Analysis Overview
SHA256
90290a4cb229cad7589e62160200711502288439c68fb721ce5deefa969876fd
Threat Level: Likely malicious
The file Screenshot Nov 7 2024 from Remove.bg (1).png was found to be: Likely malicious.
Malicious Activity Summary
Blocklisted process makes network request
A potential corporate email address has been identified in the URL: [email protected]
A potential corporate email address has been identified in the URL: [email protected]
Loads dropped DLL
A potential corporate email address has been identified in the URL: =@L
Executes dropped EXE
Command and Scripting Interpreter: PowerShell
Obfuscated Files or Information: Command Obfuscation
Enumerates processes with tasklist
Drops file in Program Files directory
Launches sc.exe
Drops file in Windows directory
Browser Information Discovery
System Network Configuration Discovery: Internet Connection Discovery
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Modifies registry class
Uses Task Scheduler COM API
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies data under HKEY_USERS
Runs ping.exe
Suspicious use of FindShellTrayWindow
Modifies registry key
Suspicious use of SendNotifyMessage
Checks SCSI registry key(s)
Suspicious use of AdjustPrivilegeToken
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-13 10:14
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-13 10:14
Reported
2024-11-13 10:41
Platform
win11-20241007-en
Max time kernel
1371s
Max time network
1160s
Command Line
Signatures
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
A potential corporate email address has been identified in the URL: =@L
A potential corporate email address has been identified in the URL: [email protected]
A potential corporate email address has been identified in the URL: [email protected]
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\BA2549D1-BB80-48DB-953B-5AA600DAFFD9\dismhost.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\BC1E8C57-6D12-4E19-82CD-C2505618D898\dismhost.exe | N/A |
Loads dropped DLL
Command and Scripting Interpreter: PowerShell
Obfuscated Files or Information: Command Obfuscation
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\System32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\System32\tasklist.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Microsoft Office\root\vfs\System\sppcs.dll | C:\Windows\System32\cmd.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\System\sppc.dll | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Logs\DISM\dism.log | C:\Windows\System32\Dism.exe | N/A |
| File opened for modification | C:\Windows\Logs\DISM\dism.log | C:\Windows\System32\Dism.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp\temC005.tmp | C:\Windows\system32\Clipup.exe | N/A |
| File opened for modification | C:\Windows\Logs\DISM\dism.log | C:\Users\Admin\AppData\Local\Temp\BA2549D1-BB80-48DB-953B-5AA600DAFFD9\dismhost.exe | N/A |
| File opened for modification | C:\Windows\Logs\DISM\dism.log | C:\Users\Admin\AppData\Local\Temp\BC1E8C57-6D12-4E19-82CD-C2505618D898\dismhost.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp\Crashpad\metadata | C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp\Crashpad\settings.dat | C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe | N/A |
Launches sc.exe
Browser Information Discovery
Enumerates physical storage devices
System Network Configuration Discovery: Internet Connection Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\cmd.exe | N/A |
| N/A | N/A | C:\Windows\System32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\System32\cmd.exe | N/A |
| N/A | N/A | C:\Windows\System32\PING.EXE | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\System32\clipup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\system32\Clipup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID | C:\Windows\system32\Clipup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 | C:\Windows\system32\Clipup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\System32\clipup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 | C:\Windows\System32\clipup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs | C:\Windows\System32\clipup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs | C:\Windows\system32\Clipup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\system32\Clipup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs | C:\Windows\system32\Clipup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID | C:\Windows\System32\clipup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs | C:\Windows\System32\clipup.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Policies\0ff1ce15-a989-479d-af46-f275c6370663\85dd8b5f-eaa4-4af3-a628-cce9e77c9a03 | C:\Windows\System32\reg.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Policies\0ff1ce15-a989-479d-af46-f275c6370663 | C:\Windows\System32\reg.exe | N/A |
| Key created | \REGISTRY\USER\DEFTEMP-12688\Software\Microsoft\Office\16.0\Common\Licensing\Resiliency | C:\Windows\System32\reg.exe | N/A |
| Key created | \REGISTRY\USER\DEFTEMP-12688\Software\Microsoft\Office | C:\Windows\System32\reg.exe | N/A |
| Key created | \REGISTRY\USER\DEFTEMP-12688\Software\Microsoft\Office\16.0\Common\Licensing | C:\Windows\System32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133759665667906092" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\DEFTEMP-12688\Software\Microsoft | C:\Windows\System32\reg.exe | N/A |
| Key created | \REGISTRY\USER\DEFTEMP-12688\Software\Microsoft\Office\16.0\Common | C:\Windows\System32\reg.exe | N/A |
| Key created | \REGISTRY\USER\DEFTEMP-12688 | C:\Windows\System32\reg.exe | N/A |
| Key created | \REGISTRY\USER\DEFTEMP-12688\Software\Microsoft\Office\16.0 | C:\Windows\System32\reg.exe | N/A |
| Key created | \REGISTRY\USER\DEFTEMP-12688\Software | C:\Windows\System32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\DEFTEMP-12688\Software\Microsoft\Office\16.0\Common\Licensing\Resiliency\TimeOfLastHeartbeatFailure = "2040-01-01T00:00:00Z" | C:\Windows\System32\reg.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2584844841-1405471295-1760131749-1000\{02E0206E-8EA0-4F90-9ADB-319596EB4301} | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix | C:\Windows\system32\BackgroundTransferHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\system32\BackgroundTransferHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\system32\BackgroundTransferHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\MuiCache | C:\Windows\system32\BackgroundTransferHost.exe | N/A |
Modifies registry key
Runs ping.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\System32\PING.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Screenshot Nov 7 2024 from Remove.bg (1).png"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb4e4acc40,0x7ffb4e4acc4c,0x7ffb4e4acc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1784,i,12864195415861464751,426918732824562425,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1780 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2116,i,12864195415861464751,426918732824562425,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2124 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2204,i,12864195415861464751,426918732824562425,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2180 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,12864195415861464751,426918732824562425,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3264 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3184,i,12864195415861464751,426918732824562425,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3304 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4448,i,12864195415861464751,426918732824562425,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4384 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4656,i,12864195415861464751,426918732824562425,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4652 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4612,i,12864195415861464751,426918732824562425,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4588 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4872,i,12864195415861464751,426918732824562425,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4812 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4580,i,12864195415861464751,426918732824562425,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4400 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4796,i,12864195415861464751,426918732824562425,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4648 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5212,i,12864195415861464751,426918732824562425,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4876 /prefetch:8
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe" /c ""C:\Windows\Temp\MAS_7faedfbd-33d9-4432-a020-e7f1421cbfc1.cmd" "
C:\Windows\System32\sc.exe
sc query Null
C:\Windows\System32\find.exe
find /i "RUNNING"
C:\Windows\System32\findstr.exe
findstr /v "$" "MAS_7faedfbd-33d9-4432-a020-e7f1421cbfc1.cmd"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c ver
C:\Windows\System32\reg.exe
reg query "HKCU\Console" /v ForceV2
C:\Windows\System32\find.exe
find /i "0x0"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo "AMD64 " "
C:\Windows\System32\find.exe
find /i "ARM64"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c echo prompt $E | cmd
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo prompt $E "
C:\Windows\System32\cmd.exe
cmd
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo "C:\Windows\Temp\MAS_7faedfbd-33d9-4432-a020-e7f1421cbfc1.cmd" "
C:\Windows\System32\find.exe
find /i "C:\Users\Admin\AppData\Local\Temp"
C:\Windows\System32\cmd.exe
cmd /c "powershell.exe "$f=[io.file]::ReadAllText('C:\Windows\Temp\MAS_7faedfbd-33d9-4432-a020-e7f1421cbfc1.cmd') -split ':PowerShellTest:\s*';iex ($f[1])""
C:\Windows\System32\find.exe
find /i "FullLanguage"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe "$f=[io.file]::ReadAllText('C:\Windows\Temp\MAS_7faedfbd-33d9-4432-a020-e7f1421cbfc1.cmd') -split ':PowerShellTest:\s*';iex ($f[1])"
C:\Windows\System32\fltMC.exe
fltmc
