershell.exe- -conhost.exe- -cmd.exe- -conhost.exe- -powershell.exe- -cmd.exe- -WmiPrvSE.exe- -svchost.exe- -sppsvc.exe- -msedge.exe- -msedge.exe- -cmd.exe- -tasklist.exe- -findstr.exe- "

C:\Windows\System32\find.exe

find /i "-excel.exe-"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo -smss.exe- -csrss.exe- -wininit.exe- -csrss.exe- -winlogon.exe- -services.exe- -lsass.exe- -svchost.exe- -fontdrvhost.exe- -fontdrvhost.exe- -svchost.exe- -svchost.exe- -dwm.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -spoolsv.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sysmon.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sihost.exe- -svchost.exe- -unsecapp.exe- -explorer.exe- -svchost.exe- -svchost.exe- -SearchHost.exe- -RuntimeBroker.exe- -RuntimeBroker.exe- -svchost.exe- -dllhost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -OfficeClickToRun.exe- -svchost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -chrome.exe- -powershell.exe- -conhost.exe- -cmd.exe- -conhost.exe- -powershell.exe- -cmd.exe- -WmiPrvSE.exe- -svchost.exe- -sppsvc.exe- -msedge.exe- -msedge.exe- -cmd.exe- -tasklist.exe- -findstr.exe- "

C:\Windows\System32\find.exe

find /i "-groove.exe-"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo -smss.exe- -csrss.exe- -wininit.exe- -csrss.exe- -winlogon.exe- -services.exe- -lsass.exe- -svchost.exe- -fontdrvhost.exe- -fontdrvhost.exe- -svchost.exe- -svchost.exe- -dwm.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -spoolsv.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sysmon.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sihost.exe- -svchost.exe- -unsecapp.exe- -explorer.exe- -svchost.exe- -svchost.exe- -SearchHost.exe- -RuntimeBroker.exe- -RuntimeBroker.exe- -svchost.exe- -dllhost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -OfficeClickToRun.exe- -svchost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -chrome.exe- -powershell.exe- -conhost.exe- -cmd.exe- -conhost.exe- -powershell.exe- -cmd.exe- -WmiPrvSE.exe- -svchost.exe- -sppsvc.exe- -msedge.exe- -msedge.exe- -cmd.exe- -tasklist.exe- -findstr.exe- "

C:\Windows\System32\find.exe

find /i "-lync.exe-"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo -smss.exe- -csrss.exe- -wininit.exe- -csrss.exe- -winlogon.exe- -services.exe- -lsass.exe- -svchost.exe- -fontdrvhost.exe- -fontdrvhost.exe- -svchost.exe- -svchost.exe- -dwm.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -spoolsv.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sysmon.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sihost.exe- -svchost.exe- -unsecapp.exe- -explorer.exe- -svchost.exe- -svchost.exe- -SearchHost.exe- -RuntimeBroker.exe- -RuntimeBroker.exe- -svchost.exe- -dllhost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -OfficeClickToRun.exe- -svchost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -chrome.exe- -powershell.exe- -conhost.exe- -cmd.exe- -conhost.exe- -powershell.exe- -cmd.exe- -WmiPrvSE.exe- -svchost.exe- -sppsvc.exe- -msedge.exe- -msedge.exe- -cmd.exe- -tasklist.exe- -findstr.exe- "

C:\Windows\System32\find.exe

find /i "-onenote.exe-"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo -smss.exe- -csrss.exe- -wininit.exe- -csrss.exe- -winlogon.exe- -services.exe- -lsass.exe- -svchost.exe- -fontdrvhost.exe- -fontdrvhost.exe- -svchost.exe- -svchost.exe- -dwm.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -spoolsv.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sysmon.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sihost.exe- -svchost.exe- -unsecapp.exe- -explorer.exe- -svchost.exe- -svchost.exe- -SearchHost.exe- -RuntimeBroker.exe- -RuntimeBroker.exe- -svchost.exe- -dllhost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -OfficeClickToRun.exe- -svchost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -chrome.exe- -powershell.exe- -conhost.exe- -cmd.exe- -conhost.exe- -powershell.exe- -cmd.exe- -WmiPrvSE.exe- -svchost.exe- -sppsvc.exe- -msedge.exe- -msedge.exe- -cmd.exe- -tasklist.exe- -findstr.exe- "

C:\Windows\System32\find.exe

find /i "-outlook.exe-"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo -smss.exe- -csrss.exe- -wininit.exe- -csrss.exe- -winlogon.exe- -services.exe- -lsass.exe- -svchost.exe- -fontdrvhost.exe- -fontdrvhost.exe- -svchost.exe- -svchost.exe- -dwm.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -spoolsv.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sysmon.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sihost.exe- -svchost.exe- -unsecapp.exe- -explorer.exe- -svchost.exe- -svchost.exe- -SearchHost.exe- -RuntimeBroker.exe- -RuntimeBroker.exe- -svchost.exe- -dllhost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -OfficeClickToRun.exe- -svchost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -chrome.exe- -powershell.exe- -conhost.exe- -cmd.exe- -conhost.exe- -powershell.exe- -cmd.exe- -WmiPrvSE.exe- -svchost.exe- -sppsvc.exe- -msedge.exe- -msedge.exe- -cmd.exe- -tasklist.exe- -findstr.exe- "

C:\Windows\System32\find.exe

find /i "-powerpnt.exe-"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo -smss.exe- -csrss.exe- -wininit.exe- -csrss.exe- -winlogon.exe- -services.exe- -lsass.exe- -svchost.exe- -fontdrvhost.exe- -fontdrvhost.exe- -svchost.exe- -svchost.exe- -dwm.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -spoolsv.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sysmon.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sihost.exe- -svchost.exe- -unsecapp.exe- -explorer.exe- -svchost.exe- -svchost.exe- -SearchHost.exe- -RuntimeBroker.exe- -RuntimeBroker.exe- -svchost.exe- -dllhost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -OfficeClickToRun.exe- -svchost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -chrome.exe- -powershell.exe- -conhost.exe- -cmd.exe- -conhost.exe- -powershell.exe- -cmd.exe- -WmiPrvSE.exe- -svchost.exe- -sppsvc.exe- -msedge.exe- -msedge.exe- -cmd.exe- -tasklist.exe- -findstr.exe- "

C:\Windows\System32\find.exe

find /i "-winproj.exe-"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo -smss.exe- -csrss.exe- -wininit.exe- -csrss.exe- -winlogon.exe- -services.exe- -lsass.exe- -svchost.exe- -fontdrvhost.exe- -fontdrvhost.exe- -svchost.exe- -svchost.exe- -dwm.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -spoolsv.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sysmon.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sihost.exe- -svchost.exe- -unsecapp.exe- -explorer.exe- -svchost.exe- -svchost.exe- -SearchHost.exe- -RuntimeBroker.exe- -RuntimeBroker.exe- -svchost.exe- -dllhost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -OfficeClickToRun.exe- -svchost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -chrome.exe- -powershell.exe- -conhost.exe- -cmd.exe- -conhost.exe- -powershell.exe- -cmd.exe- -WmiPrvSE.exe- -svchost.exe- -sppsvc.exe- -msedge.exe- -msedge.exe- -cmd.exe- -tasklist.exe- -findstr.exe- "

C:\Windows\System32\find.exe

find /i "-mspub.exe-"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo -smss.exe- -csrss.exe- -wininit.exe- -csrss.exe- -winlogon.exe- -services.exe- -lsass.exe- -svchost.exe- -fontdrvhost.exe- -fontdrvhost.exe- -svchost.exe- -svchost.exe- -dwm.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -spoolsv.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sysmon.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sihost.exe- -svchost.exe- -unsecapp.exe- -explorer.exe- -svchost.exe- -svchost.exe- -SearchHost.exe- -RuntimeBroker.exe- -RuntimeBroker.exe- -svchost.exe- -dllhost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -OfficeClickToRun.exe- -svchost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -chrome.exe- -powershell.exe- -conhost.exe- -cmd.exe- -conhost.exe- -powershell.exe- -cmd.exe- -WmiPrvSE.exe- -svchost.exe- -sppsvc.exe- -msedge.exe- -msedge.exe- -cmd.exe- -tasklist.exe- -findstr.exe- "

C:\Windows\System32\find.exe

find /i "-visio.exe-"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo -smss.exe- -csrss.exe- -wininit.exe- -csrss.exe- -winlogon.exe- -services.exe- -lsass.exe- -svchost.exe- -fontdrvhost.exe- -fontdrvhost.exe- -svchost.exe- -svchost.exe- -dwm.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -spoolsv.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sysmon.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sihost.exe- -svchost.exe- -unsecapp.exe- -explorer.exe- -svchost.exe- -svchost.exe- -SearchHost.exe- -RuntimeBroker.exe- -RuntimeBroker.exe- -svchost.exe- -dllhost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -OfficeClickToRun.exe- -svchost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -chrome.exe- -powershell.exe- -conhost.exe- -cmd.exe- -conhost.exe- -powershell.exe- -cmd.exe- -WmiPrvSE.exe- -svchost.exe- -sppsvc.exe- -msedge.exe- -msedge.exe- -cmd.exe- -tasklist.exe- -findstr.exe- "

C:\Windows\System32\find.exe

find /i "-winword.exe-"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo -smss.exe- -csrss.exe- -wininit.exe- -csrss.exe- -winlogon.exe- -services.exe- -lsass.exe- -svchost.exe- -fontdrvhost.exe- -fontdrvhost.exe- -svchost.exe- -svchost.exe- -dwm.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -spoolsv.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sysmon.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sihost.exe- -svchost.exe- -unsecapp.exe- -explorer.exe- -svchost.exe- -svchost.exe- -SearchHost.exe- -RuntimeBroker.exe- -RuntimeBroker.exe- -svchost.exe- -dllhost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -OfficeClickToRun.exe- -svchost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -chrome.exe- -powershell.exe- -conhost.exe- -cmd.exe- -conhost.exe- -powershell.exe- -cmd.exe- -WmiPrvSE.exe- -svchost.exe- -sppsvc.exe- -msedge.exe- -msedge.exe- -cmd.exe- -tasklist.exe- -findstr.exe- "

C:\Windows\System32\find.exe

find /i "-lime.exe-"

C:\Windows\System32\choice.exe

choice /C:1230 /N

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,7219532480772302226,7259413889571951952,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5060 /prefetch:8

C:\Windows\System32\mode.com

mode 76, 33

C:\Windows\System32\choice.exe

choice /C:123456789H0 /N

C:\Windows\System32\mode.com

mode 76, 30

C:\Windows\System32\choice.exe

choice /C:120 /N

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://massgrave.dev/genuine-installation-media

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb4e193cb8,0x7ffb4e193cc8,0x7ffb4e193cd8

C:\Windows\System32\mode.com

mode 76, 30

C:\Windows\System32\choice.exe

choice /C:120 /N

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,3940758165821791225,7323429078584335435,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1892 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,3940758165821791225,7323429078584335435,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,3940758165821791225,7323429078584335435,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3940758165821791225,7323429078584335435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3940758165821791225,7323429078584335435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,3940758165821791225,7323429078584335435,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5044 /prefetch:8

C:\Windows\System32\mode.com

mode 76, 33

C:\Windows\System32\choice.exe

choice /C:123456789H0 /N

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb4e4acc40,0x7ffb4e4acc4c,0x7ffb4e4acc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1952,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=1948 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1776,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=2016 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2228,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=1700 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=3124 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3144,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=3172 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3592,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=4424 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4592,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=4584 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4712,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=4720 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4692,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=4684 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4924,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=4952 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4972,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=4968 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4888,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=4884 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4576,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=5144 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5064,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=4920 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5240,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=5084 /prefetch:2

C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level

C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x258,0x25c,0x260,0x234,0x264,0x7ff670c04698,0x7ff670c046a4,0x7ff670c046b0

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4788,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=4832 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=3112,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=3372 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=3152,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=4572 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5484,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=4724 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5160,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=4564 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=4960,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=5600 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5728,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=5744 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5880,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=5628 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5900,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=6024 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=6164,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=6328 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=6264,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=6332 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=6176,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=6236 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=6464,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=6616 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=6760,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=6792 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=6512,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=6932 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=7096,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=7052 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=7228,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=7112 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=7068,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=7368 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=7380,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=7356 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=7648,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=7512 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=7536,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=7684 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=7668,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=7832 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=7808,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=8088 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=8096,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=8232 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=8240,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=8264 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=8408,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=8508 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=8536,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=8652 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=8784,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=8804 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=8808,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=8844 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=8852,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=9092 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=9080,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=9220 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --field-trial-handle=9388,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=9116 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --field-trial-handle=9520,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=9272 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --field-trial-handle=9564,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=9672 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --field-trial-handle=9820,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=9664 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --field-trial-handle=9828,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=9968 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --field-trial-handle=9988,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=10120 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --field-trial-handle=9992,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=10268 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --field-trial-handle=10552,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=8540 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --field-trial-handle=10624,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=10648 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --field-trial-handle=10388,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=10296 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --field-trial-handle=9252,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=9248 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --field-trial-handle=10908,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=10948 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --field-trial-handle=10004,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=11052 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --field-trial-handle=11244,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=11228 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --field-trial-handle=11344,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=10244 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --field-trial-handle=11488,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=11452 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --field-trial-handle=11604,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=11624 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --field-trial-handle=11456,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=11752 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --field-trial-handle=11932,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=11940 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --field-trial-handle=12060,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=12088 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --field-trial-handle=12220,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=12240 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --field-trial-handle=12324,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=12340 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --field-trial-handle=11888,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=12524 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --field-trial-handle=3700,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=6288 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --field-trial-handle=12480,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=12644 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=12876,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=12864 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004B4 0x00000000000004D0

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --field-trial-handle=12092,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=12076 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --field-trial-handle=12204,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=12196 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --field-trial-handle=12136,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=12148 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --field-trial-handle=5996,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=8048 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --field-trial-handle=11104,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=11160 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --field-trial-handle=9632,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=5256 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --field-trial-handle=9236,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=7984 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=11464,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=12584 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --field-trial-handle=9312,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=9372 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --field-trial-handle=9232,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=12620 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --field-trial-handle=12192,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=11000 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=8212,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=5968 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=8036,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=7284 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --field-trial-handle=12472,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=12072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --field-trial-handle=5260,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=5092 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --field-trial-handle=12168,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=8412 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=10472,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=9316 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=9956,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=5028 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --field-trial-handle=8712,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=9608 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --field-trial-handle=10936,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=12584 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=10792,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=8744 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --field-trial-handle=1476,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=8744 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --field-trial-handle=7788,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=5944 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --field-trial-handle=6292,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=6064 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --field-trial-handle=5668,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=5652 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --field-trial-handle=12268,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=9860 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --field-trial-handle=12376,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=12232 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --field-trial-handle=7572,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=7596 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --field-trial-handle=5496,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=9664 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --field-trial-handle=5552,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=11920 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --field-trial-handle=12300,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=3260 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --field-trial-handle=5572,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=12652 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --field-trial-handle=11892,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=11944 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --field-trial-handle=12644,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=11576 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --field-trial-handle=7420,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=3780 /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\OutMerge.bat" "