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe "$TB = [AppDomain]::CurrentDomain.DefineDynamicAssembly(4, 1).DefineDynamicModule(2, $False).DefineType(0); [void]$TB.DefinePInvokeMethod('GetConsoleWindow', 'kernel32.dll', 22, 1, [IntPtr], @(), 1, 3).SetImplementationFlags(128); [void]$TB.DefinePInvokeMethod('SendMessageW', 'user32.dll', 22, 1, [IntPtr], @([IntPtr], [UInt32], [IntPtr], [IntPtr]), 1, 3).SetImplementationFlags(128); $hIcon = $TB.CreateType(); $hWnd = $hIcon::GetConsoleWindow(); echo $($hIcon::SendMessageW($hWnd, 127, 0, 0) -ne [IntPtr]::Zero);"
C:\Windows\System32\find.exe
find /i "True"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe "$t=[AppDomain]::CurrentDomain.DefineDynamicAssembly(4, 1).DefineDynamicModule(2, $False).DefineType(0); $t.DefinePInvokeMethod('GetStdHandle', 'kernel32.dll', 22, 1, [IntPtr], @([Int32]), 1, 3).SetImplementationFlags(128); $t.DefinePInvokeMethod('SetConsoleMode', 'kernel32.dll', 22, 1, [Boolean], @([IntPtr], [Int32]), 1, 3).SetImplementationFlags(128); $k=$t.CreateType(); $b=$k::SetConsoleMode($k::GetStdHandle(-10), 0x0080); & cmd.exe '/c' '"""C:\Windows\Temp\MAS_7faedfbd-33d9-4432-a020-e7f1421cbfc1.cmd""" -el -qedit'"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ""C:\Windows\Temp\MAS_7faedfbd-33d9-4432-a020-e7f1421cbfc1.cmd" -el -qedit"
C:\Windows\System32\sc.exe
sc query Null
C:\Windows\System32\find.exe
find /i "RUNNING"
C:\Windows\System32\findstr.exe
findstr /v "$" "MAS_7faedfbd-33d9-4432-a020-e7f1421cbfc1.cmd"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo "-el -qedit" "
C:\Windows\System32\find.exe
find /i "/"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c ver
C:\Windows\System32\reg.exe
reg query "HKCU\Console" /v ForceV2
C:\Windows\System32\find.exe
find /i "0x0"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo "AMD64 " "
C:\Windows\System32\find.exe
find /i "ARM64"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c echo prompt $E | cmd
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo prompt $E "
C:\Windows\System32\cmd.exe
cmd
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo "C:\Windows\Temp\MAS_7faedfbd-33d9-4432-a020-e7f1421cbfc1.cmd" "
C:\Windows\System32\find.exe
find /i "C:\Users\Admin\AppData\Local\Temp"
C:\Windows\System32\cmd.exe
cmd /c "powershell.exe "$f=[io.file]::ReadAllText('C:\Windows\Temp\MAS_7faedfbd-33d9-4432-a020-e7f1421cbfc1.cmd') -split ':PowerShellTest:\s*';iex ($f[1])""
C:\Windows\System32\find.exe
find /i "FullLanguage"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe "$f=[io.file]::ReadAllText('C:\Windows\Temp\MAS_7faedfbd-33d9-4432-a020-e7f1421cbfc1.cmd') -split ':PowerShellTest:\s*';iex ($f[1])"
C:\Windows\System32\fltMC.exe
fltmc
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe "$TB = [AppDomain]::CurrentDomain.DefineDynamicAssembly(4, 1).DefineDynamicModule(2, $False).DefineType(0); [void]$TB.DefinePInvokeMethod('GetConsoleWindow', 'kernel32.dll', 22, 1, [IntPtr], @(), 1, 3).SetImplementationFlags(128); [void]$TB.DefinePInvokeMethod('SendMessageW', 'user32.dll', 22, 1, [IntPtr], @([IntPtr], [UInt32], [IntPtr], [IntPtr]), 1, 3).SetImplementationFlags(128); $hIcon = $TB.CreateType(); $hWnd = $hIcon::GetConsoleWindow(); echo $($hIcon::SendMessageW($hWnd, 127, 0, 0) -ne [IntPtr]::Zero);"
C:\Windows\System32\find.exe
find /i "True"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c ping -4 -n 1 updatecheck.massgrave.dev
C:\Windows\System32\PING.EXE
ping -4 -n 1 updatecheck.massgrave.dev
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo "127.69.2.8" "
C:\Windows\System32\find.exe
find "127.69"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo "127.69.2.8" "
C:\Windows\System32\find.exe
find "127.69.2.8"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo "-el -qedit" "
C:\Windows\System32\find.exe
find /i "/S"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo "-el -qedit" "
C:\Windows\System32\find.exe
find /i "/"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" /v Desktop
C:\Windows\System32\reg.exe
reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" /v Desktop
C:\Windows\System32\mode.com
mode 76, 33
C:\Windows\System32\choice.exe
choice /C:123456789H0 /N
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5368,i,12864195415861464751,426918732824562425,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2252 /prefetch:8
C:\Windows\System32\mode.com
mode 110, 34
C:\Windows\System32\reg.exe
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\taskcache\tasks" /f Path /s
C:\Windows\System32\find.exe
find /i "AutoPico"
C:\Windows\System32\find.exe
find /i "avira.com" C:\Windows\System32\drivers\etc\hosts
C:\Windows\System32\find.exe
find /i "kaspersky.com" C:\Windows\System32\drivers\etc\hosts
C:\Windows\System32\find.exe
find /i "virustotal.com" C:\Windows\System32\drivers\etc\hosts
C:\Windows\System32\find.exe
find /i "mcafee.com" C:\Windows\System32\drivers\etc\hosts
C:\Windows\System32\sc.exe
sc start sppsvc
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo "1056" "
C:\Windows\System32\findstr.exe
findstr "577 225"
C:\Windows\System32\cmd.exe
cmd /c "wmic path Win32_ComputerSystem get CreationClassName /value"
C:\Windows\System32\find.exe
find /i "computersystem"
C:\Windows\System32\Wbem\WMIC.exe
wmic path Win32_ComputerSystem get CreationClassName /value
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c "powershell.exe $AssemblyBuilder = [AppDomain]::CurrentDomain.DefineDynamicAssembly(4, 1); $ModuleBuilder = $AssemblyBuilder.DefineDynamicModule(2, $False); $TypeBuilder = $ModuleBuilder.DefineType(0); [void]$TypeBuilder.DefinePInvokeMethod('SLGetWindowsInformationDWORD', 'slc.dll', 'Public, Static', 1, [int], @([String], [int].MakeByRefType()), 1, 3); $Sku = 0; [void]$TypeBuilder.CreateType()::SLGetWindowsInformationDWORD('Kernel-BrandingInfo', [ref]$Sku); $Sku"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe $AssemblyBuilder = [AppDomain]::CurrentDomain.DefineDynamicAssembly(4, 1); $ModuleBuilder = $AssemblyBuilder.DefineDynamicModule(2, $False); $TypeBuilder = $ModuleBuilder.DefineType(0); [void]$TypeBuilder.DefinePInvokeMethod('SLGetWindowsInformationDWORD', 'slc.dll', 'Public, Static', 1, [int], @([String], [int].MakeByRefType()), 1, 3); $Sku = 0; [void]$TypeBuilder.CreateType()::SLGetWindowsInformationDWORD('Kernel-BrandingInfo', [ref]$Sku); $Sku
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c reg query "HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions" /v OSProductPfn 2>nul
C:\Windows\System32\reg.exe
reg query "HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions" /v OSProductPfn
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c "wmic Path Win32_OperatingSystem Get OperatingSystemSKU /format:LIST" 2>nul
C:\Windows\System32\Wbem\WMIC.exe
wmic Path Win32_OperatingSystem Get OperatingSystemSKU /format:LIST
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe "$f=[io.file]::ReadAllText('C:\Windows\Temp\MAS_7faedfbd-33d9-4432-a020-e7f1421cbfc1.cmd') -split ':winsubstatus\:.*';iex ($f[1])"
C:\Windows\System32\find.exe
find /i "Subscription_is_activated"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c "powershell.exe $AssemblyBuilder = [AppDomain]::CurrentDomain.DefineDynamicAssembly(4, 1); $ModuleBuilder = $AssemblyBuilder.DefineDynamicModule(2, $False); $TypeBuilder = $ModuleBuilder.DefineType(0); $meth = $TypeBuilder.DefinePInvokeMethod('BrandingFormatString', 'winbrand.dll', 'Public, Static', 1, [String], @([String]), 1, 3); $meth.SetImplementationFlags(128); $TypeBuilder.CreateType()::BrandingFormatString('%WINDOWS_LONG%')"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe $AssemblyBuilder = [AppDomain]::CurrentDomain.DefineDynamicAssembly(4, 1); $ModuleBuilder = $AssemblyBuilder.DefineDynamicModule(2, $False); $TypeBuilder = $ModuleBuilder.DefineType(0); $meth = $TypeBuilder.DefinePInvokeMethod('BrandingFormatString', 'winbrand.dll', 'Public, Static', 1, [String], @([String]), 1, 3); $meth.SetImplementationFlags(128); $TypeBuilder.CreateType()::BrandingFormatString('%WINDOWS_LONG%')
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo "Windows 11 Pro" "
C:\Windows\System32\find.exe
find /i "Windows"
C:\Windows\System32\sc.exe
sc start sppsvc
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe "$job = Start-Job { (Get-WmiObject -Query 'SELECT * FROM SoftwareLicensingService').Version }; if (-not (Wait-Job $job -Timeout 30)) {write-host 'sppsvc is not working correctly. Help - https://massgrave.dev/troubleshoot'}"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\Wbem\WMIC.exe
wmic path SoftwareLicensingProduct where (LicenseStatus='1' and GracePeriodRemaining='0' and PartialProductKey is not NULL AND LicenseDependsOn is NULL) get Name /value
C:\Windows\System32\findstr.exe
findstr /i "Windows"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c reg query "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment" /v PROCESSOR_ARCHITECTURE
C:\Windows\System32\reg.exe
reg query "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment" /v PROCESSOR_ARCHITECTURE
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c ver
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c ping -n 1 l.root-servers.net
C:\Windows\System32\PING.EXE
ping -n 1 l.root-servers.net
C:\Windows\System32\reg.exe
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\taskcache\tasks" /f Path /s
C:\Windows\System32\find.exe
find /i "AutoPico"
C:\Windows\System32\find.exe
find /i "avira.com" C:\Windows\System32\drivers\etc\hosts
C:\Windows\System32\find.exe
find /i "kaspersky.com" C:\Windows\System32\drivers\etc\hosts
C:\Windows\System32\find.exe
find /i "virustotal.com" C:\Windows\System32\drivers\etc\hosts
C:\Windows\System32\find.exe
find /i "mcafee.com" C:\Windows\System32\drivers\etc\hosts
C:\Windows\System32\sc.exe
sc start sppsvc
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo "1056" "
C:\Windows\System32\findstr.exe
findstr "577 225"
C:\Windows\System32\sc.exe
sc query Null
C:\Windows\System32\sc.exe
sc start ClipSVC
C:\Windows\System32\sc.exe
sc query ClipSVC
C:\Windows\System32\reg.exe
reg query HKLM\SYSTEM\CurrentControlSet\Services\ClipSVC /v DependOnService
C:\Windows\System32\reg.exe
reg query HKLM\SYSTEM\CurrentControlSet\Services\ClipSVC /v Description
C:\Windows\System32\reg.exe
reg query HKLM\SYSTEM\CurrentControlSet\Services\ClipSVC /v DisplayName
C:\Windows\System32\reg.exe
reg query HKLM\SYSTEM\CurrentControlSet\Services\ClipSVC /v ErrorControl
C:\Windows\System32\reg.exe
reg query HKLM\SYSTEM\CurrentControlSet\Services\ClipSVC /v ImagePath
C:\Windows\System32\reg.exe
reg query HKLM\SYSTEM\CurrentControlSet\Services\ClipSVC /v ObjectName
C:\Windows\System32\reg.exe
reg query HKLM\SYSTEM\CurrentControlSet\Services\ClipSVC /v Start
C:\Windows\System32\reg.exe
reg query HKLM\SYSTEM\CurrentControlSet\Services\ClipSVC /v Type
C:\Windows\System32\sc.exe
sc start wlidsvc
C:\Windows\System32\sc.exe
sc query wlidsvc
C:\Windows\System32\reg.exe
reg query HKLM\SYSTEM\CurrentControlSet\Services\wlidsvc /v DependOnService
C:\Windows\System32\reg.exe
reg query HKLM\SYSTEM\CurrentControlSet\Services\wlidsvc /v Description
C:\Windows\System32\reg.exe
reg query HKLM\SYSTEM\CurrentControlSet\Services\wlidsvc /v DisplayName
C:\Windows\System32\reg.exe
reg query HKLM\SYSTEM\CurrentControlSet\Services\wlidsvc /v ErrorControl
C:\Windows\System32\reg.exe
reg query HKLM\SYSTEM\CurrentControlSet\Services\wlidsvc /v ImagePath
C:\Windows\System32\reg.exe
reg query HKLM\SYSTEM\CurrentControlSet\Services\wlidsvc /v ObjectName
C:\Windows\System32\reg.exe
reg query HKLM\SYSTEM\CurrentControlSet\Services\wlidsvc /v Start
C:\Windows\System32\reg.exe
reg query HKLM\SYSTEM\CurrentControlSet\Services\wlidsvc /v Type
C:\Windows\System32\sc.exe
sc start sppsvc
C:\Windows\System32\sc.exe
sc query sppsvc
C:\Windows\System32\reg.exe
reg query HKLM\SYSTEM\CurrentControlSet\Services\sppsvc /v DependOnService
C:\Windows\System32\reg.exe
reg query HKLM\SYSTEM\CurrentControlSet\Services\sppsvc /v Description
C:\Windows\System32\reg.exe
reg query HKLM\SYSTEM\CurrentControlSet\Services\sppsvc /v DisplayName
C:\Windows\System32\reg.exe
reg query HKLM\SYSTEM\CurrentControlSet\Services\sppsvc /v ErrorControl
C:\Windows\System32\reg.exe
reg query HKLM\SYSTEM\CurrentControlSet\Services\sppsvc /v ImagePath
C:\Windows\System32\reg.exe
reg query HKLM\SYSTEM\CurrentControlSet\Services\sppsvc /v ObjectName
C:\Windows\System32\reg.exe
reg query HKLM\SYSTEM\CurrentControlSet\Services\sppsvc /v Start
C:\Windows\System32\reg.exe
reg query HKLM\SYSTEM\CurrentControlSet\Services\sppsvc /v Type
C:\Windows\System32\sc.exe
sc start KeyIso
C:\Windows\System32\sc.exe
sc query KeyIso
C:\Windows\System32\reg.exe
reg query HKLM\SYSTEM\CurrentControlSet\Services\KeyIso /v DependOnService
C:\Windows\System32\reg.exe
reg query HKLM\SYSTEM\CurrentControlSet\Services\KeyIso /v Description
C:\Windows\System32\reg.exe
reg query HKLM\SYSTEM\CurrentControlSet\Services\KeyIso /v DisplayName
C:\Windows\System32\reg.exe
reg query HKLM\SYSTEM\CurrentControlSet\Services\KeyIso /v ErrorControl
C:\Windows\System32\reg.exe
reg query HKLM\SYSTEM\CurrentControlSet\Services\KeyIso /v ImagePath
C:\Windows\System32\reg.exe
reg query HKLM\SYSTEM\CurrentControlSet\Services\KeyIso /v ObjectName
C:\Windows\System32\reg.exe
reg query HKLM\SYSTEM\CurrentControlSet\Services\KeyIso /v Start
C:\Windows\System32\reg.exe
reg query HKLM\SYSTEM\CurrentControlSet\Services\KeyIso /v Type
C:\Windows\System32\sc.exe
sc start LicenseManager
C:\Windows\System32\sc.exe
sc query LicenseManager
C:\Windows\System32\reg.exe
reg query HKLM\SYSTEM\CurrentControlSet\Services\LicenseManager /v DependOnService
C:\Windows\System32\reg.exe
reg query HKLM\SYSTEM\CurrentControlSet\Services\LicenseManager /v Description
C:\Windows\System32\reg.exe
reg query HKLM\SYSTEM\CurrentControlSet\Services\LicenseManager /v DisplayName
C:\Windows\System32\reg.exe
reg query HKLM\SYSTEM\CurrentControlSet\Services\LicenseManager /v ErrorControl
C:\Windows\System32\reg.exe
reg query HKLM\SYSTEM\CurrentControlSet\Services\LicenseManager /v ImagePath
C:\Windows\System32\reg.exe
reg query HKLM\SYSTEM\CurrentControlSet\Services\LicenseManager /v ObjectName
C:\Windows\System32\reg.exe
reg query HKLM\SYSTEM\CurrentControlSet\Services\LicenseManager /v Start
C:\Windows\System32\reg.exe
reg query HKLM\SYSTEM\CurrentControlSet\Services\LicenseManager /v Type
C:\Windows\System32\sc.exe
sc start Winmgmt
C:\Windows\System32\sc.exe
sc query Winmgmt
C:\Windows\System32\reg.exe
reg query HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt /v DependOnService
C:\Windows\System32\reg.exe
reg query HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt /v Description
C:\Windows\System32\reg.exe
reg query HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt /v DisplayName
C:\Windows\System32\reg.exe
reg query HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt /v ErrorControl
C:\Windows\System32\reg.exe
reg query HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt /v ImagePath
C:\Windows\System32\reg.exe
reg query HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt /v ObjectName
C:\Windows\System32\reg.exe
reg query HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt /v Start
C:\Windows\System32\reg.exe
reg query HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt /v Type
C:\Windows\System32\sc.exe
sc start ClipSVC
C:\Windows\System32\sc.exe
sc start wlidsvc
C:\Windows\System32\sc.exe
sc start sppsvc
C:\Windows\System32\sc.exe
sc start KeyIso
C:\Windows\System32\sc.exe
sc start LicenseManager
C:\Windows\System32\sc.exe
sc start Winmgmt
C:\Windows\System32\sc.exe
sc query ClipSVC
C:\Windows\System32\find.exe
find /i "RUNNING"
C:\Windows\System32\sc.exe
sc start ClipSVC
C:\Windows\System32\sc.exe
sc query wlidsvc
C:\Windows\System32\find.exe
find /i "RUNNING"
C:\Windows\System32\sc.exe
sc start wlidsvc
C:\Windows\System32\sc.exe
sc query sppsvc
C:\Windows\System32\find.exe
find /i "RUNNING"
C:\Windows\System32\sc.exe
sc start sppsvc
C:\Windows\System32\sc.exe
sc query KeyIso
C:\Windows\System32\find.exe
find /i "RUNNING"
C:\Windows\System32\sc.exe
sc start KeyIso
C:\Windows\System32\sc.exe
sc query LicenseManager
C:\Windows\System32\find.exe
find /i "RUNNING"
C:\Windows\System32\sc.exe
sc start LicenseManager
C:\Windows\System32\sc.exe
sc query Winmgmt
C:\Windows\System32\find.exe
find /i "RUNNING"
C:\Windows\System32\sc.exe
sc start Winmgmt
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\State" /v ImageState
C:\Windows\System32\reg.exe
reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\State" /v ImageState
C:\Windows\System32\reg.exe
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinPE" /v InstRoot
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c powershell.exe "$f=[io.file]::ReadAllText('C:\Windows\Temp\MAS_7faedfbd-33d9-4432-a020-e7f1421cbfc1.cmd') -split ':wpatest\:.*';iex ($f[1])" 2>nul
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe "$f=[io.file]::ReadAllText('C:\Windows\Temp\MAS_7faedfbd-33d9-4432-a020-e7f1421cbfc1.cmd') -split ':wpatest\:.*';iex ($f[1])"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo "11" "
C:\Windows\System32\find.exe
find /i "Error Found"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c "wmic path SoftwareLicensingProduct where (ApplicationID='55c92734-d682-4d71-983e-d6ec3f16059f' AND LicenseDependsOn is NULL AND PartialProductKey IS NOT NULL) get LicenseFamily /VALUE" 2>nul
C:\Windows\System32\Wbem\WMIC.exe
wmic path SoftwareLicensingProduct where (ApplicationID='55c92734-d682-4d71-983e-d6ec3f16059f' AND LicenseDependsOn is NULL AND PartialProductKey IS NOT NULL) get LicenseFamily /VALUE
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe "try { $null=([WMISEARCHER]'SELECT * FROM SoftwareLicensingService').Get().Version; exit 0 } catch { exit $_.Exception.InnerException.HResult }"
C:\Windows\System32\cmd.exe
cmd /c exit /b 0
C:\Windows\System32\Wbem\WMIC.exe
wmic path Win32_ComputerSystem get CreationClassName /value
C:\Windows\System32\find.exe
find /i "computersystem"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo "0" "
C:\Windows\System32\findstr.exe
findstr /i "0x800410 0x800440 0x80131501"
C:\Windows\System32\reg.exe
reg query "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\PersistedTSReArmed"
C:\Windows\System32\reg.exe
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ClipSVC\Volatile\PersistedSystemState"
C:\Windows\System32\reg.exe
reg query "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion"
C:\Windows\System32\reg.exe
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe"
C:\Windows\System32\reg.exe
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sppsvc.exe"
C:\Windows\System32\reg.exe
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sppsvc.exe\PerfOptions"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" /v "SkipRearm" 2>nul
C:\Windows\System32\reg.exe
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" /v "SkipRearm"
C:\Windows\System32\reg.exe
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Plugins\Objects\msft:rm/algorithm/hwid/4.0" /f ba02fed39662 /d
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" /v TokenStore 2>nul
C:\Windows\System32\reg.exe
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" /v TokenStore
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c "wmic path SoftwareLicensingProduct where (ApplicationID='55c92734-d682-4d71-983e-d6ec3f16059f' and PartialProductKey is not null) get ID /VALUE" 2>nul
C:\Windows\System32\Wbem\WMIC.exe
wmic path SoftwareLicensingProduct where (ApplicationID='55c92734-d682-4d71-983e-d6ec3f16059f' and PartialProductKey is not null) get ID /VALUE
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c powershell.exe "(Get-ScheduledTask -TaskName 'SvcRestartTask' -TaskPath '\Microsoft\Windows\SoftwareProtectionPlatform\').State" 2>nul
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe "(Get-ScheduledTask -TaskName 'SvcRestartTask' -TaskPath '\Microsoft\Windows\SoftwareProtectionPlatform\').State"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo "
C:\Windows\System32\find.exe
find /i "Ready"
C:\Windows\System32\reg.exe
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" /v "actionlist" /f
C:\Windows\System32\reg.exe