Network

Country Destination Domain Proto
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
GB 142.250.187.202:443 ogads-pa.googleapis.com tcp
GB 142.250.187.238:443 apis.google.com tcp
GB 142.250.187.202:443 ogads-pa.googleapis.com udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
GB 142.250.200.46:443 play.google.com tcp
GB 216.58.204.78:443 chrome.google.com tcp
N/A 224.0.0.251:5353 udp
GB 216.58.212.193:443 clients2.googleusercontent.com tcp
GB 216.58.204.78:443 chrome.google.com tcp
GB 2.18.66.43:443 tcp
GB 2.18.66.43:443 tcp
GB 92.123.128.179:443 www.bing.com tcp
GB 92.123.128.179:443 www.bing.com tcp
GB 92.123.128.179:443 www.bing.com tcp
GB 92.123.128.179:443 www.bing.com tcp
GB 92.123.128.179:443 www.bing.com tcp
GB 92.123.128.179:443 www.bing.com tcp
US 20.189.173.16:443 browser.pipe.aria.microsoft.com tcp
GB 92.123.128.174:443 www.bing.com tcp
US 104.21.22.3:443 massgrave.dev tcp
US 104.21.24.156:443 git.activated.win tcp
US 104.21.22.3:443 massgrave.dev tcp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
US 104.21.22.3:443 massgrave.dev tcp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.180.4:443 www.google.com udp
GB 142.250.178.10:443 ogads-pa.googleapis.com udp
GB 142.250.178.10:443 ogads-pa.googleapis.com tcp
US 8.8.8.8:53 4.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
GB 142.250.200.46:443 consent.google.com udp
GB 142.250.178.14:443 clients2.google.com udp
GB 216.58.212.193:443 clients2.googleusercontent.com udp
US 8.8.8.8:53 2.213.58.216.in-addr.arpa udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 142.250.178.10:443 ogads-pa.googleapis.com tcp
GB 142.250.178.10:443 ogads-pa.googleapis.com udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 142.250.200.46:443 consent.google.com tcp
GB 142.250.200.46:443 consent.google.com udp
US 8.8.8.8:53 api.whatismyip.com udp
US 104.27.206.92:443 cf.whatismyip.com tcp
US 104.27.206.92:443 cf.whatismyip.com tcp
US 34.117.39.86:443 api.whatismyip.com tcp
FR 18.245.175.17:443 global.proper.io tcp
US 104.27.206.92:443 cf.whatismyip.com udp
US 8.8.8.8:53 92.206.27.104.in-addr.arpa udp
US 8.8.8.8:53 232.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 86.39.117.34.in-addr.arpa udp
US 8.8.8.8:53 17.175.245.18.in-addr.arpa udp
FR 52.222.169.13:443 widget.sellwild.com tcp
DE 18.155.145.44:443 live.primis.tech tcp
US 104.27.207.92:443 cf.whatismyip.com tcp
US 104.17.248.203:443 unpkg.com tcp
US 13.107.253.65:443 www.clarity.ms tcp
US 8.8.8.8:53 cache.sellwild.com udp
BE 142.250.110.156:443 stats.g.doubleclick.net tcp
GB 172.217.169.3:443 www.google.co.uk tcp
US 216.239.34.36:443 region1.analytics.google.com tcp
FR 18.245.175.17:443 global.proper.io tcp
FR 18.155.129.13:443 cache.sellwild.com tcp
FR 18.155.129.13:443 cache.sellwild.com tcp
US 104.22.4.69:443 a.ad.gt tcp
GB 172.217.16.226:443 securepubads.g.doubleclick.net tcp
IE 13.74.129.1:443 c.clarity.ms tcp
FR 18.244.28.126:443 abcheck.proper.io tcp
FR 18.244.28.126:443 abcheck.proper.io tcp
US 13.107.21.237:443 c.bing.com tcp
GB 172.217.16.226:443 securepubads.g.doubleclick.net udp
DE 91.228.74.200:443 secure.quantserve.com tcp
US 172.64.154.78:443 static.vidazoo.com tcp
US 44.242.127.23:443 bids.proper.io tcp
US 104.22.74.216:443 btloader.com tcp
US 4.153.129.168:443 b.clarity.ms tcp
GB 216.58.204.78:443 fundingchoicesmessages.google.com tcp
FR 18.244.28.79:443 rules.quantcount.com tcp
US 104.26.3.70:443 ad-delivery.net tcp
US 104.26.3.70:443 ad-delivery.net tcp
US 130.211.23.194:443 api.btloader.com tcp
US 130.211.23.194:443 api.btloader.com tcp
GB 216.58.204.78:443 fundingchoicesmessages.google.com udp
GB 142.250.187.225:443 lh3.googleusercontent.com tcp
US 8.8.8.8:53 92.207.27.104.in-addr.arpa udp
US 8.8.8.8:53 203.248.17.104.in-addr.arpa udp
US 8.8.8.8:53 65.253.107.13.in-addr.arpa udp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 156.110.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 13.129.155.18.in-addr.arpa udp
US 8.8.8.8:53 69.4.22.104.in-addr.arpa udp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 1.129.74.13.in-addr.arpa udp
US 8.8.8.8:53 126.28.244.18.in-addr.arpa udp
GB 216.58.204.78:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 78.154.64.172.in-addr.arpa udp
US 8.8.8.8:53 216.74.22.104.in-addr.arpa udp
US 8.8.8.8:53 200.74.228.91.in-addr.arpa udp
US 8.8.8.8:53 168.129.153.4.in-addr.arpa udp
US 8.8.8.8:53 70.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 79.28.244.18.in-addr.arpa udp
US 8.8.8.8:53 23.127.242.44.in-addr.arpa udp
US 8.8.8.8:53 70.3.26.104.in-addr.arpa udp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
IE 54.229.42.39:443 ce.lijit.com tcp
GB 87.248.114.12:443 ups.analytics.yahoo.com tcp
DE 18.155.145.44:443 live.primis.tech udp
FR 18.245.194.122:443 c.amazon-adsystem.com tcp
FR 18.245.194.122:443 c.amazon-adsystem.com tcp
FR 3.165.113.121:443 player.propervideo.io tcp
US 172.64.154.78:443 static.vidazoo.com tcp
GB 2.22.249.19:443 pxdrop.lijit.com tcp
NL 35.214.136.108:443 x.bidswitch.net tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 18.233.249.147:443 reachms.bfmio.com tcp
FR 18.244.28.86:443 hb.yellowblue.io tcp
US 69.166.1.32:443 apex.go.sonobi.com tcp
US 69.166.1.32:443 apex.go.sonobi.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
US 8.8.8.8:53 fastlane.rubiconproject.com udp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
US 8.8.8.8:53 ap.lijit.com udp
US 8.8.8.8:53 ssc.33across.com udp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 35.186.253.211:443 rtb.openx.net tcp
DE 37.252.171.21:443 ib.adnxs.com tcp
DE 37.252.171.21:443 ib.adnxs.com tcp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
DE 18.159.212.21:443 btlr.sharethrough.com tcp
DE 18.159.212.21:443 btlr.sharethrough.com tcp
FR 52.84.174.40:443 config.aps.amazon-adsystem.com tcp
US 89.187.176.167:443 ssc.33across.com tcp
US 89.187.176.167:443 ssc.33across.com tcp
US 89.187.176.167:443 ssc.33across.com tcp
DE 18.157.230.4:443 tlx.3lift.com tcp
US 161.35.253.186:443 prebid.cootlogix.com tcp
US 161.35.253.186:443 prebid.cootlogix.com tcp
US 161.35.253.186:443 prebid.cootlogix.com tcp
US 34.120.63.153:443 prebid.media.net tcp
IE 52.208.154.107:443 ap.lijit.com tcp
IE 52.211.233.195:443 g2.gumgum.com tcp
IE 52.211.233.195:443 g2.gumgum.com tcp
IE 52.211.233.195:443 g2.gumgum.com tcp
IE 52.211.233.195:443 g2.gumgum.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
US 172.64.151.101:443 htlb.casalemedia.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
NL 35.214.136.108:443 x.bidswitch.net udp
US 52.25.90.190:443 usync.proper.io tcp
FR 52.222.159.154:443 aax.amazon-adsystem.com tcp
FR 52.222.159.154:443 aax.amazon-adsystem.com tcp
US 52.25.90.190:443 usync.proper.io tcp
GB 2.22.249.19:443 pxdrop.lijit.com tcp
US 8.8.8.8:53 api.intentiq.com udp
US 8.8.8.8:53 sync.intentiq.com udp
GB 3.162.20.127:443 cdn.browsiprod.com tcp
GB 104.78.175.230:443 secure.cdn.fastclick.net tcp
FR 172.234.57.28:443 aps.zqtk.net tcp
US 104.22.52.86:443 cdn.id5-sync.com tcp
FR 18.155.129.56:443 tags.crwdcntrl.net tcp
GB 216.58.212.193:443 13778806bcf109121abab5b7588f5a04.safeframe.googlesyndication.com tcp
US 45.77.157.114:443 wserver.vidazoo.com tcp
US 104.22.53.173:443 cdn.hadronid.net tcp
FR 13.249.9.80:443 sync.intentiq.com tcp
FR 99.86.91.52:443 api.intentiq.com tcp
GB 142.250.200.33:443 ep2.adtrafficquality.google tcp
US 44.225.22.39:443 events.browsiprod.com tcp
US 172.67.23.234:443 id.hadron.ad.gt tcp
FR 3.162.38.114:443 yield-manager.browsiprod.com tcp
US 18.211.222.87:443 cs-server-s2s.yellowblue.io tcp
US 8.8.8.8:53 mb9eo.publishers.tremorhub.com udp
US 8.8.8.8:53 cs.media.net udp
US 8.8.8.8:53 video.primis.tech udp
US 8.8.8.8:53 ads.stickyadstv.com udp
US 34.98.64.218:443 u.openx.net tcp
GB 2.23.204.244:443 ads.pubmatic.com tcp
US 35.71.131.137:443 match.adsrvr.org tcp
IE 18.202.187.23:443 bcp.crwdcntrl.net tcp
US 76.223.111.18:443 eb2.3lift.com tcp
GB 142.250.187.194:443 pubads.g.doubleclick.net tcp
GB 2.23.220.28:443 cs.media.net tcp
US 3.165.148.106:443 video.primis.tech tcp
FR 154.54.250.81:443 ads.stickyadstv.com tcp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
GB 142.250.187.194:443 pubads.g.doubleclick.net udp
NL 35.214.175.96:443 csync.loopme.me tcp
FR 3.165.136.123:443 sync-gdpr.intentiq.com tcp
US 34.98.64.218:443 u.openx.net udp
US 104.18.36.155:443 htlb.casalemedia.com udp
FR 3.165.136.123:443 sync-gdpr.intentiq.com tcp
IE 52.95.122.74:443 aax-eu.amazon-adsystem.com tcp
US 80.77.87.163:443 cs.admanmedia.com tcp
US 167.172.230.145:443 ads.bidstreamserver.com tcp
US 167.172.230.145:443 ads.bidstreamserver.com tcp
US 34.238.78.119:443 mb9eo.publishers.tremorhub.com tcp
GB 142.250.179.225:443 tpc.googlesyndication.com tcp
GB 142.250.179.225:443 tpc.googlesyndication.com tcp
GB 18.172.88.52:443 rtb.primis.tech tcp
GB 216.58.212.226:443 cm.g.doubleclick.net tcp
US 8.8.8.8:53 ad.360yield.com udp
US 18.217.92.0:443 amspbs.com tcp
US 18.217.92.0:443 amspbs.com tcp
NL 89.149.193.96:443 prg.smartadserver.com tcp
NL 89.149.193.96:443 prg.smartadserver.com tcp
NL 89.149.193.96:443 prg.smartadserver.com tcp
NL 89.149.193.96:443 prg.smartadserver.com tcp
DE 51.89.9.251:443 onetag-sys.com tcp
NL 35.214.175.96:443 csync.loopme.me tcp
US 8.8.8.8:53 123.136.165.3.in-addr.arpa udp
US 8.8.8.8:53 77.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 211.253.186.35.in-addr.arpa udp
US 8.8.8.8:53 86.28.244.18.in-addr.arpa udp
US 8.8.8.8:53 115.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 21.171.252.37.in-addr.arpa udp
US 8.8.8.8:53 40.174.84.52.in-addr.arpa udp
US 8.8.8.8:53 153.63.120.34.in-addr.arpa udp
US 8.8.8.8:53 101.151.64.172.in-addr.arpa udp
US 8.8.8.8:53 21.212.159.18.in-addr.arpa udp
US 8.8.8.8:53 4.230.157.18.in-addr.arpa udp
US 8.8.8.8:53 139.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 195.233.211.52.in-addr.arpa udp
US 8.8.8.8:53 107.154.208.52.in-addr.arpa udp
US 8.8.8.8:53 32.1.166.69.in-addr.arpa udp
US 8.8.8.8:53 147.249.233.18.in-addr.arpa udp
US 8.8.8.8:53 186.253.35.161.in-addr.arpa udp
US 8.8.8.8:53 167.176.187.89.in-addr.arpa udp
US 8.8.8.8:53 2.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 230.175.78.104.in-addr.arpa udp
US 8.8.8.8:53 154.159.222.52.in-addr.arpa udp
US 8.8.8.8:53 127.20.162.3.in-addr.arpa udp
US 8.8.8.8:53 86.52.22.104.in-addr.arpa udp
US 8.8.8.8:53 173.53.22.104.in-addr.arpa udp
US 8.8.8.8:53 28.57.234.172.in-addr.arpa udp
US 8.8.8.8:53 56.129.155.18.in-addr.arpa udp
US 8.8.8.8:53 52.91.86.99.in-addr.arpa udp
US 8.8.8.8:53 80.9.249.13.in-addr.arpa udp
US 8.8.8.8:53 33.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 114.157.77.45.in-addr.arpa udp
US 8.8.8.8:53 190.90.25.52.in-addr.arpa udp
US 8.8.8.8:53 114.38.162.3.in-addr.arpa udp
US 8.8.8.8:53 234.23.67.172.in-addr.arpa udp
US 8.8.8.8:53 218.64.98.34.in-addr.arpa udp
US 8.8.8.8:53 244.204.23.2.in-addr.arpa udp
US 8.8.8.8:53 39.22.225.44.in-addr.arpa udp
US 8.8.8.8:53 226.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 28.220.23.2.in-addr.arpa udp
US 8.8.8.8:53 194.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 106.148.165.3.in-addr.arpa udp
US 8.8.8.8:53 149.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 137.131.71.35.in-addr.arpa udp
US 8.8.8.8:53 23.187.202.18.in-addr.arpa udp
FR 163.5.194.35:443 prebid.a-mo.net tcp
IE 34.242.121.72:443 ad.360yield.com tcp
IE 34.242.121.72:443 ad.360yield.com tcp
IE 34.242.121.72:443 ad.360yield.com tcp
IE 34.242.121.72:443 ad.360yield.com tcp
NL 89.149.193.117:443 ssbsync-global.smartadserver.com tcp
DK 37.157.5.132:443 cm.adform.net tcp
GB 172.217.16.226:443 securepubads.g.doubleclick.net tcp
GB 172.217.16.226:443 securepubads.g.doubleclick.net tcp
GB 172.217.16.226:443 securepubads.g.doubleclick.net tcp
GB 142.250.200.33:443 ep2.adtrafficquality.google tcp
GB 172.217.16.226:443 securepubads.g.doubleclick.net tcp
GB 142.250.180.4:443 www.google.com tcp
US 165.227.88.228:443 bis3.vidazoo.com tcp
US 3.165.148.34:443 eb.proper.io tcp
DE 18.195.234.25:443 match.sharethrough.com tcp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
US 198.199.89.226:443 sync.kueezrtb.com tcp
GB 18.172.88.34:443 live.primis.tech tcp
GB 172.217.16.226:443 securepubads.g.doubleclick.net udp
US 104.18.41.106:443 sync.ingage.tech tcp
GB 142.250.179.225:443 tpc.googlesyndication.com tcp
GB 2.23.204.244:443 ads.pubmatic.com tcp
FR 3.165.136.123:443 sync-gdpr.intentiq.com tcp
GB 142.250.179.225:443 tpc.googlesyndication.com udp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
GB 2.23.220.28:443 hbx.media.net tcp
NL 178.250.1.11:443 gum.criteo.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
US 35.244.193.51:443 lexicon.33across.com tcp
US 167.172.230.145:443 ads.bidstreamserver.com tcp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
US 8.8.8.8:53 226.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 251.9.89.51.in-addr.arpa udp
US 8.8.8.8:53 0.92.217.18.in-addr.arpa udp
US 8.8.8.8:53 96.175.214.35.in-addr.arpa udp
US 8.8.8.8:53 35.194.5.163.in-addr.arpa udp
US 8.8.8.8:53 72.121.242.34.in-addr.arpa udp
US 8.8.8.8:53 117.193.149.89.in-addr.arpa udp
US 8.8.8.8:53 132.5.157.37.in-addr.arpa udp
US 8.8.8.8:53 34.148.165.3.in-addr.arpa udp
US 8.8.8.8:53 25.234.195.18.in-addr.arpa udp
US 8.8.8.8:53 34.88.172.18.in-addr.arpa udp
US 8.8.8.8:53 228.88.227.165.in-addr.arpa udp
US 8.8.8.8:53 226.89.199.198.in-addr.arpa udp
US 8.8.8.8:53 106.41.18.104.in-addr.arpa udp
US 8.8.8.8:53 51.193.244.35.in-addr.arpa udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
GB 172.217.16.226:443 securepubads.g.doubleclick.net udp
GB 172.217.16.226:443 securepubads.g.doubleclick.net udp
DE 141.95.33.120:443 id5-sync.com tcp
DE 162.19.138.120:443 id5-sync.com tcp
US 67.202.105.24:443 ssc-cms.33across.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
US 34.120.133.55:443 api.rlcdn.com tcp
US 34.120.133.55:443 api.rlcdn.com udp
US 69.166.1.32:443 apex.go.sonobi.com tcp
US 104.26.8.169:443 script.4dex.io tcp
US 134.209.41.179:443 prebid.bidstreamserver.com tcp
US 134.209.41.179:443 prebid.bidstreamserver.com tcp
US 134.209.41.179:443 prebid.bidstreamserver.com tcp
US 134.209.41.179:443 prebid.bidstreamserver.com tcp
DE 141.95.33.120:443 id5-sync.com tcp
GB 185.64.190.78:443 image6.pubmatic.com tcp
US 104.26.8.169:443 script.4dex.io tcp
US 104.18.22.145:443 cadmus.script.ac tcp
US 8.8.8.8:53 ssp-sync.criteo.com udp
GB 2.23.220.28:443 hbx.media.net tcp
US 104.26.8.169:443 script.4dex.io tcp
NL 178.250.1.57:443 ssp-sync.criteo.com tcp
DE 51.89.9.251:443 onetag-sys.com tcp
DE 51.89.9.251:443 onetag-sys.com tcp
FR 18.164.52.46:443 s.ad.smaato.net tcp
US 64.202.112.63:443 b1sync.zemanta.com tcp
IE 54.229.148.225:443 g2.gumgum.com tcp
NL 178.250.1.9:443 dis.criteo.com tcp
DE 51.89.9.251:443 onetag-sys.com udp
US 134.209.41.179:443 prebid.bidstreamserver.com tcp
NL 89.149.193.84:443 ssbsync.smartadserver.com tcp
NL 35.214.136.108:443 x.bidswitch.net tcp
DE 18.195.234.25:443 match.sharethrough.com tcp
US 8.8.8.8:53 dsp-ap.eskimi.com udp
US 8.8.8.8:53 ad.mrtnsvr.com udp
US 8.8.8.8:53 match.prod.bidr.io udp
US 8.8.8.8:53 p.rfihub.com udp
NL 35.214.136.108:443 x.bidswitch.net udp
DE 37.252.171.21:443 ib.adnxs.com tcp
IE 52.17.238.95:443 match.prod.bidr.io tcp
IE 52.95.122.74:443 aax-eu.amazon-adsystem.com tcp
GB 18.172.88.34:443 live.primis.tech udp
IE 54.170.251.59:443 dsp.360yield.com tcp
DE 91.228.74.159:443 cms.quantserve.com tcp
US 34.102.163.6:443 ad.mrtnsvr.com tcp
US 54.144.126.151:443 sync.srv.stackadapt.com tcp
US 151.101.2.49:443 sync-tm.everesttech.net tcp
DK 37.157.3.20:443 c1.adform.net tcp
DK 37.157.3.20:443 c1.adform.net tcp
NL 193.0.160.130:443 p.rfihub.com tcp
NL 188.42.63.48:443 dsp-ap.eskimi.com tcp
NL 82.145.213.8:443 t.adx.opera.com tcp
DE 80.82.210.217:443 dsp-cookie.adfarm1.adition.com tcp
NL 35.214.175.96:443 csync.loopme.me tcp
IE 52.208.154.107:443 ap.lijit.com tcp
US 76.223.111.18:443 eb2.3lift.com tcp
US 34.102.163.6:443 ad.mrtnsvr.com tcp
NL 193.0.160.130:443 p.rfihub.com tcp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
SE 13.53.196.230:443 d5p.de17a.com tcp
US 23.192.21.141:443 eus.rubiconproject.com tcp
IE 52.51.128.45:443 sync-amz.ads.yieldmo.com tcp
US 35.186.193.173:443 ipac.ctnsnet.com tcp
GB 216.58.212.226:443 cm.g.doubleclick.net tcp
GB 216.58.212.226:443 cm.g.doubleclick.net tcp
GB 216.58.212.226:443 cm.g.doubleclick.net tcp
US 35.71.131.137:443 match.adsrvr.org tcp
GB 87.248.114.12:443 s.yimg.com tcp
US 104.22.50.98:443 mwzeom.zeotap.com tcp
DK 77.243.51.121:443 uipglob.semasio.net tcp
FR 54.38.113.5:443 pixel.onaudience.com tcp
US 8.8.8.8:53 image2.pubmatic.com udp
US 8.8.8.8:53 simage2.pubmatic.com udp
NL 198.47.127.205:443 simage2.pubmatic.com tcp
NL 198.47.127.205:443 simage2.pubmatic.com tcp
GB 185.64.191.210:443 image2.pubmatic.com tcp
GB 185.64.191.210:443 image2.pubmatic.com tcp
GB 216.58.212.226:443 cm.g.doubleclick.net udp
FR 163.5.194.35:443 prebid.a-mo.net tcp
US 34.13.138.208:443 um.simpli.fi tcp
IE 54.229.42.39:443 ce.lijit.com tcp
US 8.8.8.8:53 49.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 130.160.0.193.in-addr.arpa udp
US 8.8.8.8:53 8.213.145.82.in-addr.arpa udp
US 8.8.8.8:53 159.74.228.91.in-addr.arpa udp
US 8.8.8.8:53 48.63.42.188.in-addr.arpa udp
US 8.8.8.8:53 20.3.157.37.in-addr.arpa udp
US 8.8.8.8:53 217.210.82.80.in-addr.arpa udp
US 8.8.8.8:53 151.126.144.54.in-addr.arpa udp
US 8.8.8.8:53 59.251.170.54.in-addr.arpa udp
US 8.8.8.8:53 141.21.192.23.in-addr.arpa udp
US 8.8.8.8:53 173.193.186.35.in-addr.arpa udp
US 8.8.8.8:53 98.50.22.104.in-addr.arpa udp
US 8.8.8.8:53 5.113.38.54.in-addr.arpa udp
US 8.8.8.8:53 121.51.243.77.in-addr.arpa udp
US 8.8.8.8:53 45.128.51.52.in-addr.arpa udp
NL 185.184.8.90:443 creativecdn.com tcp
IE 34.251.26.95:443 pr-bh.ybp.yahoo.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
US 151.101.65.108:443 acdn.adnxs.com tcp
NL 46.228.164.11:443 ad.turn.com tcp
NL 64.227.64.62:443 match.adsby.bidtheatre.com tcp
NL 63.215.202.140:443 pubmatic-match.dotomi.com tcp
NL 208.93.169.131:443 bh.contextweb.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com udp
DE 3.122.214.165:443 ps.eyeota.net tcp
NL 89.149.193.105:443 rtb-csync.smartadserver.com tcp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
GB 185.64.191.214:443 image8.pubmatic.com tcp
NL 69.173.156.148:443 token.rubiconproject.com tcp
IE 34.240.236.190:443 ads.yieldmo.com tcp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
US 35.171.195.136:443 aorta.clickagy.com tcp
FR 13.249.9.36:443 sync.serverbid.com tcp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
IE 34.240.236.190:443 ads.yieldmo.com tcp
IE 34.247.233.198:443 usersync.gumgum.com tcp
GB 185.64.190.81:443 image4.pubmatic.com tcp
GB 185.64.190.81:443 image4.pubmatic.com tcp
IE 34.247.233.198:443 usersync.gumgum.com tcp
US 54.144.126.151:443 sync.srv.stackadapt.com tcp
US 54.144.126.151:443 sync.srv.stackadapt.com tcp
NL 89.207.16.201:443 triplelift-match.dotomi.com tcp
NL 46.228.164.11:443 ad.turn.com tcp
US 8.8.8.8:53 11.164.228.46.in-addr.arpa udp
US 8.8.8.8:53 140.202.215.63.in-addr.arpa udp
US 8.8.8.8:53 62.64.227.64.in-addr.arpa udp
US 8.8.8.8:53 95.26.251.34.in-addr.arpa udp
US 8.8.8.8:53 131.169.93.208.in-addr.arpa udp
US 8.8.8.8:53 165.214.122.3.in-addr.arpa udp
US 8.8.8.8:53 105.193.149.89.in-addr.arpa udp
US 8.8.8.8:53 148.156.173.69.in-addr.arpa udp
NL 69.173.156.148:443 token.rubiconproject.com tcp
US 8.8.8.8:53 190.236.240.34.in-addr.arpa udp
US 8.8.8.8:53 36.9.249.13.in-addr.arpa udp
US 8.8.8.8:53 81.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 198.233.247.34.in-addr.arpa udp
US 8.8.8.8:53 136.195.171.35.in-addr.arpa udp
NL 46.228.164.11:443 ad.turn.com tcp
US 54.144.126.151:443 sync.srv.stackadapt.com tcp
US 3.218.135.138:443 sync.ipredictive.com tcp
US 8.18.47.7:443 match.deepintent.com tcp
IE 34.247.233.198:443 usersync.gumgum.com tcp
IE 34.247.233.198:443 usersync.gumgum.com tcp
JP 124.146.153.151:443 tg.socdm.com tcp
GB 23.215.239.190:443 secure-assets.rubiconproject.com tcp
NL 69.173.156.148:443 token.rubiconproject.com tcp
NL 69.173.156.148:443 token.rubiconproject.com tcp
NL 69.173.156.148:443 token.rubiconproject.com tcp
NL 69.173.156.149:443 token.rubiconproject.com tcp
NL 69.173.156.149:443 token.rubiconproject.com tcp
NL 69.173.156.149:443 token.rubiconproject.com tcp
US 98.82.156.207:443 s.amazon-adsystem.com tcp
JP 124.146.153.151:443 tg.socdm.com tcp
NL 69.173.156.149:443 token.rubiconproject.com tcp
NL 69.173.156.149:443 token.rubiconproject.com tcp
US 13.107.42.14:443 px.ads.linkedin.com tcp
NL 69.173.156.149:443 token.rubiconproject.com tcp
US 98.82.156.207:443 s.amazon-adsystem.com tcp
US 54.173.20.189:443 vid-io-iad.springserve.com tcp
US 104.18.41.104:443 capi.connatix.com tcp
SI 195.5.165.20:443 core.iprom.net tcp
US 34.111.113.62:443 pixel.tapad.com tcp
SG 35.186.154.107:443 cm-supply-web.gammaplatform.com tcp
US 8.8.8.8:53 20.165.5.195.in-addr.arpa udp
US 8.8.8.8:53 189.20.173.54.in-addr.arpa udp
US 67.202.105.31:443 de.tynt.com tcp
DK 37.157.3.20:443 c1.adform.net tcp
FR 18.245.199.2:443 tbd4rmdvjk.execute-api.us-east-1.amazonaws.com tcp
SG 35.186.154.107:443 cm-supply-web.gammaplatform.com tcp
IE 52.215.155.11:443 cm.adgrx.com tcp
FR 141.95.171.140:443 green.erne.co tcp
US 172.64.150.63:443 a.tribalfusion.com tcp
DE 23.88.86.2:443 matching.truffle.bid tcp
FR 54.38.113.3:443 pixel-eu.onaudience.com tcp
IE 34.252.147.51:443 sync.crwdcntrl.net tcp
DE 57.129.39.243:443 bidberry.net tcp
US 3.165.148.106:443 video.primis.tech udp
DE 23.88.86.2:443 matching.truffle.bid tcp
GB 142.250.200.33:443 ep2.adtrafficquality.google udp
GB 18.172.88.52:443 live.primis.tech udp
NL 35.214.175.96:443 csync.loopme.me tcp
US 104.18.36.155:443 dsum.casalemedia.com tcp
FR 52.222.159.154:443 aax.amazon-adsystem.com tcp
NL 63.215.202.172:443 amazon-tam-match.dotomi.com tcp
US 104.18.36.155:443 dsum.casalemedia.com udp
NL 89.207.16.140:443 casale-match.dotomi.com tcp
IE 52.16.253.227:443 pm.w55c.net tcp
FR 18.245.193.37:443 m.media-amazon.com tcp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
FR 18.245.193.37:443 m.media-amazon.com udp
IE 67.220.226.234:443 aax-eu.amazon-adsystem.com tcp
IE 67.220.226.234:443 aax-eu.amazon-adsystem.com tcp
US 151.101.65.16:443 images-na.ssl-images-amazon.com tcp
FR 18.245.175.80:443 ts.amazon-adsystem.com tcp
IE 52.18.108.50:443 aes.eu-west.3px.axp.amazon-adsystem.com tcp
GB 2.22.249.19:443 aqfer.lijit.com tcp
DE 162.55.120.196:443 matching.truffle.bid tcp
DE 162.55.120.196:443 matching.truffle.bid tcp
DE 37.252.171.21:443 secure.adnxs.com tcp
US 35.186.253.211:443 rtb.openx.net udp
US 34.120.63.153:443 prebid.media.net udp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
US 89.187.176.167:443 ssc.33across.com tcp
US 69.166.1.32:443 apex.go.sonobi.com tcp
DE 18.159.212.21:443 btlr.sharethrough.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
US 172.64.151.101:443 dsum.casalemedia.com udp
NL 89.149.193.96:443 prg.smartadserver.com tcp
DE 51.89.9.251:443 onetag-sys.com udp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
DE 51.89.9.251:443 onetag-sys.com tcp
GB 172.217.16.226:443 securepubads.g.doubleclick.net udp
GB 172.217.16.226:443 securepubads.g.doubleclick.net udp
US 34.120.133.55:443 api.rlcdn.com udp
IE 54.73.182.240:443 pn.ybp.yahoo.com tcp
NL 69.173.156.129:443 beacon-ams3.rubiconproject.com tcp
GB 142.250.200.38:443 s0.2mdn.net tcp
GB 87.248.114.11:443 cdn.js7k.com tcp
US 23.192.20.210:443 servedby.flashtalking.com tcp
US 35.80.132.205:443 pixel.adsafeprotected.com tcp
GB 87.248.114.12:443 cdn.js7k.com tcp
FR 52.222.159.154:443 aax.amazon-adsystem.com tcp
FR 52.84.174.120:443 ajs-assets.ftstatic.com tcp
GB 142.250.179.225:443 tpc.googlesyndication.com udp
MX 192.178.56.35:443 csi.gstatic.com tcp
MX 192.178.56.35:443 csi.gstatic.com tcp
FR 18.245.193.37:443 m.media-amazon.com tcp
FR 18.155.129.117:443 agen-assets.ftstatic.com tcp
FR 18.245.175.80:443 ts.amazon-adsystem.com tcp
MX 192.178.56.35:443 csi.gstatic.com tcp
IE 52.48.243.18:443 premierinn.demdex.net tcp
FR 18.244.33.53:443 images-na.ssl-images-amazon.com tcp
FR 52.222.169.4:443 cdn.flashtalking.com tcp
FR 52.222.169.4:443 cdn.flashtalking.com tcp
GB 18.170.252.3:443 ad-events.flashtalking.com tcp
GB 18.170.252.3:443 ad-events.flashtalking.com tcp
GB 18.172.88.111:443 static.adsafeprotected.com tcp
GB 142.250.187.234:443 content-autofill.googleapis.com tcp
IE 52.50.31.191:443 aes.eu-west.3px.axp.amazon-adsystem.com tcp
US 8.8.8.8:53 4.169.222.52.in-addr.arpa udp
US 8.8.8.8:53 18.243.48.52.in-addr.arpa udp
US 8.8.8.8:53 3.252.170.18.in-addr.arpa udp
US 8.8.8.8:53 111.88.172.18.in-addr.arpa udp
US 8.8.8.8:53 234.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 191.31.50.52.in-addr.arpa udp
US 8.8.8.8:53 dt.adsafeprotected.com udp
US 54.227.179.134:443 dt.adsafeprotected.com tcp
US 54.227.179.134:443 dt.adsafeprotected.com tcp
US 54.227.179.134:443 dt.adsafeprotected.com tcp
US 54.227.179.134:443 dt.adsafeprotected.com tcp
US 54.227.179.134:443 dt.adsafeprotected.com tcp
MX 192.178.56.35:443 csi.gstatic.com udp
US 4.153.129.168:443 b.clarity.ms tcp
US 3.165.148.106:443 video.primis.tech udp
MX 192.178.56.35:443 csi.gstatic.com udp
GB 142.250.200.14:443 gcdn.2mdn.net tcp
GB 74.125.105.134:443 r1---sn-aigl6nsr.c.2mdn.net tcp
GB 142.250.200.38:443 s0.2mdn.net tcp
GB 216.58.213.3:443 beacons.gcp.gvt2.com tcp
US 4.153.129.168:443 b.clarity.ms tcp
GB 142.250.200.14:443 gcdn.2mdn.net udp
GB 74.125.105.134:443 r1---sn-aigl6nsr.c.2mdn.net udp
IE 67.220.226.234:443 aax-eu.amazon-adsystem.com tcp
IE 67.220.226.234:443 aax-eu.amazon-adsystem.com tcp
IE 67.220.226.234:443 aax-eu.amazon-adsystem.com tcp
DE 37.252.171.21:443 secure.adnxs.com tcp
NL 89.149.193.96:443 prg.smartadserver.com tcp
DE 51.89.9.251:443 onetag-sys.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
GB 216.58.213.3:443 beacons.gcp.gvt2.com tcp
GB 172.217.16.226:443 securepubads.g.doubleclick.net udp
GB 172.217.16.226:443 securepubads.g.doubleclick.net udp
US 4.153.129.168:443 b.clarity.ms tcp
US 34.120.63.153:443 prebid.media.net udp
US 35.186.253.211:443 rtb.openx.net udp
US 104.18.36.155:443 htlb.casalemedia.com udp
US 89.187.176.167:443 ssc.33across.com tcp
US 161.35.253.186:443 prebid.cootlogix.com tcp
US 161.35.253.186:443 prebid.cootlogix.com tcp
US 161.35.253.186:443 prebid.cootlogix.com tcp
US 69.166.1.32:443 apex.go.sonobi.com tcp
DE 3.120.207.148:443 btlr.sharethrough.com tcp
US 34.120.133.55:443 api.rlcdn.com udp
DE 51.89.9.251:443 onetag-sys.com tcp
GB 216.58.213.3:443 beacons.gcp.gvt2.com tcp
IE 54.228.54.61:443 nrb.ybp.yahoo.com tcp
US 4.153.129.168:443 b.clarity.ms tcp
GB 142.250.180.4:443 www.google.com udp
GB 142.250.178.10:443 content-autofill.googleapis.com udp
GB 142.250.200.46:443 consent.google.com udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 142.250.178.10:443 content-autofill.googleapis.com udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 142.250.200.46:443 consent.google.com udp
US 4.153.129.168:443 b.clarity.ms tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
NL 89.149.193.96:443 prg.smartadserver.com tcp
DE 37.252.171.21:443 secure.adnxs.com tcp
DE 51.89.9.251:443 onetag-sys.com tcp
US 3.165.148.106:443 video.primis.tech udp
GB 216.58.213.3:443 beacons.gcp.gvt2.com udp
SG 34.87.124.238:443 e2c8.gcp.gvt2.com tcp
GB 172.217.16.226:443 securepubads.g.doubleclick.net udp
GB 172.217.16.226:443 securepubads.g.doubleclick.net udp
US 34.120.133.55:443 api.rlcdn.com udp
GB 216.58.213.3:443 beacons.gcp.gvt2.com udp
GB 142.250.187.195:443 beacons.gvt2.com tcp
US 69.166.1.32:443 apex.go.sonobi.com tcp
DE 51.89.9.251:443 onetag-sys.com tcp
PL 34.118.72.152:443 e2c12.gcp.gvt2.com tcp
US 8.8.8.8:53 beacons2.gvt2.com udp
MX 172.217.15.3:443 beacons2.gvt2.com tcp
US 8.8.8.8:53 152.72.118.34.in-addr.arpa udp
DE 34.89.141.94:443 e2c16.gcp.gvt2.com tcp
US 8.8.8.8:53 3.15.217.172.in-addr.arpa udp
US 4.153.129.168:443 b.clarity.ms tcp
GB 216.58.213.3:443 beacons.gcp.gvt2.com udp
GB 172.217.169.35:443 beacons3.gvt2.com tcp
US 8.8.8.8:53 ad.360yield.com udp
DE 37.252.171.21:443 secure.adnxs.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
DE 51.89.9.251:443 onetag-sys.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
GB 216.58.213.3:443 beacons.gcp.gvt2.com udp
FR 5.135.209.96:443 prg.smartadserver.com tcp
GB 172.217.16.226:443 securepubads.g.doubleclick.net udp
GB 172.217.16.226:443 securepubads.g.doubleclick.net udp
GB 172.217.16.226:443 securepubads.g.doubleclick.net udp
GB 172.217.16.226:443 securepubads.g.doubleclick.net udp
US 34.120.133.55:443 api.rlcdn.com udp
US 69.166.1.32:443 apex.go.sonobi.com tcp
US 8.8.8.8:53 ap.lijit.com udp
DE 51.89.9.251:443 onetag-sys.com tcp
US 4.153.129.168:443 b.clarity.ms tcp
US 8.8.8.8:53 s1.nordcdn.com udp
GB 216.58.213.4:443 www.google.com udp
US 104.16.208.203:443 web-api.nordvpn.com tcp
US 104.16.208.203:443 web-api.nordvpn.com tcp
US 104.16.208.203:443 web-api.nordvpn.com tcp
US 104.16.156.111:443 s1.nordcdn.com tcp
US 104.16.156.111:443 s1.nordcdn.com tcp
US 104.16.156.111:443 s1.nordcdn.com tcp
US 104.16.156.111:443 s1.nordcdn.com tcp
US 104.16.208.203:443 web-api.nordvpn.com udp
GB 216.58.213.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 e2c19.gcp.gvt2.com udp
FR 52.84.174.97:443 sb.nordcdn.com tcp
US 104.16.208.203:443 cm.nordvpn.com tcp
US 104.16.208.203:443 cm.nordvpn.com tcp
CH 34.65.65.90:443 e2c19.gcp.gvt2.com tcp
BE 142.250.110.156:443 stats.g.doubleclick.net tcp
GB 172.217.169.3:443 id.google.com tcp
GB 216.58.213.4:443 www.google.com tcp
GB 142.250.187.195:443 beacons.gvt2.com tcp
GB 216.58.213.4:443 www.google.com udp
GB 172.217.169.3:443 id.google.com udp
FR 52.84.174.97:443 sb.nordcdn.com tcp
GB 142.250.178.6:443 12123059.fls.doubleclick.net tcp
GB 142.250.178.6:443 12123059.fls.doubleclick.net udp
US 8.8.8.8:53 insight.adsrvr.org udp
US 35.71.131.137:443 insight.adsrvr.org tcp
FR 18.244.32.109:443 js.adsrvr.org tcp
US 23.192.20.210:443 servedby.flashtalking.com tcp
FR 5.135.209.96:443 prg.smartadserver.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
DE 37.252.171.21:443 secure.adnxs.com tcp
DE 51.89.9.251:443 onetag-sys.com tcp
GB 216.58.213.3:443 beacons.gcp.gvt2.com udp
GB 172.217.16.226:443 securepubads.g.doubleclick.net udp
GB 172.217.16.226:443 securepubads.g.doubleclick.net udp
GB 172.217.16.226:443 securepubads.g.doubleclick.net udp
US 4.153.129.168:443 b.clarity.ms tcp
FR 5.135.209.96:443 prg.smartadserver.com tcp
DE 51.89.9.251:443 onetag-sys.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
NL 185.89.210.82:443 ib.adnxs.com tcp
GB 172.217.16.226:443 securepubads.g.doubleclick.net udp
GB 172.217.16.226:443 securepubads.g.doubleclick.net udp
GB 172.217.16.226:443 securepubads.g.doubleclick.net udp
US 4.153.129.168:443 b.clarity.ms tcp
GB 172.217.169.3:443 id.google.com udp
GB 216.58.213.3:443 beacons.gcp.gvt2.com tcp
GB 216.58.213.3:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.3:443 id.google.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
NL 185.89.210.82:443 ib.adnxs.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
DE 51.89.9.251:443 onetag-sys.com tcp
FR 5.135.209.96:443 prg.smartadserver.com tcp
GB 172.217.16.226:443 securepubads.g.doubleclick.net udp
GB 172.217.16.226:443 securepubads.g.doubleclick.net udp
GB 172.217.16.226:443 securepubads.g.doubleclick.net udp
US 4.153.129.168:443 b.clarity.ms tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
NL 185.89.210.82:443 ib.adnxs.com tcp
US 89.187.176.167:443 ssc.33across.com tcp
US 35.186.253.211:443 rtb.openx.net udp
US 104.18.36.155:443 htlb.casalemedia.com udp
US 8.8.8.8:53 g2.gumgum.com udp
US 69.166.1.32:443 apex.go.sonobi.com tcp
US 8.8.8.8:53 tlx.3lift.com udp
US 8.8.8.8:53 prebid.media.net udp
US 8.8.8.8:53 reachms.bfmio.com udp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 8.8.8.8:53 btlr.sharethrough.com udp
IE 54.229.148.225:443 g2.gumgum.com tcp
GB 216.58.213.3:443 beacons.gcp.gvt2.com udp
US 161.35.253.186:443 prebid.cootlogix.com tcp
US 161.35.253.186:443 prebid.cootlogix.com tcp
US 161.35.253.186:443 prebid.cootlogix.com tcp
DE 3.72.6.211:443 btlr.sharethrough.com tcp
US 44.196.243.115:443 reachms.bfmio.com tcp
GB 216.58.213.3:443 beacons.gcp.gvt2.com udp
DE 3.78.168.176:443 tlx.3lift.com tcp
IE 63.35.111.236:443 ap.lijit.com tcp
US 34.120.63.153:443 prebid.media.net udp
GB 18.172.88.77:443 live.primis.tech udp
US 104.16.208.203:443 cm.nordvpn.com udp
US 104.16.208.203:443 cm.nordvpn.com udp
US 104.27.206.92:443 cf.whatismyip.com udp
GB 172.217.169.3:443 id.google.com udp
US 216.239.32.36:443 region1.analytics.google.com udp
US 34.117.39.86:443 api.whatismyip.com udp
FR 18.245.175.55:443 global.proper.io tcp
US 104.27.207.92:443 cf.whatismyip.com udp
FR 18.245.175.55:443 global.proper.io tcp
US 13.107.246.65:443 www.clarity.ms tcp
GB 216.58.204.78:443 fundingchoicesmessages.google.com udp
GB 216.58.204.78:443 fundingchoicesmessages.google.com udp
FR 18.244.28.66:443 abcheck.proper.io tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
FR 18.245.194.122:443 c.amazon-adsystem.com tcp
DE 3.72.6.211:443 btlr.sharethrough.com tcp
US 69.166.1.32:443 apex.go.sonobi.com tcp
US 44.242.127.23:443 bids.proper.io tcp
FR 3.165.113.74:443 player.propervideo.io tcp
DE 91.228.74.244:443 pixel.quantserve.com tcp
US 3.214.207.9:443 cs-server-s2s.yellowblue.io tcp
GB 142.250.187.194:443 pubads.g.doubleclick.net udp
US 130.211.23.194:443 api.btloader.com udp
FR 172.234.57.28:443 aps.zqtk.net tcp
DK 37.157.5.132:443 cm.adform.net tcp
US 3.165.148.55:443 video.primis.tech udp
GB 87.248.114.11:443 ups.analytics.yahoo.com tcp
FR 51.178.195.213:443 ssbsync-global.smartadserver.com tcp
FR 3.165.136.96:443 sync-gdpr.intentiq.com tcp
GB 142.250.187.194:443 pubads.g.doubleclick.net udp
US 44.236.223.253:443 events.browsiprod.com tcp
FR 3.162.38.114:443 yield-manager.browsiprod.com tcp
GB 142.250.179.225:443 tpc.googlesyndication.com udp
IE 54.239.33.159:443 aax-eu.amazon-adsystem.com tcp
US 68.183.31.191:443 wserver.vidazoo.com tcp
US 34.238.18.166:443 prod.us-east-1.cxm-bcn.publisher-services.amazon.dev tcp
US 8.8.8.8:53 244.74.228.91.in-addr.arpa udp
US 8.8.8.8:53 9.207.214.3.in-addr.arpa udp
US 8.8.8.8:53 55.148.165.3.in-addr.arpa udp
US 8.8.8.8:53 96.136.165.3.in-addr.arpa udp
US 8.8.8.8:53 213.195.178.51.in-addr.arpa udp
US 8.8.8.8:53 253.223.236.44.in-addr.arpa udp
US 8.8.8.8:53 159.33.239.54.in-addr.arpa udp
US 8.8.8.8:53 191.31.183.68.in-addr.arpa udp
GB 216.58.212.193:443 be6b639257c230621090932e7c80667c.safeframe.googlesyndication.com tcp
DE 51.89.9.251:443 onetag-sys.com tcp
US 159.223.175.97:443 bis6.vidazoo.com tcp
DE 141.95.33.120:443 id5-sync.com tcp
GB 142.250.180.1:443 ep2.adtrafficquality.google udp
GB 172.217.16.226:443 securepubads.g.doubleclick.net udp
FR 5.135.209.96:443 prg.smartadserver.com tcp
US 67.202.105.24:443 ssc-cms.33across.com tcp
MX 192.178.56.35:443 csi.gstatic.com udp
IE 54.239.33.159:443 aax-eu.amazon-adsystem.com tcp
MX 192.178.56.35:443 csi.gstatic.com udp
FR 52.84.180.29:443 m.media-amazon.com udp
DE 141.95.33.120:443 id5-sync.com tcp
US 172.64.149.180:443 js-sec.indexww.com tcp
DE 162.19.138.120:443 id5-sync.com tcp
US 69.166.1.32:443 apex.go.sonobi.com tcp
DE 3.72.6.211:443 btlr.sharethrough.com tcp
FR 163.5.194.34:443 sync.a-mo.net tcp
NL 185.89.210.82:443 ib.adnxs.com tcp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
US 104.19.158.19:443 assets.a-mo.net tcp
US 35.186.253.211:443 rtb.openx.net tcp
DK 37.157.5.132:443 cm.adform.net tcp
FR 51.178.195.213:443 ssbsync-global.smartadserver.com tcp
IE 63.35.111.236:443 ap.lijit.com tcp
NL 79.127.227.46:443 id.rtb.mx tcp
FR 163.5.194.37:443 sync.a-mo.net tcp
NL 178.250.1.9:443 dis.criteo.com tcp
NL 46.228.164.11:443 ad.turn.com tcp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
US 192.132.33.67:443 bttrack.com tcp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
DK 37.157.3.20:443 c1.adform.net tcp
US 52.55.55.106:443 sync.srv.stackadapt.com tcp
DE 37.252.172.123:443 secure.adnxs.com tcp
US 35.244.174.68:443 id.rlcdn.com tcp
US 54.92.246.50:443 i.liadm.com tcp
FR 163.5.194.36:443 sync.a-mo.net tcp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
GB 18.172.88.77:443 live.primis.tech udp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
IE 54.229.42.39:443 ce.lijit.com tcp
US 34.149.50.64:443 s.seedtag.com tcp
FR 185.255.84.152:443 visitor.omnitagjs.com tcp
DE 18.184.206.66:443 match.sharethrough.com tcp
US 4.153.129.168:443 b.clarity.ms tcp
DE 18.159.85.125:443 exchange.mediavine.com tcp
FR 52.222.169.6:443 widget.sellwild.com tcp
FR 163.5.194.36:443 sync.a-mo.net tcp
GB 142.250.200.42:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 67.33.132.192.in-addr.arpa udp
US 8.8.8.8:53 106.55.55.52.in-addr.arpa udp
US 8.8.8.8:53 50.246.92.54.in-addr.arpa udp
US 8.8.8.8:53 64.50.149.34.in-addr.arpa udp
US 8.8.8.8:53 152.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 66.206.184.18.in-addr.arpa udp
US 8.8.8.8:53 125.85.159.18.in-addr.arpa udp
US 8.8.8.8:53 6.169.222.52.in-addr.arpa udp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
US 161.35.253.186:443 prebid.cootlogix.com tcp
US 161.35.253.186:443 prebid.cootlogix.com tcp
US 161.35.253.186:443 prebid.cootlogix.com tcp
US 69.166.1.32:443 apex.go.sonobi.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
DE 3.72.6.211:443 btlr.sharethrough.com tcp
DE 79.127.216.47:443 id.rtb.mx tcp
NL 185.89.208.11:443 prebid.adnxs.com tcp
GB 185.64.190.84:443 ow.pubmatic.com tcp
GB 172.217.169.3:443 www.google.co.uk udp
US 4.153.129.168:443 b.clarity.ms tcp
FR 163.5.194.30:443 sync.a-mo.net tcp
GB 172.217.169.3:443 www.google.co.uk udp
FR 163.5.194.30:443 sync.a-mo.net tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 185.89.210.82:443 ib.adnxs.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
DE 51.89.9.251:443 onetag-sys.com tcp
US 159.223.175.97:443 bis6.vidazoo.com tcp
NL 89.149.193.113:443 prg.smartadserver.com tcp
GB 172.217.16.226:443 securepubads.g.doubleclick.net udp
GB 172.217.16.226:443 securepubads.g.doubleclick.net udp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
US 34.120.63.153:443 prebid.media.net udp
US 104.18.36.155:443 ssum.casalemedia.com udp
US 89.187.176.167:443 ssc.33across.com tcp
US 69.166.1.32:443 apex.go.sonobi.com tcp
US 35.186.253.211:443 rtb.openx.net udp
DE 3.72.6.211:443 btlr.sharethrough.com tcp
NL 89.149.193.113:443 prg.smartadserver.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 185.89.210.82:443 ib.adnxs.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
DE 51.89.9.251:443 onetag-sys.com tcp
GB 216.58.213.3:443 beacons.gcp.gvt2.com udp
GB 216.58.201.110:443 google.com tcp
GB 172.217.16.226:443 securepubads.g.doubleclick.net udp
GB 142.250.179.225:443 tpc.googlesyndication.com udp
GB 172.217.16.226:443 securepubads.g.doubleclick.net udp
GB 172.217.16.226:443 securepubads.g.doubleclick.net udp
US 34.120.63.153:443 prebid.media.net udp
US 69.166.1.32:443 apex.go.sonobi.com tcp
US 161.35.253.186:443 prebid.cootlogix.com tcp
US 161.35.253.186:443 prebid.cootlogix.com tcp
US 161.35.253.186:443 prebid.cootlogix.com tcp
US 161.35.253.186:443 prebid.cootlogix.com tcp
US 161.35.253.186:443 prebid.cootlogix.com tcp
US 161.35.253.186:443 prebid.cootlogix.com tcp
US 8.8.8.8:53 tlx.3lift.com udp
US 104.18.36.155:443 ssum.casalemedia.com udp
US 8.8.8.8:53 ssc.33across.com udp
US 8.8.8.8:53 reachms.bfmio.com udp
US 8.8.8.8:53 g2.gumgum.com udp
US 8.8.8.8:53 ap.lijit.com udp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
US 35.186.253.211:443 rtb.openx.net udp
GB 216.58.213.3:443 beacons.gcp.gvt2.com udp
US 79.127.243.242:443 ssc.33across.com tcp
DE 3.72.78.234:443 btlr.sharethrough.com tcp
US 216.239.32.36:443 region1.analytics.google.com udp
US 4.153.129.168:443 b.clarity.ms tcp
GB 172.217.169.3:443 www.google.co.uk udp
US 79.127.243.242:443 ssc.33across.com tcp
US 79.127.243.242:443 ssc.33across.com tcp
US 79.127.243.242:443 ssc.33across.com tcp
US 79.127.243.242:443 ssc.33across.com tcp
GB 142.250.187.196:443 www.google.com udp
US 104.16.208.203:443 cm.nordvpn.com udp
GB 172.217.169.3:443 www.google.co.uk udp