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe "$acl = (Get-Acl 'C:\Windows\System32\spp\store\2.0' | fl | Out-String); if (-not ($acl -match 'NT SERVICE\\sppsvc Allow FullControl') -or ($acl -match 'NT SERVICE\\sppsvc Deny')) {Exit 2}"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe "$acl = (Get-Acl 'HKLM:\SYSTEM\WPA' | fl | Out-String); if (-not ($acl -match 'NT SERVICE\\sppsvc Allow QueryValues, EnumerateSubKeys, WriteKey') -or ($acl -match 'NT SERVICE\\sppsvc Deny')) {Exit 2}"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe "$acl = (Get-Acl 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' | fl | Out-String); if (-not ($acl -match 'NT SERVICE\\sppsvc Allow SetValue') -or ($acl -match 'NT SERVICE\\sppsvc Deny')) {Exit 2}"
C:\Windows\System32\reg.exe
reg query "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion"
C:\Windows\System32\reg.exe
reg query "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Policies"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe "$netServ = (New-Object Security.Principal.SecurityIdentifier('S-1-5-20')).Translate([Security.Principal.NTAccount]).Value; $aclString = Get-Acl 'Registry::HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Policies' | Format-List | Out-String; if (-not ($aclString.Contains($netServ + ' Allow FullControl') -or $aclString.Contains('NT SERVICE\sppsvc Allow FullControl')) -or ($aclString.Contains('Deny'))) {Exit 3}"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c "wmic path SoftwareLicensingProduct where (ApplicationID='55c92734-d682-4d71-983e-d6ec3f16059f') get ID /VALUE" 2>nul
C:\Windows\System32\Wbem\WMIC.exe
wmic path SoftwareLicensingProduct where (ApplicationID='55c92734-d682-4d71-983e-d6ec3f16059f') get ID /VALUE
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo "040fa323-92b1-4baf-97a2-5b67feaefddb 0724cb7d-3437-4cb7-93cb-830375d0079d 0ad2ac98-7bb9-4201-8d92-312299201369 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5 221a02da-e2a1-4b75-864c-0a4410a33fdf 291ece0e-9c38-40ca-a9e1-32cc7ec19507 2936d1d2-913a-4542-b54e-ce5a602a2a38 2c293c26-a45a-4a2a-a350-c69a67097529 2de67392-b7a7-462a-b1ca-108dd189f588 2ffd8952-423e-4903-b993-72a1aa44cf82 30a42c86-b7a0-4a34-8c90-ff177cb2acb7 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf 3502365a-f88a-4ba4-822a-5769d3073b65 377333b1-8b5d-48d6-9679-1225c872d37c 3df374ef-d444-4494-a5a1-4b0d9fd0e203 3f1afc82-f8ac-4f6c-8005-1d233e606eee 49cd895b-53b2-4dc4-a5f7-b18aa019ad37 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c 4f3da0d2-271d-4508-ae81-626b60809a38 5d78c4e9-aeb3-4b40-8ac2-6a6005e0ad6d 60b3ec1b-9545-4921-821f-311b129dd6f6 613d217f-7f13-4268-9907-1662339531cd 62f0c100-9c53-4e02-b886-a3528ddfe7f6 6365275e-368d-46ca-a0ef-fc0404119333 721f9237-9341-4453-a661-09e8baa6cca5 73111121-5638-40f6-bc11-f1d7b0d64300 7a802526-4c94-4bd1-ba14-835a1aca2120 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69 82bbc092-bc50-4e16-8e18-b74fc486aec3 8ab9bdd1-1f67-4997-82d9-8878520837d9 8b351c9c-f398-4515-9900-09df49427262 90da7373-1c51-430b-bf26-c97e9c5cdc31 92fb8726-92a8-4ffc-94ce-f82e07444653 95dca82f-385d-4d39-b85b-5c73fa285d6f a48938aa-62fa-4966-9d44-9f04da3f72f2 b0773a15-df3a-4312-9ad2-83d69648e356 b4bfe195-541e-4e64-ad23-6177f19e395e b68e61d2-68ca-4757-be45-0cc2f3e68eee bd3762d7-270d-4760-8fb3-d829ca45278a c86d5194-4840-4dae-9c1c-0301003a5ab0 ca7df2e3-5ea0-47b8-9ac1-b1be4d8edd69 d552befb-48cc-4327-8f39-47d2d94f987c d6eadb3b-5ca8-4a6b-986e-35b550756111 df96023b-dcd9-4be2-afa0-c6c871159ebe e0c42288-980c-4788-a014-c080d2e1926e e4db50ea-bda1-4566-b047-0ca50abc6f07 e558417a-5123-4f6f-91e7-385c1c7ca9d4 e7a950a2-e548-4f10-bf16-02ec848e0643 eb6d346f-1c60-4643-b960-40ec31596c45 ec868e65-fadf-4759-b23e-93fe37f2cc29 ef51e000-2659-4f25-8345-3de70a9cf4c4 f7af7d09-40e4-419c-a49b-eae366689ebd fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab fe74f55b-0338-41d6-b267-4a201abe7285 " "
C:\Windows\System32\find.exe
find /i "4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c"
C:\Windows\System32\Wbem\WMIC.exe
wmic path SoftwareLicensingService where __CLASS='SoftwareLicensingService' call InstallProductKey ProductKey="VK7JG-NPHTM-C97JM-9MPGT-3V66T"
C:\Windows\System32\cmd.exe
cmd /c exit /b 0
C:\Windows\System32\Wbem\WMIC.exe
wmic path SoftwareLicensingService where __CLASS='SoftwareLicensingService' call RefreshLicenseStatus
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c reg query "HKCU\Control Panel\International\Geo" /v Name 2>nul
C:\Windows\System32\reg.exe
reg query "HKCU\Control Panel\International\Geo" /v Name
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c reg query "HKCU\Control Panel\International\Geo" /v Nation 2>nul
C:\Windows\System32\reg.exe
reg query "HKCU\Control Panel\International\Geo" /v Nation
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c powershell.exe [convert]::ToBase64String([Text.Encoding]::Unicode.GetBytes("""OSMajorVersion=5;OSMinorVersion=1;OSPlatformId=2;PP=0;Pfn=Microsoft.Windows.48.X19-98841_8wekyb3d8bbwe;PKeyIID=465145217131314304264339481117862266242033457260311819664735280;$([char]0)"""))
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe [convert]::ToBase64String([Text.Encoding]::Unicode.GetBytes("""OSMajorVersion=5;OSMinorVersion=1;OSPlatformId=2;PP=0;Pfn=Microsoft.Windows.48.X19-98841_8wekyb3d8bbwe;PKeyIID=465145217131314304264339481117862266242033457260311819664735280;$([char]0)"""))
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo "TwBTAE0AYQBqAG8AcgBWAGUAcgBzAGkAbwBuAD0ANQA7AE8AUwBNAGkAbgBvAHIAVgBlAHIAcwBpAG8AbgA9ADEAOwBPAFMAUABsAGEAdABmAG8AcgBtAEkAZAA9ADIAOwBQAFAAPQAwADsAUABmAG4APQBNAGkAYwByAG8AcwBvAGYAdAAuAFcAaQBuAGQAbwB3AHMALgA0ADgALgBYADEAOQAtADkAOAA4ADQAMQBfADgAdwBlAGsAeQBiADMAZAA4AGIAYgB3AGUAOwBQAEsAZQB5AEkASQBEAD0ANAA2ADUAMQA0ADUAMgAxADcAMQAzADEAMwAxADQAMwAwADQAMgA2ADQAMwAzADkANAA4ADEAMQAxADcAOAA2ADIAMgA2ADYAMgA0ADIAMAAzADMANAA1ADcAMgA2ADAAMwAxADEAOAAxADkANgA2ADQANwAzADUAMgA4ADAAOwAAAA==" "
C:\Windows\System32\find.exe
find "AAAA"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe "Start-Job { Restart-Service ClipSVC } | Wait-Job -Timeout 20 | Out-Null"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\system32\Clipup.exe
"C:\Windows\system32\Clipup.exe" -o
C:\Windows\system32\Clipup.exe
"C:\Windows\system32\Clipup.exe" -o -ppl C:\Windows\SystemTemp\temC005.tmp
C:\Windows\System32\ClipUp.exe
clipup -v -o
C:\Windows\System32\clipup.exe
clipup -v -o -ppl C:\Users\Admin\AppData\Local\Temp\temC758.tmp
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c "powershell.exe $AssemblyBuilder = [AppDomain]::CurrentDomain.DefineDynamicAssembly(4, 1); $ModuleBuilder = $AssemblyBuilder.DefineDynamicModule(2, $False); $TypeBuilder = $ModuleBuilder.DefineType(0); $meth = $TypeBuilder.DefinePInvokeMethod('BrandingFormatString', 'winbrand.dll', 'Public, Static', 1, [String], @([String]), 1, 3); $meth.SetImplementationFlags(128); $TypeBuilder.CreateType()::BrandingFormatString('%WINDOWS_LONG%')"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe $AssemblyBuilder = [AppDomain]::CurrentDomain.DefineDynamicAssembly(4, 1); $ModuleBuilder = $AssemblyBuilder.DefineDynamicModule(2, $False); $TypeBuilder = $ModuleBuilder.DefineType(0); $meth = $TypeBuilder.DefinePInvokeMethod('BrandingFormatString', 'winbrand.dll', 'Public, Static', 1, [String], @([String]), 1, 3); $meth.SetImplementationFlags(128); $TypeBuilder.CreateType()::BrandingFormatString('%WINDOWS_LONG%')
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo "Windows 11 Pro" "
C:\Windows\System32\find.exe
find /i "Windows"
C:\Windows\System32\Wbem\WMIC.exe
wmic path SoftwareLicensingProduct where "ApplicationID='55c92734-d682-4d71-983e-d6ec3f16059f' AND PartialProductKey IS NOT NULL AND LicenseDependsOn is NULL" call Activate
C:\Windows\System32\cmd.exe
cmd /c exit /b 0
C:\Windows\System32\Wbem\WMIC.exe
wmic path SoftwareLicensingProduct where (LicenseStatus='1' and GracePeriodRemaining='0' and PartialProductKey is not NULL AND LicenseDependsOn is NULL) get Name /value
C:\Windows\System32\findstr.exe
findstr /i "Windows"
C:\Windows\System32\reg.exe
reg delete "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\PersistedSystemState" /v "State" /f
C:\Windows\System32\reg.exe
reg delete "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\PersistedSystemState" /v "SuppressRulesEngine" /f
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe "Start-Job { Stop-Service sppsvc -force } | Wait-Job -Timeout 20 | Out-Null; $TB = [AppDomain]::CurrentDomain.DefineDynamicAssembly(4, 1).DefineDynamicModule(2, $False).DefineType(0); [void]$TB.DefinePInvokeMethod('SLpTriggerServiceWorker', 'sppc.dll', 22, 1, [Int32], @([UInt32], [IntPtr], [String], [UInt32]), 1, 3); [void]$TB.CreateType()::SLpTriggerServiceWorker(0, 0, 'reeval', 0)"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\mode.com
mode 76, 33
C:\Windows\System32\choice.exe
choice /C:123456789H0 /N
C:\Windows\System32\mode.com
mode 98, 30
C:\Windows\System32\cmd.exe
cmd /c "wmic path Win32_ComputerSystem get CreationClassName /value"
C:\Windows\System32\find.exe
find /i "computersystem"
C:\Windows\System32\Wbem\WMIC.exe
wmic path Win32_ComputerSystem get CreationClassName /value
C:\Windows\System32\sc.exe
sc start sppsvc
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe "$job = Start-Job { (Get-WmiObject -Query 'SELECT * FROM SoftwareLicensingService').Version }; if (-not (Wait-Job $job -Timeout 30)) {write-host 'sppsvc is not working correctly. Help - https://massgrave.dev/troubleshoot'}"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c ver
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c "wmic path SoftwareLicensingProduct where (ApplicationID='55c92734-d682-4d71-983e-d6ec3f16059f' and PartialProductKey is not null) get ID /VALUE" 2>nul
C:\Windows\System32\Wbem\WMIC.exe
wmic path SoftwareLicensingProduct where (ApplicationID='55c92734-d682-4d71-983e-d6ec3f16059f' and PartialProductKey is not null) get ID /VALUE
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c DISM /English /Online /Get-CurrentEdition 2>nul | find /i "Current Edition :"
C:\Windows\System32\Dism.exe
DISM /English /Online /Get-CurrentEdition
C:\Windows\System32\find.exe
find /i "Current Edition :"
C:\Users\Admin\AppData\Local\Temp\BA2549D1-BB80-48DB-953B-5AA600DAFFD9\dismhost.exe
C:\Users\Admin\AppData\Local\Temp\BA2549D1-BB80-48DB-953B-5AA600DAFFD9\dismhost.exe {3405701D-FA9F-48EF-A636-A7ADF2F0F962}
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c "wmic path SoftwareLicensingProduct where (ApplicationID='55c92734-d682-4d71-983e-d6ec3f16059f' AND LicenseDependsOn is NULL AND PartialProductKey IS NOT NULL) get LicenseFamily /VALUE" 2>nul
C:\Windows\System32\Wbem\WMIC.exe
wmic path SoftwareLicensingProduct where (ApplicationID='55c92734-d682-4d71-983e-d6ec3f16059f' AND LicenseDependsOn is NULL AND PartialProductKey IS NOT NULL) get LicenseFamily /VALUE
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v EditionID 2>nul
C:\Windows\System32\reg.exe
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v EditionID
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v BuildBranch 2>nul
C:\Windows\System32\reg.exe
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v BuildBranch
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c dism /online /english /Get-TargetEditions | findstr /i /c:"Target Edition : "
C:\Windows\System32\Dism.exe
dism /online /english /Get-TargetEditions
C:\Windows\System32\findstr.exe
findstr /i /c:"Target Edition : "
C:\Users\Admin\AppData\Local\Temp\BC1E8C57-6D12-4E19-82CD-C2505618D898\dismhost.exe
C:\Users\Admin\AppData\Local\Temp\BC1E8C57-6D12-4E19-82CD-C2505618D898\dismhost.exe {66A8D2FB-9B44-4F0E-96BB-5F54777F08AF}
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c "wmic path SoftwareLicensingProduct where (ApplicationID='55c92734-d682-4d71-983e-d6ec3f16059f' AND LicenseDependsOn is NULL) get LicenseFamily /VALUE" 2>nul
C:\Windows\System32\Wbem\WMIC.exe
wmic path SoftwareLicensingProduct where (ApplicationID='55c92734-d682-4d71-983e-d6ec3f16059f' AND LicenseDependsOn is NULL) get LicenseFamily /VALUE
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo "" "
C:\Windows\System32\find.exe
find /i " ProfessionalWorkstation "
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo " ProfessionalWorkstation " "
C:\Windows\System32\find.exe
find /i " ServerRdsh "
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo " ProfessionalWorkstation ServerRdsh " "
C:\Windows\System32\find.exe
find /i " Education "
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo " ProfessionalWorkstation ServerRdsh Education " "
C:\Windows\System32\find.exe
find /i " ServerRdsh "
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo " ProfessionalWorkstation ServerRdsh Education " "
C:\Windows\System32\find.exe
find /i " Education "
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo " ProfessionalWorkstation ServerRdsh Education " "
C:\Windows\System32\find.exe
find /i " Enterprise "
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo " ProfessionalWorkstation ServerRdsh Education Enterprise " "
C:\Windows\System32\find.exe
find /i " ProfessionalWorkstation "
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo " ProfessionalWorkstation ServerRdsh Education Enterprise " "
C:\Windows\System32\find.exe
find /i " ProfessionalEducation "
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo " ProfessionalWorkstation ServerRdsh Education Enterprise ProfessionalEducation " "
C:\Windows\System32\find.exe
find /i " ProfessionalWorkstation "
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo " ProfessionalWorkstation ServerRdsh Education Enterprise ProfessionalEducation " "
C:\Windows\System32\find.exe
find /i " ProfessionalEducation "
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo " ProfessionalWorkstation ServerRdsh Education Enterprise ProfessionalEducation " "
C:\Windows\System32\find.exe
find /i " ProfessionalEducation "
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo " ProfessionalWorkstation ServerRdsh Education Enterprise ProfessionalEducation " "
C:\Windows\System32\find.exe
find /i " CloudEdition "
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo " ProfessionalWorkstation ServerRdsh Education Enterprise ProfessionalEducation CloudEdition " "
C:\Windows\System32\find.exe
find /i " ProfessionalWorkstation "
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo " ProfessionalWorkstation ServerRdsh Education Enterprise ProfessionalEducation CloudEdition " "
C:\Windows\System32\find.exe
find /i " ProfessionalEducation "
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo " ProfessionalWorkstation ServerRdsh Education Enterprise ProfessionalEducation CloudEdition " "
C:\Windows\System32\find.exe
find /i " ProfessionalWorkstation "
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo " ProfessionalWorkstation ServerRdsh Education Enterprise ProfessionalEducation CloudEdition " "
C:\Windows\System32\find.exe
find /i " ProfessionalWorkstation "
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo " ProfessionalWorkstation ServerRdsh Education Enterprise ProfessionalEducation CloudEdition " "
C:\Windows\System32\find.exe
find /i " Enterprise "
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo " ProfessionalWorkstation ServerRdsh Education Enterprise ProfessionalEducation CloudEdition " "
C:\Windows\System32\find.exe
find /i " ProfessionalWorkstation "
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo " ProfessionalWorkstation ServerRdsh Education Enterprise ProfessionalEducation CloudEdition " "
C:\Windows\System32\find.exe
find /i " Enterprise "
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo " ProfessionalWorkstation ServerRdsh Education Enterprise ProfessionalEducation CloudEdition " "
C:\Windows\System32\find.exe
find /i " ProfessionalWorkstation "
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo " ProfessionalWorkstation ServerRdsh Education Enterprise ProfessionalEducation CloudEdition " "
C:\Windows\System32\find.exe
find /i " IoTEnterprise "
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo " ProfessionalWorkstation ServerRdsh Education Enterprise ProfessionalEducation CloudEdition IoTEnterprise " "
C:\Windows\System32\find.exe
find /i " Enterprise "
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo " ProfessionalWorkstation ServerRdsh Education Enterprise ProfessionalEducation CloudEdition IoTEnterprise " "
C:\Windows\System32\find.exe
find /i " ProfessionalWorkstation "
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo " ProfessionalWorkstation ServerRdsh Education Enterprise ProfessionalEducation CloudEdition IoTEnterprise " "
C:\Windows\System32\find.exe
find /i " CloudEdition "
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo " ProfessionalWorkstation ServerRdsh Education Enterprise ProfessionalEducation CloudEdition IoTEnterprise " "
C:\Windows\System32\find.exe
find /i " ProfessionalWorkstation "
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo " ProfessionalWorkstation ServerRdsh Education Enterprise ProfessionalEducation CloudEdition IoTEnterprise " "
C:\Windows\System32\find.exe
find /i " ProfessionalSingleLanguage "
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo " ProfessionalWorkstation ServerRdsh Education Enterprise ProfessionalEducation CloudEdition IoTEnterprise ProfessionalSingleLanguage " "
C:\Windows\System32\find.exe
find /i " Education "
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo " ProfessionalWorkstation ServerRdsh Education Enterprise ProfessionalEducation CloudEdition IoTEnterprise ProfessionalSingleLanguage " "
C:\Windows\System32\find.exe
find /i " IoTEnterprise "
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo " ProfessionalWorkstation ServerRdsh Education Enterprise ProfessionalEducation CloudEdition IoTEnterprise ProfessionalSingleLanguage " "
C:\Windows\System32\find.exe
find /i " CloudEdition "
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo " ProfessionalWorkstation ServerRdsh Education Enterprise ProfessionalEducation CloudEdition IoTEnterprise ProfessionalSingleLanguage " "
C:\Windows\System32\find.exe
find /i " ProfessionalWorkstation "
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo " ProfessionalWorkstation ServerRdsh Education Enterprise ProfessionalEducation CloudEdition IoTEnterprise ProfessionalSingleLanguage " "
C:\Windows\System32\find.exe
find /i " ServerRdsh "
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo " ProfessionalWorkstation ServerRdsh Education Enterprise ProfessionalEducation CloudEdition IoTEnterprise ProfessionalSingleLanguage " "
C:\Windows\System32\find.exe
find /i " Education "
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo " ProfessionalWorkstation ServerRdsh Education Enterprise ProfessionalEducation CloudEdition IoTEnterprise ProfessionalSingleLanguage " "
C:\Windows\System32\find.exe
find /i " ServerRdsh "
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo " ProfessionalWorkstation ServerRdsh Education Enterprise ProfessionalEducation CloudEdition IoTEnterprise ProfessionalSingleLanguage " "
C:\Windows\System32\find.exe
find /i " Education "
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo " ProfessionalWorkstation ServerRdsh Education Enterprise ProfessionalEducation CloudEdition IoTEnterprise ProfessionalSingleLanguage " "
C:\Windows\System32\find.exe
find /i " ProfessionalEducation "
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo " ProfessionalWorkstation ServerRdsh Education Enterprise ProfessionalEducation CloudEdition IoTEnterprise ProfessionalSingleLanguage " "
C:\Windows\System32\find.exe
find /i " ProfessionalWorkstation "
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo " ProfessionalWorkstation ServerRdsh Education Enterprise ProfessionalEducation CloudEdition IoTEnterprise ProfessionalSingleLanguage " "
C:\Windows\System32\find.exe
find /i " ServerRdsh "
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo " ProfessionalWorkstation ServerRdsh Education Enterprise ProfessionalEducation CloudEdition IoTEnterprise ProfessionalSingleLanguage " "
C:\Windows\System32\find.exe
find /i " ProfessionalCountrySpecific "
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo " ProfessionalWorkstation ServerRdsh Education Enterprise ProfessionalEducation CloudEdition IoTEnterprise ProfessionalSingleLanguage ProfessionalCountrySpecific " "
C:\Windows\System32\find.exe
find /i " ServerRdsh "
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo ProfessionalWorkstation "
C:\Windows\System32\findstr.exe
findstr /i "CountrySpecific CloudEdition"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo ServerRdsh "