Files

\??\pipe\crashpad_1424_BPKLIRRBOKFWUACM

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Temp\scoped_dir1424_1451532125\e194c10a-2ee3-451a-bc74-c877d697ad1f.tmp

MD5 da75bb05d10acc967eecaac040d3d733
SHA1 95c08e067df713af8992db113f7e9aec84f17181
SHA256 33ae9b8f06dc777bb1a65a6ba6c3f2a01b25cd1afc291426b46d1df27ea6e7e2
SHA512 56533de53872f023809a20d1ea8532cdc2260d40b05c5a7012c8e61576ff092f006a197f759c92c6b8c429eeec4bb542073b491ddcfd5b22cd4ecbe1a8a7c6ef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 1f16a57eaa30cc43c2e6fa6149e73434
SHA1 149342500c585fd3a935a69c2681e5c35e7b7d60
SHA256 921024c437b401c9b382fc69346ef3c90e0fd01ba4df76e1894b9841d3acc213
SHA512 fae998d86236c80e4833a01abb5b0b657688c7ac5abd5aec2cc1c28c1f36e193414b7ffb2544c295a41c11e7b5b81aa1ef341caebece80322e8e9afd2eb80740

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 fb64e276b6dd03c069b1141447eec6b0
SHA1 d87e937a386ce083242994adde74b054327e2505
SHA256 18f57a945b4d195fa7cb175398dc936f93002cda8ebc66850b7f18186647333c
SHA512 b8b602c528a15f30581ae0fdd4378d1f7cd91ce3a74bfbaefa31b728acff6fee156d8393ca25e66f093838960d8bea856f23e5fcc5c6b1833bbd245689014784

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\428dcf90-60fd-4cde-9c2d-511a19cbb4f8.tmp

MD5 c44490d8a3ff1d4eb7b264a15e33439c
SHA1 e773b3b697ae92cc5dcaed54b903939d930b8c1b
SHA256 0b48cc9a5870c3d39bbbf97f74ded24daf256a63e9478be8bc1c6424a715e3cf
SHA512 ae230d2298589b440aa6ebb1c7c30e813cbb7ddfc20c9bc85387eaacc27679c59f63aba6a7ed90186aa33a756298c705a742abd501e0c0f1640619e2e73afe80

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 633291c9d16c8b180442aee05c422263
SHA1 d19a265a4f0c885481bfa10dcf80f36e34e7ce00
SHA256 b81fe66ecf61794c0a62f612da2095129b331c6c75fb96cf9576417b64e4e47f
SHA512 b994fd38ff282d28088e301aef3184b35f47d383a555f1b24c0e3b26e7080d679ba93d66a69c899ac52f8ad629dd1c2626e8479efcdac3ecec47da5deeaf125c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 48437e5eb99dec5501910620d592ad75
SHA1 1bff507ea3a4c51fe3e438a08e8e717cb751a34e
SHA256 4bf2dd995c6b1f5202d0f5cd365306c33b219d091575448086c6f23bb04a2a12
SHA512 838bfc05e12a99110f4009c71aedf3c5d2bcdedd3d60d019e1d1c8e1a35f4ea8535d901613fc74784acd4ceba0dfb24e4580fa4a6db85187f854609bb5e50beb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d38f3e26f48106dccce663eaac790b29
SHA1 39880fe3f2d6f7b41ee264fd8df05c3dbd029b5a
SHA256 3c821429451f634a6df9c29bc4674a019373b863ea67d0e1d2b7e56863bde76c
SHA512 ff00f87aa0d7bc9a8f950a954f800d1c4469f7713c0e76a6dfff0c3681058a078ea5d90aa4be23e0fd41745d3de58c334f6d9f3d06515c60e37df61d74eb3030

memory/1328-86-0x00000222EFCB0000-0x00000222EFCD2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_v2ixmam2.r0h.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/1328-95-0x00000222F01E0000-0x00000222F0226000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\01ee8850-5f54-4f4d-b92f-c6967e19b8da.down_data

MD5 5683c0028832cae4ef93ca39c8ac5029
SHA1 248755e4e1db552e0b6f8651b04ca6d1b31a86fb
SHA256 855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e
SHA512 aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 9af9ac5149073734e6655f895501184c
SHA1 03902234535eafb35b3cc93023e110ce1db4d186
SHA256 df9d459f6f5d805f7d6e75faee1568160aeb4079cb31b2f1a43437c15f796e75
SHA512 c44e2c4055db9704b006f6ddc040e89b1ab9e3e9a2d498e4f80c6ef713382d3a736815cf1531d9ae8f948d7b32d19b346f50297d59b114f201c0d36e4d0d57a8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4ad4b60d887976be565c36824ea57478
SHA1 a9726e3320d9a14ed4e535033d3792f4c7b3079b
SHA256 39dcb163f70571e38f96a1d996a0b7763056b8e3d017457a4132d63713f9eed5
SHA512 2a1d4d8d4ec6dcfccc7d329f1a1a7386735c15c48536035f525077365a7508dbd3baa3aaa299bf4fb22772e98d00e29ae9ba1281cc0a73d07a5c05f9f70d2998