C:\Windows\System32\findstr.exe
findstr /i "CountrySpecific CloudEdition"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo Education "
C:\Windows\System32\findstr.exe
findstr /i "CountrySpecific CloudEdition"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo Enterprise "
C:\Windows\System32\findstr.exe
findstr /i "CountrySpecific CloudEdition"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo ProfessionalEducation "
C:\Windows\System32\findstr.exe
findstr /i "CountrySpecific CloudEdition"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo CloudEdition "
C:\Windows\System32\findstr.exe
findstr /i "CountrySpecific CloudEdition"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo IoTEnterprise "
C:\Windows\System32\findstr.exe
findstr /i "CountrySpecific CloudEdition"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo ProfessionalSingleLanguage "
C:\Windows\System32\findstr.exe
findstr /i "CountrySpecific CloudEdition"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo ProfessionalCountrySpecific "
C:\Windows\System32\findstr.exe
findstr /i "CountrySpecific CloudEdition"
C:\Windows\System32\mode.com
mode 98, 30
C:\Windows\System32\mode.com
mode 76, 33
C:\Windows\System32\choice.exe
choice /C:123456789H0 /N
C:\Windows\System32\mode.com
mode 76, 25
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c tasklist | findstr /I ".exe" 2>nul
C:\Windows\System32\tasklist.exe
tasklist
C:\Windows\System32\findstr.exe
findstr /I ".exe"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo -smss.exe- -csrss.exe- -wininit.exe- -csrss.exe- -winlogon.exe- -services.exe- -lsass.exe- -svchost.exe- -fontdrvhost.exe- -fontdrvhost.exe- -svchost.exe- -svchost.exe- -dwm.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -spoolsv.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sysmon.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sihost.exe- -svchost.exe- -unsecapp.exe- -explorer.exe- -svchost.exe- -svchost.exe- -SearchHost.exe- -RuntimeBroker.exe- -RuntimeBroker.exe- -svchost.exe- -dllhost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -OfficeClickToRun.exe- -svchost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -chrome.exe- -powershell.exe- -conhost.exe- -svchost.exe- -cmd.exe- -conhost.exe- -powershell.exe- -cmd.exe- -WmiPrvSE.exe- -svchost.exe- -sppsvc.exe- -cmd.exe- -tasklist.exe- -findstr.exe- "
C:\Windows\System32\find.exe
find /i "-msaccess.exe-"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo -smss.exe- -csrss.exe- -wininit.exe- -csrss.exe- -winlogon.exe- -services.exe- -lsass.exe- -svchost.exe- -fontdrvhost.exe- -fontdrvhost.exe- -svchost.exe- -svchost.exe- -dwm.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -spoolsv.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sysmon.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sihost.exe- -svchost.exe- -unsecapp.exe- -explorer.exe- -svchost.exe- -svchost.exe- -SearchHost.exe- -RuntimeBroker.exe- -RuntimeBroker.exe- -svchost.exe- -dllhost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -OfficeClickToRun.exe- -svchost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -chrome.exe- -powershell.exe- -conhost.exe- -svchost.exe- -cmd.exe- -conhost.exe- -powershell.exe- -cmd.exe- -WmiPrvSE.exe- -svchost.exe- -sppsvc.exe- -cmd.exe- -tasklist.exe- -findstr.exe- "
C:\Windows\System32\find.exe
find /i "-excel.exe-"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo -smss.exe- -csrss.exe- -wininit.exe- -csrss.exe- -winlogon.exe- -services.exe- -lsass.exe- -svchost.exe- -fontdrvhost.exe- -fontdrvhost.exe- -svchost.exe- -svchost.exe- -dwm.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -spoolsv.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sysmon.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sihost.exe- -svchost.exe- -unsecapp.exe- -explorer.exe- -svchost.exe- -svchost.exe- -SearchHost.exe- -RuntimeBroker.exe- -RuntimeBroker.exe- -svchost.exe- -dllhost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -OfficeClickToRun.exe- -svchost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -chrome.exe- -powershell.exe- -conhost.exe- -svchost.exe- -cmd.exe- -conhost.exe- -powershell.exe- -cmd.exe- -WmiPrvSE.exe- -svchost.exe- -sppsvc.exe- -cmd.exe- -tasklist.exe- -findstr.exe- "
C:\Windows\System32\find.exe
find /i "-groove.exe-"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo -smss.exe- -csrss.exe- -wininit.exe- -csrss.exe- -winlogon.exe- -services.exe- -lsass.exe- -svchost.exe- -fontdrvhost.exe- -fontdrvhost.exe- -svchost.exe- -svchost.exe- -dwm.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -spoolsv.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sysmon.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sihost.exe- -svchost.exe- -unsecapp.exe- -explorer.exe- -svchost.exe- -svchost.exe- -SearchHost.exe- -RuntimeBroker.exe- -RuntimeBroker.exe- -svchost.exe- -dllhost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -OfficeClickToRun.exe- -svchost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -chrome.exe- -powershell.exe- -conhost.exe- -svchost.exe- -cmd.exe- -conhost.exe- -powershell.exe- -cmd.exe- -WmiPrvSE.exe- -svchost.exe- -sppsvc.exe- -cmd.exe- -tasklist.exe- -findstr.exe- "
C:\Windows\System32\find.exe
find /i "-lync.exe-"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo -smss.exe- -csrss.exe- -wininit.exe- -csrss.exe- -winlogon.exe- -services.exe- -lsass.exe- -svchost.exe- -fontdrvhost.exe- -fontdrvhost.exe- -svchost.exe- -svchost.exe- -dwm.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -spoolsv.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sysmon.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sihost.exe- -svchost.exe- -unsecapp.exe- -explorer.exe- -svchost.exe- -svchost.exe- -SearchHost.exe- -RuntimeBroker.exe- -RuntimeBroker.exe- -svchost.exe- -dllhost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -OfficeClickToRun.exe- -svchost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -chrome.exe- -powershell.exe- -conhost.exe- -svchost.exe- -cmd.exe- -conhost.exe- -powershell.exe- -cmd.exe- -WmiPrvSE.exe- -svchost.exe- -sppsvc.exe- -cmd.exe- -tasklist.exe- -findstr.exe- "
C:\Windows\System32\find.exe
find /i "-onenote.exe-"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo -smss.exe- -csrss.exe- -wininit.exe- -csrss.exe- -winlogon.exe- -services.exe- -lsass.exe- -svchost.exe- -fontdrvhost.exe- -fontdrvhost.exe- -svchost.exe- -svchost.exe- -dwm.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -spoolsv.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sysmon.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sihost.exe- -svchost.exe- -unsecapp.exe- -explorer.exe- -svchost.exe- -svchost.exe- -SearchHost.exe- -RuntimeBroker.exe- -RuntimeBroker.exe- -svchost.exe- -dllhost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -OfficeClickToRun.exe- -svchost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -chrome.exe- -powershell.exe- -conhost.exe- -svchost.exe- -cmd.exe- -conhost.exe- -powershell.exe- -cmd.exe- -WmiPrvSE.exe- -svchost.exe- -sppsvc.exe- -cmd.exe- -tasklist.exe- -findstr.exe- "
C:\Windows\System32\find.exe
find /i "-outlook.exe-"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo -smss.exe- -csrss.exe- -wininit.exe- -csrss.exe- -winlogon.exe- -services.exe- -lsass.exe- -svchost.exe- -fontdrvhost.exe- -fontdrvhost.exe- -svchost.exe- -svchost.exe- -dwm.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -spoolsv.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sysmon.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sihost.exe- -svchost.exe- -unsecapp.exe- -explorer.exe- -svchost.exe- -svchost.exe- -SearchHost.exe- -RuntimeBroker.exe- -RuntimeBroker.exe- -svchost.exe- -dllhost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -OfficeClickToRun.exe- -svchost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -chrome.exe- -powershell.exe- -conhost.exe- -svchost.exe- -cmd.exe- -conhost.exe- -powershell.exe- -cmd.exe- -WmiPrvSE.exe- -svchost.exe- -sppsvc.exe- -cmd.exe- -tasklist.exe- -findstr.exe- "
C:\Windows\System32\find.exe
find /i "-powerpnt.exe-"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo -smss.exe- -csrss.exe- -wininit.exe- -csrss.exe- -winlogon.exe- -services.exe- -lsass.exe- -svchost.exe- -fontdrvhost.exe- -fontdrvhost.exe- -svchost.exe- -svchost.exe- -dwm.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -spoolsv.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sysmon.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sihost.exe- -svchost.exe- -unsecapp.exe- -explorer.exe- -svchost.exe- -svchost.exe- -SearchHost.exe- -RuntimeBroker.exe- -RuntimeBroker.exe- -svchost.exe- -dllhost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -OfficeClickToRun.exe- -svchost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -chrome.exe- -powershell.exe- -conhost.exe- -svchost.exe- -cmd.exe- -conhost.exe- -powershell.exe- -cmd.exe- -WmiPrvSE.exe- -svchost.exe- -sppsvc.exe- -cmd.exe- -tasklist.exe- -findstr.exe- "
C:\Windows\System32\find.exe
find /i "-winproj.exe-"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo -smss.exe- -csrss.exe- -wininit.exe- -csrss.exe- -winlogon.exe- -services.exe- -lsass.exe- -svchost.exe- -fontdrvhost.exe- -fontdrvhost.exe- -svchost.exe- -svchost.exe- -dwm.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -spoolsv.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sysmon.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sihost.exe- -svchost.exe- -unsecapp.exe- -explorer.exe- -svchost.exe- -svchost.exe- -SearchHost.exe- -RuntimeBroker.exe- -RuntimeBroker.exe- -svchost.exe- -dllhost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -OfficeClickToRun.exe- -svchost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -chrome.exe- -powershell.exe- -conhost.exe- -svchost.exe- -cmd.exe- -conhost.exe- -powershell.exe- -cmd.exe- -WmiPrvSE.exe- -svchost.exe- -sppsvc.exe- -cmd.exe- -tasklist.exe- -findstr.exe- "
C:\Windows\System32\find.exe