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a77a3d9d247270e8a7bbfc92ac286995
SHA1 0fa92d13df211ee07c5235ed7fce7dda9207b261
SHA256 15e393c0c9798b933ad899b1f1d7094126c2067b28755319f3bec628bb51205b
SHA512 41c4966c4f4a46310e1c41341b5c6b4d85143ae75cbfc5edb247f96fba6a3aa48b4f783a23ed47c211b7924b284bd4aa24b77b107c23e594a35469a88256f45c

memory/1328-132-0x00000222F0400000-0x00000222F05C2000-memory.dmp

C:\Windows\Temp\MAS_7faedfbd-33d9-4432-a020-e7f1421cbfc1.cmd

MD5 18d2897d369dcccfbe3a830f3d9713d4
SHA1 6e599542010a457ad00304ad2dfea1db22f08950
SHA256 f79caa2aa5db0f98031605bd138080f3d7b6a401150ba411c42c09c5956ef126
SHA512 00015cbb6794e3f4fe81d1e9d84d8ad11ab614bfa5272c35e1c4db170ddd1369e42dd382af3e3892622660041bcf9fd6b2c0bc8787927d8467d39c4efff63e7f

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

MD5 e566632d8956997225be604d026c9b39
SHA1 94a9aade75fffc63ed71404b630eca41d3ce130e
SHA256 b7f66a3543488b08d8533f290eb5f2df7289531934e6db9c346714cfbf609cf0
SHA512 f244eb419eef0617cd585002e52c26120e57fcbadc37762c100712c55ff3c29b0f3991c2ffa8eefc4080d2a8dbfa01b188250ea440d631efed358e702cc3fecd

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

MD5 5f4c933102a824f41e258078e34165a7
SHA1 d2f9e997b2465d3ae7d91dad8d99b77a2332b6ee
SHA256 d69b7d84970cb04cd069299fd8aa9cef8394999588bead979104dc3cb743b4f2
SHA512 a7556b2be1a69dbc1f7ff4c1c25581a28cb885c7e1116632c535fee5facaa99067bcead8f02499980f1d999810157d0fc2f9e45c200dee7d379907ef98a6f034

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 8a9ce637f47cb4acdbef782b0c075292
SHA1 61c4f0209f159fae19220a78c4428848c90d0e01
SHA256 fd949ff64bc93b6bcff447de4f7307dbd4cfb391faf81efe2a845f8349d9b10c
SHA512 6452ea5fff0d3139dd61de41cb37738a228bd13f7b039aa519acb8ab5f2084c10473415f0d3631a68829e81da3dc6018e37cff3618c48ae358c9a94fa91eb122

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 5a7997b9cd9a9e512ad671443f815627
SHA1 fb9ad246acd82f99e797297a58134a9d0f997ba4
SHA256 ca530245f940ad5023933109e6f32d2e3f9b3d79c460affa9ae3105305c073ae
SHA512 916efb6ce72ee2a6d0a65be247234ae3f05252fc4466ba8bb02b004087a35d3a586174d4fcac767346da35410fd67557900419e1b80174aa3f8d198737b96713

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 473b79b99c60e3035769c12334a2926f
SHA1 f60d7700da1bd3e2798464c6530a8234acc32786
SHA256 9451b0f71ce6633418886779391595de60467a96c0294ef0ac340206dcd1a858
SHA512 89b975ddba1ad7455eac98a11271e0e79529d018372668f7aeef966134c5a08ac653a06b2eec85f037c61ef8e49818b78299f8d77eaa33c10b50c6403e1786f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a569c389654e062a26fd285b3ff1ec6b
SHA1 0c8c32b77513d2aeb43b028edfb04e687396029d
SHA256 9847b63cd562284bfb2d606891ddaefef34fb2983b37cc8e20c6b10519d788f5
SHA512 acba65f13e1d4a3fdfc4b51663f5e416735f09a6e3df64e28bc9b1627a222db6e5383a60dcbe679a377002efd2bbcd7be87e3172a7099ce2d529ad581f96f748

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 2c89b9b7bd1ea74a5103682311e922f5
SHA1 7d04398cb3e58748cd981ef1ab2ae3cd57a3d052
SHA256 f79afadc48255d9e46bd8f3cf5a8bad8fd5569230a68f3bdfdf10a7d8cf57ab9
SHA512 5296f49434adbf25afebcf6c5416abf60311a9d8e8acedbc0deb4e8e683a3c95752da06c2ba667c3327108f6384ef1e96aa7851f9777e243f7549a857d30d2d5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 31795ba7bb11b6e5f9766e1de7d83779
SHA1 e1c8d8d3ed3218d7871be4eec3c48e9b1d4ef38d
SHA256 261ade92bf572ef079ae491d3ee3c722d34516376e005b32364e2dd74c640437
SHA512 46b70c624cab8feef5d7a4cfb2979161e0292f9deb100075b0459b1f0a5eb38151a8d2d00e95bddef28149f2b4c420bd9744464f203f3e79b7e65377ffea1582

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a2786e5ca1b4bc3ae656a7aaf96d06fa
SHA1 6da601cac283055f2071f5c3babd9b3db53f9578
SHA256 a2d6fa5e1ddcc21e8078a501d8c4a7061425edbaf47776fbc6bda9db1464ebe9
SHA512 d0add5644824fb06a1357caca3796d611b7323ac024dfe8d3e8039fff5da7729d0563169d0e56435507761090893bab36d56386fe364da153310ac9507768424

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 efbdcb1e96c21b1fa3a8ee282decfaa7
SHA1 4b29742350c7851853767013e11d09fb954063ac
SHA256 a2f2f0033d120152c7f43db61e5867c538be686267424e37ebf1f81c2108c41f
SHA512 8e88e8ff7da00f85b2f2840a94eca8f75f425c8058a6cc86a1681784e5b0370369560a04320dc747602e3fefed9b5af750afef52bcc137944999c1c4f5e8a808

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 b61169c9edc1a98db544cef9bf2252e6
SHA1 4403b93c1c9a645874148498d5f517b9612ae500
SHA256 381e3cd06ab77d3c83c2289fc0507cf684ebc2b2c8ba978b5a148499b6c831d3
SHA512 85f85ac0a6c442534b470df7088d3f358679cd934ce9b9f5f4c006dd7403ad4c20c29ade538970782670da519afbff7bdf1714910651d382fd6059405c6b3268

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 b9d6991ff53b9449c6309c88b29c8ecd
SHA1 b216bee89e62e442573322614cc9ef4670847209
SHA256 f5d3c064817c82403567234b39eef76a84bea1c8201b7648bdd83ce5a7ffad15
SHA512 e634d699f9cf9f0c66c954058cba643e8e60bee950bf730677652c3066ce79bfa2d7b8e3de82c9d3d2e8035236fd7c756771a45da072c335611ff9d069f0c44f

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 e16230c01991373e9431ebee63505e40
SHA1 352ff273303185e7fd3e1c7b8bdec40b5315b3c3
SHA256 07632f6f4a596d9119a5c4fde348a9b6c001646849c2409937c42d45e5abc77d
SHA512 99f240645697825aefaa83d7928044475e5f7866370eedc9ed1dff7891725ec052d974c0a1bf5245367f29774c3694090b2b03f89c0d0270d8cf1eefb30fa034

memory/3420-257-0x0000023454050000-0x00000234541C6000-memory.dmp

memory/3420-258-0x00000234543E0000-0x00000234545EA000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5dc94771f074fc66ecaf24bb950dcb07
SHA1 90c9a6e324af174c3160a54721b9b4765ccbc876
SHA256 00b557abce48e9dde431cb11d5dfd2715fc12f577e4562c9dbf51b4fcc0869d4
SHA512 89f01f6b6037b8e21b5fc8edf4840ec25cff33150356055c81aec60d3fa879df372654852a8ad74d785aac95f346cede782ea7bc1de6661a17bf12050cf9de68

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 a234e5a3d3b33dc215ba6cb8a633ccb9
SHA1 e28da8d6f6a159d6320ed80e6ce56c42499f0c80
SHA256 47ea060ca03c816fb95cc64838442bcc5b0288eea663f093b09f1fed0c139102
SHA512 9715bdf9b6623e15c98b1b7224ce8f16e1038f1de149caa182f8c3dbccdd2c685dba6fb9b0e425447fac88556edd11e1c574cd9de5314f782aee4687972e78b9

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 8df572a0817133b4466d3e8a290a90ef
SHA1 fa72d850ffc8c58d0029177d712209b51060d395
SHA256 1dae22de933a5c5deae232e37eb094478ee623d2d21d70937eee35527e2fb708
SHA512 e3f5032856f285b7c3a474a6fb88aff157967537f8a173bd300b6e0caca113633470af4e2fb145557efad7d42751f08fa5e4c8952a47c7333f8e83e98736535f

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 4ff61168764e8d61420df03058f20397
SHA1 50fa0cf7645fbfca7d04854aec3c449d0a6ecf5c
SHA256 58c5418788096c4b56e73782496175326565909923cc68e23868286c040b91b4
SHA512 26c02fa0c149fe7825138d1f90fdfda58332a12ed6a2054b90da0fb9a585213b63e6c1982e12c1b557b2bb6ac500d01cd1f647ba5b6759a94c43bd65c62a3e82

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 41e5e27d5dd0bb8f89d1101e2fd04f23
SHA1 08d3ddf3ed53ffd507fe562d6bf57114213444ec
SHA256 df6221e3e7a9f17d313f70f83ec0633ace6bbedc1e6ff6a8c39c71e22dbb8378
SHA512 20819b915d463bfb5429f240cd83ffb20a4a89ffcc40ca236ffedd2dfa5547dbfdc89e1251d91f9c04d662563a7fb7847481132a3f0a9742e757401907b2aca4

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 f9a3fed7674532a6c437cdc562e2cd98
SHA1 1afde1020a74c82a995f3ac3fe1ca107b6b926e9
SHA256 0cac778b1788102322d0a6c6b84b4bba8de3b3a4b88d6b883ac0e76d066cf6b7
SHA512 883d60352705353ca410f46da9857b22ec9b4bca947a156efffa9c812a3faabb66e795e9dbb0947b76dfb9ad9c12a0975c541df96dedc510c29a789505660d0b

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 2ed3e93c5ea3cd1214104c7be0e3b5e5
SHA1 cb1ac632d617f7386fed7c02c4c9803f2e57619a
SHA256 7c67401d7bacb6154e748233412b4b9331c54eef286a5ea506b1b297faef2461
SHA512 4779ab2c814c7b2aa9f204ecbfae1f6d19f1891b5cd9507fc754f5fec12d75e17e2d68c1a3f36ad75217f40c7383bd75cf9f96718a235f6e4b3a2ca7f61155ef

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 adb872a12e371f2404cff901071b9a8a
SHA1 66f36bf6b6ae95b0087f7d1c8d5190d300126e26
SHA256 da1c5782779a447f967fda6305e906c24a9c7caa2d0cc8c5e1a6c4f14aae7022
SHA512 6119bf9000764b6e502ef69019dc49a2d04980b8dc7199dc95dc94b6811603b645a0211fcbfafaf4226ce2b2d757c25987d96c9a83fc1cd7dc991670a309bab6

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 bf75ed68cdedc78a21d970fd42bfe675
SHA1 8a63bb6befbe1f3aa995c44b76c9135f1609f6c0
SHA256 a164d5b76e95adc84156fa9bfca60e9f07fc07145153d2928a77c195e3c629db
SHA512 3f2db4bbd63316ea9f14f1c305b615af681855ae702561920bdc748239e2baf5142b8f7023abcc6e05c3da9a2e549441d9804fe60622f53f1ed2862b79f73b0d

C:\ProgramData\Microsoft\Windows\ClipSVC\GenuineTicket\GenuineTicket

MD5 67a8abe602fd21c5683962fa75f8c9fd
SHA1 e296942da1d2b56452e05ae7f753cd176d488ea8
SHA256 1d19fed36f7d678ae2b2254a5eef240e6b6b9630e5696d0f9efb8b744c60e411
SHA512 70b0b27a2b89f5f771467ac24e92b6cc927f3fdc10d8cb381528b2e08f2a5a3e8c25183f20233b44b71b54ce910349c279013c6a404a1a95b3cc6b8922ab9fc6

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 b6c336e3b3cb2cd04d42baac1aa4aa0d
SHA1 35a943816f3e9cd596e91be92c4bdb1b05a42d88
SHA256 4518fb6ffb3f70be78cb243cac94fcf74d9c58d2e7bd8c510ebe696d3f81cb60
SHA512 42c4a8f07051ac7c00014ddaa0b0db50bdbcb49a30ae96803e37f3a566c100932367e0a50baead881509ae4a4d49c769513626c5015fe0a02d1d3ae22ca759f4

memory/3636-381-0x00000298B4B20000-0x00000298B4B30000-memory.dmp

memory/3636-382-0x00000298B4B20000-0x00000298B4B30000-memory.dmp

memory/5092-384-0x0000028D32C10000-0x0000028D32C20000-memory.dmp

memory/5092-383-0x0000028D32C10000-0x0000028D32C20000-memory.dmp

memory/5092-388-0x0000028D32C10000-0x0000028D32C20000-memory.dmp

memory/3636-390-0x00000298B4B20000-0x00000298B4B30000-memory.dmp

C:\Windows\SystemTemp\temC005.tmp

MD5 b13af738aa8be55154b2752979d76827
SHA1 64a5f927720af02a367c105c65c1f5da639b7a93
SHA256 663ef05eb1c17b68e752a2d1e2dcd0eaa024e4c2ec88a7bc99a59e0aeabdf79b
SHA512 cb774f2729ce6b5cda325417fbad93e952b447fa2e9285375c26eb0fbdb7f4f8b644b1007038caafd6d8ba4efb3cc8c5da307c14e12be3454103d52848a029a4

memory/1688-398-0x0000021AA9F20000-0x0000021AA9F30000-memory.dmp

memory/1688-397-0x0000021AA9F20000-0x0000021AA9F30000-memory.dmp

memory/668-400-0x000001EB043D0000-0x000001EB043E0000-memory.dmp

memory/668-399-0x000001EB043D0000-0x000001EB043E0000-memory.dmp

memory/668-404-0x000001EB043D0000-0x000001EB043E0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\temC758.tmp

MD5 6b66b9430f41f128c1819c1e2d70a896
SHA1 5b305c83c14521dc33d394a38abdeb8f85d52a3f
SHA256 6c2326e6d50981ea6499aedb5dde2ae26bc307f984faee51833a0b0d78c4f7e7
SHA512 e9f2341a17746d4ba99a2041dffb0b82b5b88255aa6a5a60337c2fc696cf5d828c3efaa722cbcfa08f5464a1d97c9d0aaea7eb9ef43a5cb2a15668b3bb3c6558

memory/1688-406-0x0000021AA9F20000-0x0000021AA9F30000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 8763501687bb4a9fe9c1e5cf46300f51
SHA1 707ffedee9090e87f84cecbdfb2e56301369575d
SHA256 6c48610e3f917711bb88c066f6cdcfee4a7bf6aaa46f07c614bae0bb964ae848
SHA512 68e95316361fd88c665c0561a222e1e9c1580f90ddd545d5e72cda892413bd010195dde0804a3585785aed7a48cbcadf64b62e42b87535d3bef36497c559b0f2

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 1e84b6b878dfc86f8ed59df71a52e495
SHA1 5b17b7db1fb8062ce94420e6de4d7e58c0ea6232
SHA256 3d382407f7e012bd850e70e312a74cec62a5e43c84e8acbaf54382f49caa0f06
SHA512 666e28cbca1d5b70cf179ee98acfb1bd1e514c62afa539fa279b5b412f208cbe2e5c91ed98228bcd27bfd5d129b0f3845371583410a0ad1384e44ea3ad184b17

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8bc1854e6797529e6d307ade42f3ad9a
SHA1 403fd3dcb0ed04e80fd37fe76d0c0556a76a3a9d
SHA256 46d3c9dbaec5a9a2ffee91e59aa10b532f417cfd2400989809dc68918a670efe
SHA512 f67bf3829b712f0f90a2e441992e7811151beb1ca29ab3939302d73bdc3e20c84276c14681b8b56cc8345c88f03ae51fe0f4f8c2d685bc051cfc5286b0da1eda

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 57abf6ca512e43fe186ce419abf9f81b
SHA1 a47f75b5de71a260f1d68919b9ed9f2e0145720e
SHA256 02fce44a7208321dd023124e7041c26f36777a1c562043bc97de999ae94dab8b
SHA512 f47bbc731651b03d6cab59c0aab7a93ffb99731c21f8dc31df4f534304e40ba5101b82419dc4c3127458b1f13f0b053124e943bb5f3ba55732482ee7d0755a47

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

MD5 d56ec83037d9230c7b3ed19c1a2dd3ea
SHA1 35e112ad019e333c01e374ed4b34b56435990bd7
SHA256 f91c24bb3a54565c8338526885ab5944503c8e5e0d02e920b640fbb843872c18
SHA512 4a8ac9cfb32df89fe16f8730df5b994b94c066504f22c2fd5cee97bc41358f76d1c10eebd7e2fb445bcab93952ae525062c3cb3c576236bdd9d65b888ec81adb

C:\Users\Admin\AppData\Local\Temp\BA2549D1-BB80-48DB-953B-5AA600DAFFD9\DismHost.exe

MD5 17275206102d1cf6f17346fd73300030
SHA1 bbec93f6fb2ae56c705efd6e58d6b3cc68bf1166
SHA256 dead0ebd5b5bf5d4b0e68ba975e9a70f98820e85d056b0a6b3775fc4df4da0f6
SHA512 ce14a4f95328bb9ce437c5d79084e9d647cb89b66cde86a540b200b1667edc76aa27a36061b6e2ceccecb70b9a011b4bd54040e2a480b8546888ba5cc84a01b3

C:\Users\Admin\AppData\Local\Temp\BA2549D1-BB80-48DB-953B-5AA600DAFFD9\DismCorePS.dll

MD5 7f751738de9ac0f2544b2722f3a19eb0
SHA1 7187c57cd1bd378ef73ba9ad686a758b892c89dc
SHA256 db995f4f55d8654fc1245da0df9d1d9d52b02d75131bc3bce501b141888232fc
SHA512 0891c2dedb420e10d8528996bc9202c9f5f96a855997f71b73023448867d7d03abee4a9a7e2e19ebe2811e7d09497bce1ea4e9097fcb810481af10860ff43dfb

C:\Users\Admin\AppData\Local\Temp\BA2549D1-BB80-48DB-953B-5AA600DAFFD9\dismprov.dll

MD5 2ac64cc617d144ae4f37677b5cdbb9b6
SHA1 13fe83d7489d302de9ccefbf02c7737e7f9442f9
SHA256 006464f42a487ab765e1e97cf2d15bfa7db76752946de52ff7e518bc5bbb9a44
SHA512 acdb2c9727f53889aa4f1ca519e1991a5d9f08ef161fb6680265804c99487386ca6207d0a22f6c3e02f34eaeb5ded076655ee3f6b4b4e1f5fab5555d73addfd7

C:\Users\Admin\AppData\Local\Temp\BA2549D1-BB80-48DB-953B-5AA600DAFFD9\OSProvider.dll

MD5 e9833a54c1a1bfdab3e5189f3f740ff9
SHA1 ffb999c781161d9a694a841728995fda5b6da6d3
SHA256 ec137f9caebcea735a9386112cf68f78b92b6a5a38008ce6415485f565e5cf85
SHA512 0b18932b24c0257c80225c99be70c5125d2207f9b92681fd623870e7a62599a18fa46bcb5f2b4b01889be73aeb084e1b7e00a4968c699c7fdb3c083ef17a49f9

C:\Users\Admin\AppData\Local\Temp\BA2549D1-BB80-48DB-953B-5AA600DAFFD9\LogProvider.dll

MD5 c63f6b6d4498f2ec95de15645c48e086
SHA1 29f71180feed44f023da9b119ba112f2e23e6a10
SHA256 56aca41c62c8d0d1b26db3a01ef6c2da4a6a51fc963eb28411f8f7f029f1bfde
SHA512 3a634340d8c66cbc1bef19f701d8bdb034449c28afecce4e8744d18181a20f85a17af3b66c8853cecb8be53f69ae73f85b70e45deac29debab084a25eb3c69dc

C:\Windows\Logs\DISM\dism.log

MD5 38aa5f20c6e6b0dac4ee531f80230acd
SHA1 49734c0fca522000f9258cd3c04fd606d4ecbc07
SHA256 76562d10270cde5c63526b27fbd8fae6e0eef43a94a3b91b87b1a2460c3d5369
SHA512 64ac18c55e7b285fa669729aa191d4fd1b1082e819d3049bf0231151b5777408a79bb5c37625f132bd19016acdd64078b259b1631609e4ffe3ab1f2b669207e9

C:\Users\Admin\AppData\Local\Temp\BA2549D1-BB80-48DB-953B-5AA600DAFFD9\TransmogProvider.dll

MD5 c1c56a9c6ea636dbca49cfcc45a188c3
SHA1 d852e49978a08e662804bf3d7ec93d8f6401a174
SHA256 b20b3eb2df22998fd7f9ff6898ba707d6b8833a8274719a5e09d5148d868faaf
SHA512 f6db05e4644d734f81c2461e4ad49c4e81880c9e4beee13dbbda923360ef6cf4821fccd9040671b86ab2cd8c85fc313c951c1a69e4df14d94268753ce7ae5b2e

C:\Users\Admin\AppData\Local\Temp\BA2549D1-BB80-48DB-953B-5AA600DAFFD9\ServicingCommon.dll

MD5 07231bdae9d15bfca7d97f571de3a521
SHA1 04aec0f1afcf7732bc4cd1f7aab36e460c325ba6
SHA256 be75afbbc30cad7235adf03dcc07fcee3c0c330c89b00e326ebbef2e57df5935
SHA512 2a46e0657e84481faf5c9d3de410884cb5c6e7b35039f5be04183cdac6c088cc42b12d0097e27836af14699e7815d794ca1cec80960833ab093b8dc6d44e2129

C:\Users\Admin\AppData\Local\Temp\BA2549D1-BB80-48DB-953B-5AA600DAFFD9\ImagingProvider.dll

MD5 4c6d681704e3070df2a9d3f42d3a58a2
SHA1 a9f6286ac25f17b6b2acd1fce6459b0bc94c6c81
SHA256 f1bbab35b2602d04d096c8de060b2a5cf802499a937fd1ffe749ff7f54852137
SHA512 daa0c723312680256c24457162e0ef026b753ba267f3e2755f838e2864a163802c078d8668dd2c2064cb8887f4e382a73d6402a5533b6ac5c3cbf662ad83db86

C:\Users\Admin\AppData\Local\Temp\BA2549D1-BB80-48DB-953B-5AA600DAFFD9\Ffuprovider.dll

MD5 a41b0e08419de4d9874893b813dccb5c
SHA1 2390e00f2c2bc9779e99a669193666688064ea77
SHA256 57ce7761531058f3c4289b1240bea6dc06355c9c4b4e88b9c9c0df8012edc5b3
SHA512 bd370e49da266148d50144c621f6415bdd5358e6274b1d471b8d4ee1888d93774331c3f75e6cb99782f1c8e772981cbc5a4baf5592c6400f340407dc670e547a

C:\Users\Admin\AppData\Local\Temp\BA2549D1-BB80-48DB-953B-5AA600DAFFD9\EdgeProvider.dll

MD5 c22cc16103ee51ba59b765c6b449bddb
SHA1 b0683f837e1e44c46c9a050e0a3753893ece24ad
SHA256 eb68c7d48f78b46933acba617cf3b5fcb5b8695c8a29295a9fa075f36910825b
SHA512 2c382aaddeca4efda63162584c4a2338ffcc1f4828362ce7e927e0b39c470f1f66a7933ae2210d63afb5a2ae25412266fde2ee6bdb896c3c030bdc08b67ec54e

C:\Users\Admin\AppData\Local\Temp\BA2549D1-BB80-48DB-953B-5AA600DAFFD9\UnattendProvider.dll

MD5 7c61284580a6bc4a4c9c92a39bd9ea08
SHA1 4579294e3f3b6c03b03b15c249b9cac66e730d2a
SHA256 3665872e68264bbf3827c2bf0cfa60124ea1d87912728f2fc3685dce32855cb8
SHA512 b30b89d0d5e065042811d6ff397d226877ff698aeb1153681692aedabe3730e2f3746ad9d70e3120e336552bab880644f9ead0c91a451197a8f0977a2126a0fe

C:\Users\Admin\AppData\Local\Temp\BA2549D1-BB80-48DB-953B-5AA600DAFFD9\OfflineSetupProvider.dll

MD5 3437087e6819614a8d54c9bc59a23139
SHA1 ae84efe44b02bacdb9da876e18715100a18362be
SHA256 8b247665218f5151f0d19f59ea902a7c28f745d67a5d51b63b77242ffb4bdd74
SHA512 018e88f6c121dd4ecaceb44794e2fa7a44b52ddb22e7a5a30a332905e02065cbc1d1dcddc197676277b22f741195c1b7c4c185d328b096b6560b84e9749d6dde

C:\Users\Admin\AppData\Local\Temp\BA2549D1-BB80-48DB-953B-5AA600DAFFD9\WimProvider.dll

MD5 bcf8735528bb89555fc687b1ed358844
SHA1 5ef5b24631d2f447c58b0973f61cb02118ae4adc
SHA256 78b742deddee8305ea06d77f296ad9fe0f4b4a27d71b34dcdff8ae199364790c
SHA512 8b2be4e9a4334a5fc7f7c58579c20974c9194b771f7a872fd8e411d79f45fc5b7657df4c57ad11acb915d5ea5d1f0583c8a981b2c05104e3303b3ee1469b93f5

C:\Users\Admin\AppData\Local\Temp\BA2549D1-BB80-48DB-953B-5AA600DAFFD9\ProvProvider.dll

MD5 2ef388f7769205ca319630dd328dcef1
SHA1 6dc9ed84e72af4d3e7793c07cfb244626470f3b6
SHA256 4915b0c9cd8dc8a29dd649739974d244f9105dc58725f1da0d592af3b546e2bf
SHA512 b465917424dd98125d080c135c7e222a9485ed7ec89004f9a70e335b800e5b9419fbc932c8069bae9ff126494174cf48e2790030dd22aa2d75b7b9d8ccff752b

C:\Users\Admin\AppData\Local\Temp\BA2549D1-BB80-48DB-953B-5AA600DAFFD9\Vhdprovider.dll

MD5 8a655555544b2915b5d8676cbf3d77ab
SHA1 5a7529f8a6d50d3f4e13b2e3a0585f08eb0511a2
SHA256 d3a2dd7d47bfbb3897b927d1b7230b5b12e5fd7315d687458de15fbb08fb7e27
SHA512 c6da649ae3c3688065b37bccfb5525ade25ba7bc3b163ad7d61f3b3d1c4957c8fd6c9f2bf23b0dbc4fffe32e980acb5a5d3895b8a012c5ed086e3e38caee2e93

C:\Windows\Logs\DISM\dism.log

MD5 39fea68b2ef2dad7d170c2651e2e9228
SHA1 79d281de2a1517ad781545a15d65618067b88909
SHA256 119d14c146c1755c9c1618d1b8026b4dde0ee00a831c88ca6174d2aad492fff6
SHA512 21b12798adba1132237edcdd8393b8791dd409e029f31e648c9c193850bade9878f1af5c915fb02c0c3c642b96471cb8b7eb6ce951068c484f543ad806e6d5f6

memory/3708-1281-0x0000019DB6130000-0x0000019DB6156000-memory.dmp

memory/3708-1280-0x0000019D9D7F0000-0x0000019D9D7FA000-memory.dmp

memory/3708-1279-0x0000019DB60A0000-0x0000019DB60BC000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 02a4b762e84a74f9ee8a7d8ddd34fedb
SHA1 4a870e3bd7fd56235062789d780610f95e3b8785
SHA256 366e497233268d7cdf699242e4b2c7ecc1999d0a84e12744f5af2b638e9d86da
SHA512 19028c45f2e05a0cb32865a2554513c1536bf9da63512ff4e964c94a3e171f373493c7787d2d2a6df8012648bbefab63a9de924f119c50c39c727cf81bdc659f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0291e93d-5e8a-42ca-bdd0-74837f2758a9.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 826c7cac03e3ae47bfe2a7e50281605e
SHA1 100fbea3e078edec43db48c3312fbbf83f11fca0
SHA256 239b1d7cc6f76e1d1832b0587664f114f38a21539cb8548e25626ed5053ea2ab
SHA512 a82f3c817a6460fd8907a4ac6ab37c2129fb5466707edcfb565c255680d7f7212a5669fe2a42976150f16e4e549ea8310078f22ed35514ee1b7b45b46d8cc96e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2bef0052b33414424f380aa39a1d1989
SHA1 d676a8bc5f804b77b010ae21ad30067251d5f79b
SHA256 92af44067157e4d90c57eaa8aa6cbf5a680edb7d7fa3c47a2a50bba25d27e58b
SHA512 4803847bc83ed8e3a0a19f7a30405bd4bafa9e5d2bb15cd11f10b9e74b9fb83d9956bfec1b9ae5093dac5a84ad60114275808ab1669cdd76cb24f93b336a81be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3fc4689ada1e5dd24e4d5f9224c54300
SHA1 4765296779b2ce258e4043b7a65a84c9ff076c08
SHA256 47b1fa930d2368630628845546015569ab07560d2a1f18cb6903635769f414ed
SHA512 1709798fc47ae4f252f195b75da7d6e3d1ab93c8dbc2661e6c63aaf2c8cab66c9bc70ad1d01d766fc260e8a8d6e0700a612cdb99f82b0b1d0d6673b0a15b063b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 05f80a840e35e61a05832b33d8552a1e
SHA1 9eea718d08883bcf229a03d865752ff2f81c64e3
SHA256 0693f5bbaa02c336bbbb5404f7765fbb71177b00506196b790c5e4e4d110da42
SHA512 25c48740f5517df4081247f11870c8ab745099db2b46f8541f3dd105edd39361ef1d5ef20a1f01beea8954b2075793c8a6ef448f781b1e406656b78f5336547e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b6e1551464141c18f085ff4a6e8bee15
SHA1 039ec443e400a75a6f791d51696bf1ec56648533
SHA256 1d629cfdc32cef3569df88266e333eeb6b47e15c5db110ec1ea9481692024806
SHA512 a0f121e700b48518d1a33f1e8f81ab51af903c28aebe38c9f65b5799bc34a4d30523606a262b0dda9b7cb0cb5b497920abe5417ec2af456ba91220b0b044b03d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 cc1db319db6494c9f2f5781ea54ef3e6
SHA1 c013d78e636f104fdc81e2777ee4f35aed65aff6
SHA256 5bfafa93c8e62743f5f4cfe7989cd183504ecc5de4bd36cb8b4308205637858c
SHA512 daf7e6fa5babbcc649af0bc3e44fc9a7d87c7a9c9d99a49e004401aaac612163903882a80b732c7e35938cf78abfc5499507c36a33f4a37035f9ec0ed79ac10e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 86235b5a657c7552bc3756e084e5e446
SHA1 e1eab22f8110f03152c78e03fa19347b417507e4
SHA256 1b850c834606bdc26fa5ec11f0b132231655cf1db24a8bc6e71a98346b3b0d33
SHA512 a4ecf9d08a29cb372148beff4e4ece969b5a78713d5e36750231862658a5d0f4287cebf1ab67f74d0459f00f95ffed3961762d4fb603462e41d191616e7517eb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 01451050468e94373d45a5808a86d6a5
SHA1 adfe94988a7fb026776d5ed95a8199536a9da911
SHA256 30ec92905e2705875ee6668c761f9f0fb4b5e1e67af42fdec513f847b4dfe229
SHA512 44a3230da39bfcbd2ddc5de94cdbd97c6249b65720f6f8b2515a3dc4ce142220b0758e8dc490451323569bbf9090fee97157493aa08d8329d7b123c82cdae12f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ba91cd4ddf8e3d35841d63d76f9273e4
SHA1 73cbf563839184985f8d8744dcb5d08812afaebf
SHA256 3e18910ebfc4a2c0abaafa593b2184147bcdbdc0aa4f3a92cd72323c0834d411
SHA512 406f14baa7859804d0aef20fc70bdd450b961898de0243d7924460634d9e91b8960a1883c4c956aa7686bd87146d4c155e70c69c2bbca5d43dc1c3fe2fb6722b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fe8304596858c3e839c02481d6546259
SHA1 dd0d686da46f3bb0c9945d3e69bb3182c88d6d7c
SHA256 03ba521a9d5c0f0351d64c9ed393f59b72ff339717409d6663bda0fe9b5210f5
SHA512 fa107ffa198dcd101065596b1d17f18f0b9612a691d6427a0cb7f27665a45cda8eb11672d4e8d3120e752b75e6fa5bd91c00f85eb49616beb28d99c564f44643

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c4d3f1278d890f7e9e9f4214319c73e0
SHA1 c0320b0733f838c3b5592d050e29711d7ca431b6
SHA256 ba6af667b4f548dda26087dbb447e9e8d90f1a16e7d859b396f9c9bea44242c4
SHA512 acb649008557b3173ff108a03d2175c806218533c3e885032e3e6d88ce04e25a4a76e2c161af348405bb651276a8a407b2c9ffff83f1548e4a6bbaed17e16856

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 13a6af0d3b2ef210995717a9fa1d3820
SHA1 3b8ca7d2dc19bca101636dad0b3941716095d64d
SHA256 f3cfa6bbe1860dfc8a2a90cedc9f8d8dce121c559a0041fdf25363117b38f2e9
SHA512 af6125ed08a9e9a9a0607ca8c3809541c9e79d75624768112a078b3f17ecf6d540ee8197e641343dfe07556b8266554d1a598d00728516dd85a3b573fac4faeb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 fd221380f1161fb70c9a0c6bc8375645
SHA1 3a5dae65f7913fdc7326b2113c4cfd127fee29ff
SHA256 1c2e43efc6fa17d44ccbf973b255cfb263aa72e05250ad30f7926157d6806aba
SHA512 c5b0738dbb5adb16882f6b36194732fcf2372af558d9ca782f463524026b8c35a32306be2518e8b2a55a232fda1fe5875e009a1ca6d46d99146a383778b590e4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 79e90b79849ab24f7077995c4e45f1d5
SHA1 3dae744f25bcaa1b690d61b789a8b1e58a790953
SHA256 3d2a7a2b6c89618f30d26fd5dac9ff7d52d6cf1d3651fd7aaa1d1229464b1507
SHA512 6169379e245102bc4b1ff74bc2c7cf356f24fdef55e5f3f8a7323da36f6ca92f1ec38bf230cacecc89c33e12e1b201de417a570a998f31cb281bed3ae8f8deb1

C:\Users\Admin\AppData\Local\Temp\scoped_dir2772_288494346\CRX_INSTALL\manifest.json

MD5 2d15a6576d5d85222f9f367c286205d5
SHA1 a51fccba42570f45a57b3e3951da75eb553eeb81
SHA256 31e923ef15ac783399d5a4ca5c67e96342cf7f18437843e2a3f55b551c6dbce6
SHA512 92217626f79111b1329a3c91ac4923354aa8fc31fd7ba7428a256e9acb35825d6ea28fde02b4ae44914adf359b3dd11d16f274040dd8e675f2aba66139b52661

C:\Users\Admin\AppData\Local\Temp\scoped_dir2772_288494346\CRX_INSTALL\_locales\en_CA\messages.json

MD5 558659936250e03cc14b60ebf648aa09
SHA1 32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825
SHA256 2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b
SHA512 1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\dasherSettingSchema.json

MD5 4ec1df2da46182103d2ffc3b92d20ca5
SHA1 fb9d1ba3710cf31a87165317c6edc110e98994ce
SHA256 6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6
SHA512 939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\_locales\en_CA\messages.json

MD5 07ffbe5f24ca348723ff8c6c488abfb8
SHA1 6dc2851e39b2ee38f88cf5c35a90171dbea5b690
SHA256 6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c
SHA512 7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 ea6f2764dc7249e222c04e3a90f6811f
SHA1 2c361f8f93bc279182e683da75a0aa7930633088
SHA256 0c382208d22f3c15e0452c2f891cab74abd6b0bb936c5d03929c65d550319c37
SHA512 95cd79c1932c19a791d8a5692c2604f156fcf8ffd091ed69979a1e5cfa8c4ee2956b2af1c064991f778f88a8e8751474313d340f2f2898d8483165656727da0a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7f954459f84b3c92d3e71bdf8d0df094
SHA1 5247b2ba0233b5c0beeb88af9310b09b922e146c
SHA256 6653e795673d0da3f0751711673f749e1a195721579c1390f3bc7d6193632e7f
SHA512 eca90c4c44074da0542f7b5ab4c78a5448a3ea2d39c7d5d7f670dcfed6dafdde9ca7ec2fc2116a0bb94b59c20cba5eaa053a9789c7135b1df9d9c758934a3419