find /i "-mspub.exe-"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo -smss.exe- -csrss.exe- -wininit.exe- -csrss.exe- -winlogon.exe- -services.exe- -lsass.exe- -svchost.exe- -fontdrvhost.exe- -fontdrvhost.exe- -svchost.exe- -svchost.exe- -dwm.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -spoolsv.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sysmon.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sihost.exe- -svchost.exe- -unsecapp.exe- -explorer.exe- -svchost.exe- -svchost.exe- -SearchHost.exe- -RuntimeBroker.exe- -RuntimeBroker.exe- -svchost.exe- -dllhost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -OfficeClickToRun.exe- -svchost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -chrome.exe- -powershell.exe- -conhost.exe- -svchost.exe- -cmd.exe- -conhost.exe- -powershell.exe- -cmd.exe- -WmiPrvSE.exe- -svchost.exe- -sppsvc.exe- -cmd.exe- -tasklist.exe- -findstr.exe- "
C:\Windows\System32\find.exe
find /i "-visio.exe-"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo -smss.exe- -csrss.exe- -wininit.exe- -csrss.exe- -winlogon.exe- -services.exe- -lsass.exe- -svchost.exe- -fontdrvhost.exe- -fontdrvhost.exe- -svchost.exe- -svchost.exe- -dwm.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -spoolsv.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sysmon.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sihost.exe- -svchost.exe- -unsecapp.exe- -explorer.exe- -svchost.exe- -svchost.exe- -SearchHost.exe- -RuntimeBroker.exe- -RuntimeBroker.exe- -svchost.exe- -dllhost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -OfficeClickToRun.exe- -svchost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -chrome.exe- -powershell.exe- -conhost.exe- -svchost.exe- -cmd.exe- -conhost.exe- -powershell.exe- -cmd.exe- -WmiPrvSE.exe- -svchost.exe- -sppsvc.exe- -cmd.exe- -tasklist.exe- -findstr.exe- "
C:\Windows\System32\find.exe
find /i "-winword.exe-"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo -smss.exe- -csrss.exe- -wininit.exe- -csrss.exe- -winlogon.exe- -services.exe- -lsass.exe- -svchost.exe- -fontdrvhost.exe- -fontdrvhost.exe- -svchost.exe- -svchost.exe- -dwm.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -spoolsv.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sysmon.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sihost.exe- -svchost.exe- -unsecapp.exe- -explorer.exe- -svchost.exe- -svchost.exe- -SearchHost.exe- -RuntimeBroker.exe- -RuntimeBroker.exe- -svchost.exe- -dllhost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -OfficeClickToRun.exe- -svchost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -chrome.exe- -powershell.exe- -conhost.exe- -svchost.exe- -cmd.exe- -conhost.exe- -powershell.exe- -cmd.exe- -WmiPrvSE.exe- -svchost.exe- -sppsvc.exe- -cmd.exe- -tasklist.exe- -findstr.exe- "
C:\Windows\System32\find.exe
find /i "-lime.exe-"
C:\Windows\System32\choice.exe
choice /C:1230 /N
C:\Windows\System32\mode.com
mode 130, 32
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe "&{$W=$Host.UI.RawUI.WindowSize;$B=$Host.UI.RawUI.BufferSize;$W.Height=32;$B.Height=300;$Host.UI.RawUI.WindowSize=$W;$Host.UI.RawUI.BufferSize=$B;}"
C:\Windows\System32\reg.exe
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\taskcache\tasks" /f Path /s
C:\Windows\System32\find.exe
find /i "AutoPico"
C:\Windows\System32\find.exe
find /i "avira.com" C:\Windows\System32\drivers\etc\hosts
C:\Windows\System32\find.exe
find /i "kaspersky.com" C:\Windows\System32\drivers\etc\hosts
C:\Windows\System32\find.exe
find /i "virustotal.com" C:\Windows\System32\drivers\etc\hosts
C:\Windows\System32\find.exe
find /i "mcafee.com" C:\Windows\System32\drivers\etc\hosts
C:\Windows\System32\sc.exe
sc start sppsvc
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo "1056" "
C:\Windows\System32\findstr.exe
findstr "577 225"
C:\Windows\System32\cmd.exe
cmd /c "wmic path Win32_ComputerSystem get CreationClassName /value"
C:\Windows\System32\find.exe
find /i "computersystem"
C:\Windows\System32\Wbem\WMIC.exe
wmic path Win32_ComputerSystem get CreationClassName /value
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c "powershell.exe $AssemblyBuilder = [AppDomain]::CurrentDomain.DefineDynamicAssembly(4, 1); $ModuleBuilder = $AssemblyBuilder.DefineDynamicModule(2, $False); $TypeBuilder = $ModuleBuilder.DefineType(0); $meth = $TypeBuilder.DefinePInvokeMethod('BrandingFormatString', 'winbrand.dll', 'Public, Static', 1, [String], @([String]), 1, 3); $meth.SetImplementationFlags(128); $TypeBuilder.CreateType()::BrandingFormatString('%WINDOWS_LONG%')"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe $AssemblyBuilder = [AppDomain]::CurrentDomain.DefineDynamicAssembly(4, 1); $ModuleBuilder = $AssemblyBuilder.DefineDynamicModule(2, $False); $TypeBuilder = $ModuleBuilder.DefineType(0); $meth = $TypeBuilder.DefinePInvokeMethod('BrandingFormatString', 'winbrand.dll', 'Public, Static', 1, [String], @([String]), 1, 3); $meth.SetImplementationFlags(128); $TypeBuilder.CreateType()::BrandingFormatString('%WINDOWS_LONG%')
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo "Windows 11 Pro" "
C:\Windows\System32\find.exe
find /i "Windows"
C:\Windows\System32\sc.exe
sc start sppsvc
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe "$job = Start-Job { (Get-WmiObject -Query 'SELECT * FROM SoftwareLicensingService').Version }; if (-not (Wait-Job $job -Timeout 30)) {write-host 'sppsvc is not working correctly. Help - https://massgrave.dev/troubleshoot'}"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c reg query "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment" /v PROCESSOR_ARCHITECTURE
C:\Windows\System32\reg.exe
reg query "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment" /v PROCESSOR_ARCHITECTURE
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c ver
C:\Windows\System32\reg.exe
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\taskcache\tasks" /f Path /s
C:\Windows\System32\find.exe
find /i "AutoPico"
C:\Windows\System32\find.exe
find /i "avira.com" C:\Windows\System32\drivers\etc\hosts
C:\Windows\System32\find.exe
find /i "kaspersky.com" C:\Windows\System32\drivers\etc\hosts
C:\Windows\System32\find.exe
find /i "virustotal.com" C:\Windows\System32\drivers\etc\hosts
C:\Windows\System32\find.exe
find /i "mcafee.com" C:\Windows\System32\drivers\etc\hosts
C:\Windows\System32\sc.exe
sc start sppsvc
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo "1056" "
C:\Windows\System32\findstr.exe
findstr "577 225"
C:\Windows\System32\sc.exe
sc query Null
C:\Windows\System32\sc.exe
sc start sppsvc
C:\Windows\System32\sc.exe
sc query sppsvc
C:\Windows\System32\reg.exe
reg query HKLM\SYSTEM\CurrentControlSet\Services\sppsvc /v DependOnService
C:\Windows\System32\reg.exe
reg query HKLM\SYSTEM\CurrentControlSet\Services\sppsvc /v Description
C:\Windows\System32\reg.exe
reg query HKLM\SYSTEM\CurrentControlSet\Services\sppsvc /v DisplayName
C:\Windows\System32\reg.exe
reg query HKLM\SYSTEM\CurrentControlSet\Services\sppsvc /v ErrorControl
C:\Windows\System32\reg.exe
reg query HKLM\SYSTEM\CurrentControlSet\Services\sppsvc /v ImagePath
C:\Windows\System32\reg.exe
reg query HKLM\SYSTEM\CurrentControlSet\Services\sppsvc /v ObjectName
C:\Windows\System32\reg.exe
reg query HKLM\SYSTEM\CurrentControlSet\Services\sppsvc /v Start
C:\Windows\System32\reg.exe
reg query HKLM\SYSTEM\CurrentControlSet\Services\sppsvc /v Type
C:\Windows\System32\sc.exe
sc start Winmgmt
C:\Windows\System32\sc.exe
sc query Winmgmt
C:\Windows\System32\reg.exe
reg query HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt /v DependOnService
C:\Windows\System32\reg.exe
reg query HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt /v Description
C:\Windows\System32\reg.exe
reg query HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt /v DisplayName
C:\Windows\System32\reg.exe
reg query HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt /v ErrorControl
C:\Windows\System32\reg.exe
reg query HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt /v ImagePath
C:\Windows\System32\reg.exe
reg query HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt /v ObjectName
C:\Windows\System32\reg.exe
reg query HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt /v Start
C:\Windows\System32\reg.exe
reg query HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt /v Type
C:\Windows\System32\sc.exe
sc start sppsvc
C:\Windows\System32\sc.exe
sc start Winmgmt
C:\Windows\System32\sc.exe
sc query sppsvc
C:\Windows\System32\find.exe
find /i "RUNNING"
C:\Windows\System32\sc.exe
sc start sppsvc
C:\Windows\System32\sc.exe
sc query Winmgmt
C:\Windows\System32\find.exe
find /i "RUNNING"
C:\Windows\System32\sc.exe
sc start Winmgmt
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\State" /v ImageState
C:\Windows\System32\reg.exe
reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\State" /v ImageState
C:\Windows\System32\reg.exe
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinPE" /v InstRoot
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c powershell.exe "$f=[io.file]::ReadAllText('C:\Windows\Temp\MAS_7faedfbd-33d9-4432-a020-e7f1421cbfc1.cmd') -split ':wpatest\:.*';iex ($f[1])" 2>nul
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe "$f=[io.file]::ReadAllText('C:\Windows\Temp\MAS_7faedfbd-33d9-4432-a020-e7f1421cbfc1.cmd') -split ':wpatest\:.*';iex ($f[1])"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo "12" "
C:\Windows\System32\find.exe
find /i "Error Found"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c "wmic path SoftwareLicensingProduct where (ApplicationID='55c92734-d682-4d71-983e-d6ec3f16059f' AND LicenseDependsOn is NULL AND PartialProductKey IS NOT NULL) get LicenseFamily /VALUE" 2>nul
C:\Windows\System32\Wbem\WMIC.exe
wmic path SoftwareLicensingProduct where (ApplicationID='55c92734-d682-4d71-983e-d6ec3f16059f' AND LicenseDependsOn is NULL AND PartialProductKey IS NOT NULL) get LicenseFamily /VALUE
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe "try { $null=([WMISEARCHER]'SELECT * FROM SoftwareLicensingService').Get().Version; exit 0 } catch { exit $_.Exception.InnerException.HResult }"
C:\Windows\System32\cmd.exe
cmd /c exit /b 0
C:\Windows\System32\Wbem\WMIC.exe
wmic path Win32_ComputerSystem get CreationClassName /value
C:\Windows\System32\find.exe
find /i "computersystem"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo "0" "
C:\Windows\System32\findstr.exe
findstr /i "0x800410 0x800440 0x80131501"
C:\Windows\System32\reg.exe