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 dbe74add18c97d938adc89fda801991f
SHA1 bd2db054387be26b86310e402d597095b17534e3
SHA256 f4335287747e90c48fb6c9859c7eaabc05d1530b74428a0aeea3ba078236e77f
SHA512 81cfda8902b848d2e2b8adebaffa140bb5bb23305c92b0aa7c7b1397793191bf22f66a623be40c9da2e65ebc575ce6c7009dde85a51f71916aacc773806380ad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 596958fdf8e4274b5a7b357ba777344c
SHA1 3df8a6e0afbfe14505847026cd14e3b6c49030aa
SHA256 ede5839fab2a7c66fb553d88f379dd2ac1e743badf4e725034ea9ed7acaf536e
SHA512 d21c42c4d4fe2279392831abe5ae64c1856569b9206e0429e337ef4af668fb9b09f82f2ba5d99d3b245c5ab16e5695d91078ba89c13fd690ba0f6dbba30dbce1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b27c1f843bd8b66f9a682d2af3315a31
SHA1 de6c06543f934a721237627323da62fff554fbca
SHA256 e735b8207361ed9bdf6eae699e991bfc242e6eba7d468a7be2e7c38232840f33
SHA512 64e2c2ebed5c4aba79e32c2bc1cf3eb2e18f53bd5f1c82c848ceeeaab5533d3b2d2c36ab9f95c548c48e740dd69e5e97e3e6a9f5c44ed19d281884fd7133a82c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c01ee4135cc3f61b3e7832490ac953c3
SHA1 8106be84012235ccd5db914adcd5a477e5f2fbe9
SHA256 42530220a30658c872fca637a7bd62dd0f56f37a5bf608673cc86fcd2d6e812b
SHA512 75b276597f1304f72b52d4b85c30ac6bf00f50b4194f76515eb3061a904fc1664bdbe6ad22abaa8fd1bae200b7cd2f892bd807535d1b8f27accd946bcc3738b3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 167ffcc7b53754cf4e6bcf6dafa0453c
SHA1 799f22d916bf0c287decf440ee4cfccaf7d4ce4a
SHA256 4d23f2a3c38622163860e3445ee21cfb7a3be8571d6c4aeadd4b41d7c009d0c5
SHA512 df99019b7d7a0937281055754be3d24102682101033c64ed1bb3e77b5ee20fcb68b8638cbcbfbbbd2444cdb5e438603f6b9460744c9aa177e35e597cc018f079

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003d

MD5 e8c95f96a1ace513eb655ed4c8cbd2bb
SHA1 097040c1cf2b509dee77be6dfa358bc07efaeb4a
SHA256 52948a7cfed4f861063f1b3ecbb3cc7de35a0ff8dd9841fd27cbbf88ddc01e10
SHA512 d35d012c8ee924d78690ef4c4e739528d6871886d70ca351a1e003366fce81fa13619936f11ddf9bba096da8ef1cab766d2fbfa608e7d44c51255dca8107bc2f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d9abba141699137af73ca6dc3387a4e9
SHA1 4c1cf7c8d826938a9a1c72cc31c5826b4fd8bab1
SHA256 40f590fa4b5c9c57176e298e470c100d2d5eb2b57be6f948e678dbd19cba642b
SHA512 ff67ec2c85549090ca672bbfc71e929029ed5b36f30887a9484bdaeaf12da32326472a49964d34963c9126c0fa3c0bab81224f5d9536cc5ce85762f02d731df0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 19d7cbd9e6115f3afe70539ae3abc9eb
SHA1 70dc69a582ef6e63ac63abbf3872d5cf16dcbf2d
SHA256 0053fa8af248de5ce1b22a365413088d1ed4e05d7f0441aac3eef1681c5aa870
SHA512 8cb8cef604a384f256db0f8b5dc363be847e8e85c35577072b855f70168ba0ca74d9ad253f01a9ef39004402a8716a14148ea101fe240e3bdee714ee3d0ba9e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b2cb02f9e5919e89d5a7edae67e6c418
SHA1 0f5386be8f93a98961f5edcaf59bb2edb06026e1
SHA256 115b455a413869829fa44e1c22ea31cc80b022d7e1b426b9b0c13227a6da3587
SHA512 1fc4aba6702c1d071279e2c7f218f8bbf4b809bb8f3f14bead1df72c5aa672ad0127779e192992bdc51520384fdcf04c4cdcedb6302e33d02b0ca6b81365ae88

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 35a4e6111fedc020fa98de7cd725584d
SHA1 f642aa4bbb906517fdfbb5fac1e86be3b0b031c4
SHA256 fc3198529801b645c9b8d114fc29789ac9ab5e6f5db54e5508fd3f560549046c
SHA512 0d56347b2fd4fd8dcac68b27283060c3eddd26f6829402a724ff26f01937cae92d3956d1be189495c42e546dd172c4fa64cb547717328a1ce8241e43ea8f31cc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002f

MD5 2681b2ff3f6e8c46f69f0e10f98de946
SHA1 79cc433d1c8c9b5e77ff36daef581a64ec9f166a
SHA256 c2577e85856476dac402b5900f4e4c65db3b9b4158ad2ee14c47a33b045964c7
SHA512 f89a756d88e0713240cd2e4029e1d102f6788fc2c17ba82bec11235df63db288616b4ec00d216030a4f87a767c18f2d8a9e8a0098324101f189c247deac5ba35

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.whatismyip.com_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e558177f8db0e6fe56eadf27108c5b63
SHA1 3d8c946b6cee475b59fe8afb7525322cf5e35c85
SHA256 536ff838ccdf0afbeef24a6b48d6940a7edb4467ada377d7e5b0ab31f3b5fc3a
SHA512 a03923c5234e4c73c29926c1df27a5e5b366cfdbad30af41d156be82beb0b72e8b2f1b77051000d9eede3b9be88e3be7dcba5158f3812e752995b1566b98bec9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 784c3424ee126eb0f4877e2bf017659f
SHA1 cc917a7720f5764ff50b0ae45f42f4fb09805682
SHA256 9aa4c6d2f54cfb1cc0f4167475f115e488307439b9dd48788f94a3d0129de0e4
SHA512 c959862bb3229c229c132443c9a86d5574fce66457ef874b13e7c223346b8a8c9fdac9a60a438ee23a229edd594acf34dd5b49532b702618b5bf58a18a4e499b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005b

MD5 e3360c4c637a600750a0cee0c1dd3e02
SHA1 7dbc50b073509b8ca1642fbf0764bd0a5e8b46ef
SHA256 60c6994d0c4ba91c15cd866bdf5a871cd29dc8f523b86ec04c5ccff105760240
SHA512 aaf601f2302c8acb91d3d59cfd72b64010a29130dd4000f12926fab37454ab2a9d5f366b14a3ff6629615b96118517c505b4017c956e540dc4b5c3a9f4efe46e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1ad3b895d15c3bdba997dddf1dfa3af8
SHA1 690a7728e98cf41c6f9a8106c74287017cd4a9cd
SHA256 7a90caa805a5a68377dc506535573e3cd0681c4a2b6319955db9beb5daf91bcf
SHA512 9f8211d5d97face6fe7b6d503ff24bca3612750fe11fac54d5bc8caa472bdfe3d374c8f1618fb9dc8f56f54d6db179c2d2ca67137e5b7383cd1b5bcc4c00c01f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000042

MD5 8fac76b62e43e540eae96c1330d4d988
SHA1 da7c85d68b5ba627926ed856f3d39814ed9d3a69
SHA256 824427ad4e2e3a505e20b51f043c9725f0db309bff13158bf1789645853ab8c4
SHA512 caad8f502753902b13bd8ee499e3c0cc24205b6525f46f5bc0a0e20ddc75239a39a5f3612fd36cab7216179f23a7cf911168869595b2756b0efd1de1e7b2eda7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000044

MD5 49295de6ccd23cf80b6418a2d209868f
SHA1 42a955b4560bb22cb9b5b39577f7a691ea345018
SHA256 d5a29c73c6200af2ed6918a61106e649b92098ecd476830d725ed4d2ea5a8efa
SHA512 2954ab185fd84a08933bb6e79d91e301021fce4e632b477e765c172cacf72913561e101ed2f7e66bfbdc5946b35f2b63eb2b6f878e0afc9d26ffe71ee112a1c0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000043

MD5 abaffb0b249aa0f4bd6c503219aedb83
SHA1 5869304e7d3b66b3b55ba658c092ea8643fe00ea
SHA256 07b15d45ead616b938d56cd2e6ce41eb25af0dbc8734cb51e3852aea58206149
SHA512 fcdc4cc92a2771b62d88ecc1a8bdeff60c26f9659596fffafc1d28d930b572c773f9a4af06a5988a941b22a7fb7960930827ddafa3c4cfc32a6f93f391c5a950

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 6188506c8fa221fe82b6ff2e2455ca71
SHA1 796fb6691ee25b4fabe0a105ce730d9dc4d4b171
SHA256 a953525e3be4674aa40da54ce75a97699112abbec08b9e9fc6faf2a874d4ec36
SHA512 0fcefd41243e2b95d4630c4ec8a7ed35057dac998a9134b91fe6e5f98334ab66bbd16e8d1599a1f6080403b05d4ef14c303fc34fa54f86e841b3ae5b9dfad4c4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005f

MD5 4d8b471a2271ac4e3b5d25b5683964d0
SHA1 67b52c3bfabc09bc4f99d259de43213dfebbb5c8
SHA256 d0947470db9c332a7e6abf959a45cbdaa82e6e032e325c512cc9a3cd32dbae65
SHA512 d734faac61756e2fc07821704a9ebc5c5a0e7a7dec601b3c8ac4ad6b1cec59cd6446f38e4df41f9c51cf5a45bc7c6241801fa945023bec1a735c0bf450a0c0f1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7077d9a5f8093ed97f3887de64b13fd2
SHA1 f4ec48bbe6b24ab17f57b59791805b3b31e004bc
SHA256 8eff576c8ead61b5ebea47b7f7534507ae07b33310541897d6e10c479e6988b9
SHA512 381b0c2f24911aac6742b54f26c1d773567223a3db694a2286e77f883942266791cea37730350699361c0cccac021fd15af7bb6aef24a381e00e4e8558da95d9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\fc73ed469d22892b_0

MD5 76473b623f324efc19cddcda6693a5b2
SHA1 3271bae603ce8ea7ff1ebcb133d0867283d49f76
SHA256 6cd28f55a2dc128f212ef76458481da05302c4603737b13d14a4a853665f9993
SHA512 5b060996f487ba57644995100c371ac3101bf328804ac7b6b7a5d1c0acaa0421c4e3582834759b256a2fd0b42e99dbff37681307fc438481075cc833cc794123

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a5d59e4e342ea6de_0

MD5 068ecc29789c78e37844d43b5987218e
SHA1 a4b42186e38a8e1fe99bcf6b7b57668976d93e0a
SHA256 525268c1f5039030e26da7046992d9374bacfb845083dd80b52b16f177aed3e0
SHA512 8666da713bcf09b355b1e7e68a70c03382212e3e127b8f5288cf93ed77ab12b858d739a1c9027bd89f5b7865aca2bdcd04b8787a1e14bb25c918c0f8e6c4f6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1e089ee9d67de658_0

MD5 24f0e1575555f8f9dc194d172dbf1239
SHA1 49883f345a5c2ed6a0a2adacd17d06bf21dcd85d
SHA256 fe855bdc3af73602f4636e21f3023e33d7ed33dc47d85c7b9571c027902db1ce
SHA512 3a50edcf7310c873ffd61cb3ca1a807dfe2dcbc2d7aa49e00ed378dbb85a440fcb860db2fc2adf3da4a99da71c2bb6241928182f0251db73a209c4a274817ca0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000032

MD5 eeb20ee0ad162f188c6f0df3625b7e6b
SHA1 1e72a860efe205c4273e0261c61716106cee19bb
SHA256 d9a36c5fc9108765c77e3a654ae31b7f1e75388a5a2a18ff5c9dabb7da1ca52b
SHA512 b383ce3740ea009987c3b13596eb402202ccf370e66b1ae44d7d2fd0d3c4215184958c1e9169959f2317cdb3557f12fe858e6c09c665b645a981662bac0beda4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8120fe4b941eb2a8c566dc98f858bef7
SHA1 0f2ad1f63f6f586e9c566a8e2a52c24defe340d1
SHA256 e97b71525325265c4265a9e816f80ceef69443c09c7af94e764cbca5dea20800
SHA512 c46f64c54167af9500e709ce658f6acb3699691e4e9a02331c6069dc387299b20191e400d1d3cea08da610449293512b931faf48d86055733cdeec66fe44477a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\34951a4b7e0c8197_0

MD5 f0d4f8cc92a0c557816a0b15ed84d3f8
SHA1 f53869ed86bd6eaf00c54ae14aadfe5d8008807b
SHA256 544c6dd5febe6e24559756b6e81eb700e12431e867b407b8d2a6a9dcbb831144
SHA512 bd8dc5008026782c061ce18e6536a3f32da7d9a132ae2a41d0dbaa91d63a123a2e131a2a876b3c6c9dacc6dd1b2ea75ef93c159c450d1f31ec241493897f05f1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000034

MD5 d3d71879529d7499ff1c58ab448640bf
SHA1 6a5190136344c0d18f40e7aa66f743345acf2a08
SHA256 f2b28dd3bf823579341040436d5543e261d70fc4d1ef2c28ce9e281c545b3ff0
SHA512 3bf45c5058223cbbbc6d9e4013450dafe5802948695df5831c317740c2c382a564d9163b9f4b599930b81f0626e30c6dc318aa0fdee49b89cce47300d27a1bf9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 19255476c6b37386b92e433532aa1a93
SHA1 8ac3aa73978dde857207c393429342b73efbc1ee
SHA256 a00c5a86e90cc2bbc00a56f29b3eeda2b9fcd99a1aea0f4f956d0d6a599e7098
SHA512 9b98f03b2666f818438f9aba95e50feb09f1383ecbc2246c2972db392ff5f7f6bdf14b949337375b2bd5bd107549d873a6f8979489f8120691e8b9bcd825b4bd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 98109c8a79467a55cf6c6fd1bac4199d
SHA1 b2d46508c66fbe1eecca2fb6baa7d4dcb2ebe044
SHA256 7b21487bc214fc56ef65ff555f3b52268e00c53b169940603aa06dd98c58c244
SHA512 c4f5c497beeb1246ca347632f69dfc5e9631e0e4c8abab30ddf1b62a8cd7022ad894b001081c96a6fc1d9e2fc2e65181e7a858b30ffeb2a315860b91a9a20763

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 df25212ff83099c37951e7c352829724
SHA1 6b777b9ea597ccc946248709019a16cb4d138bf4
SHA256 00966ae5b712b1affe9a60a7e38b2fd6652e7b2da4a43e930e1712a0ced8e3a8
SHA512 31a4e3b18b74e569ead8faefdd03f07b51b02009ca19d9541640ad9f42a67d4b7c53cdd32d99f312ab91fe76ef3204624e4d8ec9bc64c42d30d6180afe84ac19

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 1a47e414ca2411b9086deee66a35a954
SHA1 7ac9eb24e7407d6976929b6826bde17ad3a4ec1a
SHA256 a09afc3c3fcb19d60866d1e5f757681e0795768585f9d5fb942fcae4dfafc857
SHA512 8fc1eb9e3c844afa90ca1f573923bba1d1c9b91c4ebef90ce001b92a914dac29f39ea6c44420b3eee82f7a7b6b56e3b10c6065f636cd644baddecc1fd55bb23f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

MD5 87c2b09a983584b04a63f3ff44064d64
SHA1 8796d5ef1ad1196309ef582cecef3ab95db27043
SHA256 d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0
SHA512 df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

MD5 dbbff6f4adbb2716977f84db049e50b7
SHA1 a645e2dbab0cb70e0c14f04c85c5e89f4b814c5f
SHA256 2d2d525301b8fd28b01b857a782b3b13587cb028f0f5f00e24e285a97fbb01ad
SHA512 c63af3f49a4828feda6f55a5a6635b01626b7d0b96a2234d94392a936231c1e21ed30e7ef5ecb836e69239c245b4884277e11a02dfde13c191a371fe2a41ec1d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

MD5 e8791a6b33e070194ffa8a2fdc755f4b
SHA1 588340556639c7fb10a873c5e03d71d172cdd5c1
SHA256 4a7fa79da9f65b29d66f4052d720fcf40d0eb69dcef69b6a0fc45c7fc761083a
SHA512 2c010a1ab774e717e03261112e14f78087119220ab7d65896ded1aa072e1b835f7804e5f335ff7f9ea97dc9088db9c27d0ecde3d5ca407736ababb9f29243765

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

MD5 3d1eb8fefccc0d370769ee6bfcff532f
SHA1 65ba9ac9716f0da39d4b9b147921536eb5595c81
SHA256 adc5929b1fbea1bb2e47bba2564eea612d29f670ad972335235fab730f2678f1
SHA512 2849eaea1d3924ed1ee74445a6818c77765d018373089c825b6112c22dc62c20df46a4da7df6d3b8d6c29393a6758d47abcaac791a6132ae39597e967dc61e8f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3282475a54fdbadf_0

MD5 99daf5c9f5ebad9dabdb4377e7a45992
SHA1 919784e7d189be453e96b780fb168b16b01ad5d8
SHA256 193dbb44f8f842e69ba43afd2fd89e7018fca7fc5c19f48b32c4931f80d666f8
SHA512 2a43688c86b933056f50d3b4adc38403c8f20e4cbc9052028d2acadf5a3f55559923de2508e1634b67e0ff94261cd9095684a98a1786057e323aa3c85da67c86

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\6b33d2b797250298_0

MD5 a3f42ef3c54aaf8acfc73281dc7f67ba
SHA1 50ef1da05a57d016794f40664d3cdee8a62282e2
SHA256 a7423e2990c2d4a840c5661d3516745341e36dd5738424e652f3fb53fc24aef3
SHA512 a64200ef6058a12b834c9e5bc5a228d68822a01c35df6a4a460b41291a2b97e3883c38406a53e37ced0fef18c18b72195290c13e7accc21041d5a8aa9fa12248

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 579ada1492f24b726ea0bb62b4d0270e
SHA1 19de96ba220ee1669d06e3589dc262da96eb4356
SHA256 63e6a24c1b982c27fecf9c57c3a469ca436e9bcedd8f181f7617b775321226e5
SHA512 a5988a823d0b09d89b5ec70429c2766bea40e3537e4e56dae454d85417d46eb97a8d0cb38c2e07013cae9b3d9011b48486c53996a7c5e647a8174057ee7fc05b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 e0143b86f028dad56ded35537c8d6d6f
SHA1 50407775c6d39f5fa7815513f51a69e2a5538dda
SHA256 b04939e3d0800367465bbc1e016e8c0aa7a0c844c6fba9489b477fb22218feaf
SHA512 ba8aff1f915ee6e509a293f931dab61e3b73e4ac2510be952705b2488a520bb887207d9fa06cb94574bc9cc4ed41afc1f2aeb0adb464ed621c9935c9e2b59b9e

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

MD5 f49655f856acb8884cc0ace29216f511
SHA1 cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA256 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

MD5 b5ad5caaaee00cb8cf445427975ae66c
SHA1 dcde6527290a326e048f9c3a85280d3fa71e1e22
SHA256 b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8
SHA512 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

MD5 d222b77a61527f2c177b0869e7babc24
SHA1 3f23acb984307a4aeba41ebbb70439c97ad1f268
SHA256 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747
SHA512 d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a498aa1e1013048fb7498fe739006e94
SHA1 b2684a3e0e9edcf8007c51725af6deedc7e0dc50
SHA256 d4a243c3572d7e070e28faeae2ddb260903170a3ac79a5e3c388385654d1c343
SHA512 87f4e6880d7b7c9d4abca536823b6d72f85ae87f6fe9dba12a798d8bdac6e734b13fabfe257197c078f0547abf0c09e187cefa50285b67946ca29ba16489ff3a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 08ad7376db50534abe2a4551da310061
SHA1 8dea481f07aab0e731bd4ecf5fce154469797421
SHA256 143ded3cea1d92d2f242a14bcd5ee4416e5b8e5f1316d14e20e348a234ff8641
SHA512 ad1dd3f859ac65d61e12abd086c6e6294f4904f687a8a2f1560d78b36fdf38eaa7516f6d759fd91819a2a2e32f70b2472c8377e6788d6a807724df8012f2ca96

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d44419dc1fbec646c58a02999c1a4ee3
SHA1 69712b0010e39db0b1aa4ea58be4791d25279aaa
SHA256 cde510b4624d5fe8ceb72900547c53291b0a4513ad8825bed4469254e43e526d
SHA512 163904e3deafd12278edddb5369b665b29933dab83f525d643841e74570639439a308cea7516c989bd00d4af5142428d110dcd1d5061f44f26c8e0f6e3581f24

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 dbb36a98d3e0b8a7fe1db37c696bed6a
SHA1 b05d646a42dcbb6ca3027d0b368e7f0006c25c1a
SHA256 de50cd588c5055260f76e77b4e6add06bd13a42dfee47ba3aac11c2a1091262e
SHA512 943fee068dd5a0e0dd23d26070ad7291c748441452c6c2a7ab95107fcdfce872c2136079249217d3cf695c201a67be2091b5c01d9bfd547d5b07c26958865439

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9592f179a5a637fcc1989864a67a39ae
SHA1 e26de0b952ed5bb9f7e4dd7004251f6a9f5ffe9b
SHA256 fa2847570cd17d3b8fbdf7273f86fe68c197e7fc9d049e418cc80d519ba84ffb
SHA512 dcab447f4a425a61eb38279ca08a250e8d1821e7cf704197e23a3e28eadfd0727bd66d033222841510ec55e8a9f29b6006636ea32ce6ebbba57407b167335c64

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6c0449a84afbdff825d09beeea1476f0
SHA1 2499ba2991d97a9dcc4e3bc52ac3cd694fad8d00
SHA256 0157c08323d8110d87423abc61f9d41c2a239b834b342a0e73e693fa45e0cec2
SHA512 443f30fd4d8996dbba7fac59f1f2f3323655a76a4cb02a7e0dcc69b833c5fb324a1c4d82a99926068244626a105428639ae35f6b445106aecbce974cec577118

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f1790f6b46c89a9ddcc55eb02ce92ec9
SHA1 655e49be161a41369467d8c373aeab601d4bb0ad
SHA256 522a5387f114bad26440b1a9557a90d504d584a4617e1543f1e631041a500e9b
SHA512 7a73092fc0bb2dad3945c634ca3f2408dd1f564ee8829fa2fc11800630f37a37a15a99c4b176703d09524367c670115f8865c80a27077a70a0bd58efab9ec19c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 a3f2b7bf98005987e0e5a4a714277651
SHA1 958b042e20529413f567850aba3368801c5920d9
SHA256 9153819d6331b59f57a094f165c64ac9d82c166eeb037a24fbdbd69932f85b33
SHA512 6c7dbedd9121f1313495b85e838d205768dc66d775feba993b06663d707308021565e1ed0cf8da00003a22924364baa85752f2b6aeb3f65f3c0b18e6917432b7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 852384257ae78f980c94fd8f2dbabd55
SHA1 5b66fc0554029f738948d3537afb0ed41d6b9cb6
SHA256 c6a55cc9aaea09a4dd198749e0a9035a8c5aea527d8bb4d1061509f9aa540c88
SHA512 136050606fd17996e2b0132b8676773df1c079c329da29f3bab850be144a206f7b625213f8a25cab341d85b552cc5da59e1a8c82526706f2e474bd2d6d48e667

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0e93e7512116ce49f7f820042b99c3ad
SHA1 f1b72d84dcece8cc04969496bc0711ea6e607c94
SHA256 9765b864ff6e4abbea09945e05fc44512f7e72ee5f2e5aefe60e7673a43ec6b9
SHA512 16d6a6c52d472fe4ef01bf6d92aedbe513d1e695dc1163016160a464489e3298ed6c31b70b3f992a5b1b1f452c815dd6855b190525b17a006630c4be19f9a59a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4b03c6e577b5e72682a43606687660ed
SHA1 782cf402fad288f1be4a7326544c729985445525
SHA256 157adbd2c23e451e6d081b659978ea260b89fa3ebf014ae600dcb8910915cefe
SHA512 505701e87fae8964be22f455a82ec38ea328e964bf5494579a8649bb3150d18092deaea29b378d98377e6bb7db4a5e66e9c77d46adb1f6f001287a3d36c03e7f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 37f6e8f609db96641125d09a16bf331c
SHA1 b41063bffeaa837e406e096153d3258f24b7e6c6
SHA256 0d2e027d2d2cc0594dd146c0c7bb665a89ed280f5fdc7ec6a4585ee4dfa51a48
SHA512 86c744d9c607ec2fa062f99f30389ff41e210cf4275d724620d8ab5b050be2138966543f0a653982a4f3dc2b93a241ffdf9f7117e48d4b6b99ec87b870bff73c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e3633092c9b01596625d12c070bc68ac
SHA1 ebedaf2b8f5f8b2fc3f71b32a29a7de31eb588de
SHA256 aee05ba1b3644705ab55d97732391e9995e48be126bf31001d89d4367432f977
SHA512 02b666e4786e83e65e25f4e46a2a0828997e9168392b440cbb60d683cb2e958e8da3061d99f6b17ac473989e1130ae2d7dbc84b76f11bd13c04d845e9762f710

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1ed42327e7b65b7e47f65cb6063e3187
SHA1 3402175aaffd4aed32b762ffd298c6c8c247ab86
SHA256 92913a3303068e5197fe4e4f58f2caa114a36107cba9041efd73fd514f17eeaf
SHA512 a747bffc34a600d365ea689b3f4b0a888a5c4101fb9a00ac48114220bfd1f6fb543b940d68b36c1ae8c024cd88667a8dcae64d94f68880004e1f21c42903697a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6ac98abd38ef1a7532dec87b81ba33b4
SHA1 33f980fcb81ad9deaa598794ea22120570f8f948
SHA256 fb15b0b57eccda9b61c396c5c906e4490fa8e59e25dc6e45a421aff9d932dbcc
SHA512 ee9f6dd29b595ff07ced850494247b23321842a25e3fefe44bf8c9dbd7d3409d5e5fee15038ce5c6c5de5883183844385768548645c2d9602b105574b7569cc2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f2333eee0e831d9f6bec45ad772a377b
SHA1 62098bbc157450ec710995e3a0cad4f61d5955de
SHA256 07fcfff54d59347dc495375c92be32020c06992c51e545e3bdaa286568f15f13
SHA512 112f79de23613e2190ab10cd2f0bcd520cdba1e28ab2747c39d66b187b96b89f182c0cbefc22e4ad183f06b64dce1e3f61e3891b0439a0d4019133003f0d52d9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002e

MD5 9a36e47b062c2a7cc98b2c7c60423338
SHA1 a981b814d5b10e4dc0ab86fff926c960f19d756f
SHA256 cd85f4762e736ff87d7184e4a146149df68c9b646be1841aab202e55ccad499e
SHA512 8e4f25e2e4af4a3317e94eb97c580008ac622ba7110f3716e09a15647793921912ce57436c31dd48578185b6cd00edb975a49a21d1684420b07cb98c0f2902ed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000093

MD5 893866ac13017d7d75677eefa97b14d2
SHA1 3c1f0eb8daa12906f0cee4862392e591b1bca065
SHA256 e461f2e117e2fadd8d3214cfd848323397b0c9a001351421ddca8b08fae7677c
SHA512 842769e9bc34e900408fe7600f6e0f018a7fccfac0099be72c7319e9f0368ae26a2213905d138332d2daf507f4888f8991ed2154a7adc3ed41b24ebb36a94e35

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b9a1f91e27e07209_0

MD5 59407542a5d2330e40c8f24b196825c7
SHA1 606ba2f2551d2ef92618b29954cbebe6017bdcef
SHA256 b8acbbca85f487afb5f6a73c41d75ad2fcba08ca059f5e1f5f67beb3970235fb
SHA512 ed178a1bf3f1530e2bcaa78287bb42d20fd61997edfe50b5bfed4aa9cd0e6d7d54b8d8857b2085e51b4f924ca2cc38e419db2322d494561684b6c8af442211ba

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\336a68eaaf209f48_0

MD5 a1ffac1e86bc4012a6d9fffb9d7b34f4
SHA1 8cb227c2b76016530b92bf4ea4249858a7952fb1
SHA256 f0f314d56a5847c40354d5c85072ae48fd29de76376a810152d9344418a05a4a
SHA512 68ddc5396adc9cccead975f13a2fdd93ffd7da8bea756ccda4019abf69614fe0b29fcfa676a85c329006b8459d64622b79bcbb220d74cfbe74b396196a2de20c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000035

MD5 9c6b5ce6b3452e98573e6409c34dd73c
SHA1 de607fadef62e36945a409a838eb8fc36d819b42
SHA256 cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc
SHA512 4cfd6cc6e7af1e1c300a363a9be2c973d1797d2cd9b9009d9e1389b418dde76f5f976a6b4c2bf7ad075d784b5459f46420677370d72a0aaacd0bd477b251b8d7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 67c53202110f4b7a5c46bcbbc4c01c2c
SHA1 6c7a27ab492d3ff526647b36313c095a0fd0e77c
SHA256 aff9a0613ba1dc962f524771370e063ef6fa0f45ad41a075fe077166126a9200
SHA512 f0eb0ab14fc43320cd844d6c0f08b9c0a0acf7df8602e5e31a66fc7f721a2aee8dcb7c34b41c9253586c720cf966569cd5baaf252840cc605d3b0e1b23d056a5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8ec63cd23911df2451f22e53ff1e0684
SHA1 9617b8eab520688cbe1aae8d34ccd97cb3157721
SHA256 afc79eeda52668732fec68a478ce224984c0d7a7399a53b9f7f116df6bea3b04
SHA512 f5788530769cd94bfc1663ffa19e5b75ef0b304278dd0bbe211a145430f464fd01a62aa86b55dfec2233c69e277e549b614dd536d280f8185f157ed05ee5da20

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 945559400a1a691bb87e6d12b117e54b
SHA1 960a2b407b55e40a10e9899e2da61ceaee0c9e94
SHA256 d41e37ff95e2482b8173bd36ccb10b4bffd3982d5c253f73d96b1a0aa7744955
SHA512 8147619ef6e7eb240d1208e3ab530232234421287b86852a1572bed52a3289da55965e8632ee056c9f60b747a114d53cfc608e8946d1c26516a052db9e817775

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6f1b21db69ebc1c3dd4b6e4f0681629a
SHA1 ad62fbbe595bb595e3258711a571dc323e5fb098
SHA256 dc5a927707e5c89c833fec94b987c9f1910a88be2769b3ce543dc4fdcdde7746
SHA512 eabb642a3b4aab3a608b394d11e2e33979dd6c7dae24635bd55042ae2bc5ef1b7d784560172ad930c2dd0cab9dd650269a2d56d37a4e37b7feb3a8587c5e19bd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 4c16c22851c0216301e48a0aaeff118e
SHA1 cb8a0e690e445cbf66ad9c7a7315b0eace4f6a6b
SHA256 606dcc5fddb7b467cfda1b08a72827212b7ef4f2f154834c9e9d5b0c72575e92
SHA512 423dc7fa255fdf9cc2038155a8f56728e3e7c8874bdeb2b2dc71c451c97bb22141d648a4e364fa006fc8a9d46322ddaa59429a62f070de7293c3633d2e5f0480

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 3b5538c2d6db72d25da6d95996995d18
SHA1 087ed94534805031db0637c072d1e2679e270aeb
SHA256 850e21e89545b3ab00c1f7f405900f946b230418d477d611d816a8e81d9334bd
SHA512 5401fb0d34a69c2019a831ae97c8bb4b757b7cff685a718c1832d9f146ff9344aef8d2246db89badb09d76a6d40815422c7444dc7c551e1116d264e5f46015b6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e972cf97fc9a5d235a6adc15426800c6
SHA1 2bd6bf9a846438b888f57f0ff6c7dc15c10b8da4
SHA256 b13691a33f545bf9ce2f1109e4c4568b29f4582b15c1c362fc4d94a12ee24991
SHA512 3ce42be6dfd8cfe8d3b0f1691f07c6d9ece56da9fcacdf40bf11b495bc0b126b8a0ac9bb0691e3fa9303023542c7c2d995c5d6d4df2391295aa7681d0c716ad6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2bfa63fcdf13993854302c04d4438ea5
SHA1 8a7c30e6803c79d242fc4e1cd5d17e20a8f3b147
SHA256 3d07ffbc80ae34df9f8f96ea32746f460826669d04072987b1a3a2ad03a8df1d
SHA512 fd87e9d2849761b37c7231fc6dba885a76bfbb8bd2d057829f72c2cf1e91deadd73935d9684238a74097318d19ae1c12f2d5639c20cf4f52e9eec19e628a2327

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 926c01587f71d4b8f750801108bab483
SHA1 19a80ed84d0b688f883a1311de3ec1f2838ffb7a
SHA256 be439f9b547ff15e2d15f4b5538dfd3b390358e40579e3773cdc8384b86295fd
SHA512 f018d48574f25e0b0f793500de3ef1265c873e7485bba3221ff93fe1744eba91da399803fc5d12d2dd6ef551699d9e77b3273115fee36a36a549069e7791aa3c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 8887f003176873abb8c231ba355f4f3c
SHA1 6eb6ab02408e44f99115aa30d574d296bb6a991e
SHA256 ab2b509893d7835948e911aee37437dc94591336e5b4afac9e769bde525632b9
SHA512 ae051308508e3e04b04ae9e01ef19d9636b13855cf1b5faab565bb466b11ce2ff9c8ca7dfa1370d9da7d478e4c15a373eae97ed02d0d13542a2f3dc20cec174f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4c307b02b4dcc58c_0

MD5 115671853407417cc666ee121f4a140f
SHA1 8efbaaf8029405def15b4250a7cfe2ad3ce8f0b6
SHA256 419da1f1fb2a4976f3f77e0d4e7b44ed66d8ebbc406bd80fbedf1ae918c058c4
SHA512 71454d880fb396c790dba32a659778ed0a13c7d253a426631c9d080dab7940544d38075d3eed61c0388df877d643be18ee93d5790d2818d0e15bb9b0922c36db

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\773c8ef5387f865b_0

MD5 6253ad2274ff9d82d403144f1c0e824d
SHA1 92d9bb685ea08d21e39b5ef94ad37aa72d3bd236
SHA256 b7184215f8c08c61fc5fd6a5f99a0ac0c4c356885805505ccfbac730dca5a430
SHA512 2159162898bb9cef090b4bc8865b95cea403ea96493f4cf5f9eea1dba7443d92ddeb124ad8f14bae0de8a8e828fdc0e98487d20ec98241e0474611416014b373

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 9a87c2f63d244d44c8eb046b462f9f12
SHA1 76490dcb21da444ff9dd9a60449fcd0b88f3f813
SHA256 bf2ed848e15221cd7e529bcbc13a8fb97c8f404a4bd077cdd72f2ace969b9a6c
SHA512 a9f244afa546e09b4dae1112285142d74f50e86b67c77f25115aabbd8e656ba5cceae4d56439fb097cbdeef6f0e9f159a7eb8ac2324616046d8b6af9407a4255

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 3e83f3c074f72f87c2aedb1c91b0f66d
SHA1 114914e9d28b6b92732082d4a804e79ecc3296f0
SHA256 b86cda5149a479320afc94799fc6da0c0559de462ca079bf0be1bcb6bab1aa4c
SHA512 727be645cb29d48323fa93b9412e82aea041b52920ad4230b4be1e6a2efb5095fef6c0f6ae30026e754f8f479a87c7cff85508c45ef8fc02b8eac193eb80855f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 02a6d9a009fc164c6b33e3a4c9c7d940
SHA1 26fd5a54af45a9bfe85bdfba286f11c938d06dd7
SHA256 3bb09bcaf021275ff798fff02336c6fdfd48dda51dc0b6257b964590288eae56
SHA512 edceef7055800db079b75cb4aa5af58663b6ba69308b1a7e48c36d76804625f35ef86c66e508e716580338002c1dca00c87220325fe747c1f0b86335b6db091d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5dcb6a6feb7b6f1e18d36050d6dc309e
SHA1 ad9713c1f4c3631adb6f2c67954b94aedaf6c6d9
SHA256 53b44c1651cc9f3944197359b6aae9529f59b412f7fd1258cbc2bfd5835ee92b
SHA512 1c2bc987e84f3c2cb1a394b6de42453f5c20fd5e50140fb71ca96a32e2771642251b715de0dcf3ae4dae53f9d0e35f56ba7876e2cd050fa982decf13a7cb7215

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 8368a0b9ddf4e0a4a350c909fcabebd4
SHA1 739cdb4d82ab153ab52a318681343536b8b87c93
SHA256 213897241681909be39bfa795babb121b5760644bbe31ab3f31185486c315c1c
SHA512 9d712e15064be357201046d2097a10a7aa0fe97944c69f1b61a40baf3963549d9e46a418306d0e14831fcf46b30f265e9934be58f9106698dd73e1fd87173c49