reg query "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\PersistedTSReArmed"
C:\Windows\System32\reg.exe
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ClipSVC\Volatile\PersistedSystemState"
C:\Windows\System32\reg.exe
reg query "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion"
C:\Windows\System32\reg.exe
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe"
C:\Windows\System32\reg.exe
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sppsvc.exe"
C:\Windows\System32\reg.exe
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sppsvc.exe\PerfOptions"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" /v "SkipRearm" 2>nul
C:\Windows\System32\reg.exe
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" /v "SkipRearm"
C:\Windows\System32\reg.exe
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Plugins\Objects\msft:rm/algorithm/hwid/4.0" /f ba02fed39662 /d
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" /v TokenStore 2>nul
C:\Windows\System32\reg.exe
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" /v TokenStore
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c "wmic path SoftwareLicensingProduct where (ApplicationID='55c92734-d682-4d71-983e-d6ec3f16059f' and PartialProductKey is not null) get ID /VALUE" 2>nul
C:\Windows\System32\Wbem\WMIC.exe
wmic path SoftwareLicensingProduct where (ApplicationID='55c92734-d682-4d71-983e-d6ec3f16059f' and PartialProductKey is not null) get ID /VALUE
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c powershell.exe "(Get-ScheduledTask -TaskName 'SvcRestartTask' -TaskPath '\Microsoft\Windows\SoftwareProtectionPlatform\').State" 2>nul
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe "(Get-ScheduledTask -TaskName 'SvcRestartTask' -TaskPath '\Microsoft\Windows\SoftwareProtectionPlatform\').State"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo "
C:\Windows\System32\find.exe
find /i "Ready"
C:\Windows\System32\reg.exe
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" /v "actionlist" /f
C:\Windows\System32\reg.exe
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe "$acl = (Get-Acl 'C:\Windows\System32\spp\store\2.0' | fl | Out-String); if (-not ($acl -match 'NT SERVICE\\sppsvc Allow FullControl') -or ($acl -match 'NT SERVICE\\sppsvc Deny')) {Exit 2}"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe "$acl = (Get-Acl 'HKLM:\SYSTEM\WPA' | fl | Out-String); if (-not ($acl -match 'NT SERVICE\\sppsvc Allow QueryValues, EnumerateSubKeys, WriteKey') -or ($acl -match 'NT SERVICE\\sppsvc Deny')) {Exit 2}"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe "$acl = (Get-Acl 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' | fl | Out-String); if (-not ($acl -match 'NT SERVICE\\sppsvc Allow SetValue') -or ($acl -match 'NT SERVICE\\sppsvc Deny')) {Exit 2}"
C:\Windows\System32\reg.exe
reg query "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion"
C:\Windows\System32\reg.exe
reg query "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Policies"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe "$netServ = (New-Object Security.Principal.SecurityIdentifier('S-1-5-20')).Translate([Security.Principal.NTAccount]).Value; $aclString = Get-Acl 'Registry::HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Policies' | Format-List | Out-String; if (-not ($aclString.Contains($netServ + ' Allow FullControl') -or $aclString.Contains('NT SERVICE\sppsvc Allow FullControl')) -or ($aclString.Contains('Deny'))) {Exit 3}"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c "reg query HKLM\SOFTWARE\Wow6432Node\Microsoft\Office\14.0\Common\InstallRoot /v Path" 2>nul
C:\Windows\System32\reg.exe
reg query HKLM\SOFTWARE\Wow6432Node\Microsoft\Office\14.0\Common\InstallRoot /v Path
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c "reg query HKLM\SOFTWARE\Microsoft\Office\14.0\Common\InstallRoot /v Path" 2>nul
C:\Windows\System32\reg.exe
reg query HKLM\SOFTWARE\Microsoft\Office\14.0\Common\InstallRoot /v Path
C:\Windows\System32\reg.exe
reg query HKLM\SOFTWARE\Microsoft\Office\14.0\CVH /f Click2run /k
C:\Windows\System32\reg.exe
reg query HKLM\SOFTWARE\Wow6432Node\Microsoft\Office\14.0\CVH /f Click2run /k
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c powershell.exe "(Get-AppxPackage -name 'Microsoft.Office.Desktop' | Select-Object -ExpandProperty InstallLocation)" 2>nul
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe "(Get-AppxPackage -name 'Microsoft.Office.Desktop' | Select-Object -ExpandProperty InstallLocation)"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe "Get-AppxPackage -name "Microsoft.MicrosoftOfficeHub""
C:\Windows\System32\find.exe
find /i "Office"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c "reg query HKLM\SOFTWARE\Wow6432Node\Microsoft\Office\ClickToRun /v InstallPath" 2>nul
C:\Windows\System32\reg.exe
reg query HKLM\SOFTWARE\Wow6432Node\Microsoft\Office\ClickToRun /v InstallPath
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c "reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun /v InstallPath" 2>nul
C:\Windows\System32\reg.exe
reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun /v InstallPath
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c "reg query HKLM\SOFTWARE\Wow6432Node\Microsoft\Office\15.0\ClickToRun /v InstallPath" 2>nul
C:\Windows\System32\reg.exe
reg query HKLM\SOFTWARE\Wow6432Node\Microsoft\Office\15.0\ClickToRun /v InstallPath
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c "reg query HKLM\SOFTWARE\Microsoft\Office\15.0\ClickToRun /v InstallPath" 2>nul
C:\Windows\System32\reg.exe
reg query HKLM\SOFTWARE\Microsoft\Office\15.0\ClickToRun /v InstallPath
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c "reg query HKLM\SOFTWARE\Wow6432Node\Microsoft\Office\16.0\Common\InstallRoot /v Path" 2>nul
C:\Windows\System32\reg.exe
reg query HKLM\SOFTWARE\Wow6432Node\Microsoft\Office\16.0\Common\InstallRoot /v Path
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c "reg query HKLM\SOFTWARE\Microsoft\Office\16.0\Common\InstallRoot /v Path" 2>nul
C:\Windows\System32\reg.exe
reg query HKLM\SOFTWARE\Microsoft\Office\16.0\Common\InstallRoot /v Path
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c "reg query HKLM\SOFTWARE\Wow6432Node\Microsoft\Office\15.0\Common\InstallRoot /v Path" 2>nul
C:\Windows\System32\reg.exe
reg query HKLM\SOFTWARE\Wow6432Node\Microsoft\Office\15.0\Common\InstallRoot /v Path
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c "reg query HKLM\SOFTWARE\Microsoft\Office\15.0\Common\InstallRoot /v Path" 2>nul
C:\Windows\System32\reg.exe
reg query HKLM\SOFTWARE\Microsoft\Office\15.0\Common\InstallRoot /v Path
C:\Windows\System32\sc.exe
sc query ClickToRunSvc
C:\Windows\System32\sc.exe
sc query OfficeSvc
C:\Windows\System32\reg.exe
reg query "HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions" /v ProductType
C:\Windows\System32\find.exe
find /i "WinNT"
C:\Windows\System32\reg.exe
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v EditionID
C:\Windows\System32\find.exe
find /i "Server"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c powershell.exe "(Get-WmiObject -Query 'SELECT LicenseFamily, Name FROM SoftwareLicensingProduct WHERE ApplicationID=''0ff1ce15-a989-479d-af46-f275c6370663'' AND LicenseStatus=1 AND GracePeriodRemaining=0 AND PartialProductKey IS NOT NULL' | Where-Object { $_.Name -notlike '*Office 15*' }).LicenseFamily" 2>nul
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe "(Get-WmiObject -Query 'SELECT LicenseFamily, Name FROM SoftwareLicensingProduct WHERE ApplicationID=''0ff1ce15-a989-479d-af46-f275c6370663'' AND LicenseStatus=1 AND GracePeriodRemaining=0 AND PartialProductKey IS NOT NULL' | Where-Object { $_.Name -notlike '*Office 15*' }).LicenseFamily"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c "wmic path SoftwareLicensingProduct where (ApplicationID='0ff1ce15-a989-479d-af46-f275c6370663') get ID /VALUE" 2>nul
C:\Windows\System32\Wbem\WMIC.exe
wmic path SoftwareLicensingProduct where (ApplicationID='0ff1ce15-a989-479d-af46-f275c6370663') get ID /VALUE
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c "reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun /v InstallPath" 2>nul
C:\Windows\System32\reg.exe
reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun /v InstallPath
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c "reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration /v Platform" 2>nul
C:\Windows\System32\reg.exe
reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration /v Platform
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c "reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration /v VersionToReport" 2>nul
C:\Windows\System32\reg.exe
reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration /v VersionToReport
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c "reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration /v AudienceData" 2>nul
C:\Windows\System32\reg.exe
reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration /v AudienceData
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c "reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration /v ProductReleaseIds" 2>nul
C:\Windows\System32\reg.exe
reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration /v ProductReleaseIds
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo "HKLM\SOFTWARE\Microsoft\Office\ClickToRun" "
C:\Windows\System32\find.exe
find /i "Wow6432Node"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c reg query "HKLM\SOFTWARE\Microsoft\Office\ClickToRun\ProductReleaseIDs" /s /f ".16" /k 2>nul | findstr /i "Retail Volume"
C:\Windows\System32\reg.exe
reg query "HKLM\SOFTWARE\Microsoft\Office\ClickToRun\ProductReleaseIDs" /s /f ".16" /k
C:\Windows\System32\findstr.exe
findstr /i "Retail Volume"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo "" "
C:\Windows\System32\find.exe
find /i " ProPlusRetail.16 "
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c "reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration /v ProductReleaseIds" 2>nul
C:\Windows\System32\reg.exe
reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration /v ProductReleaseIds
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo ProPlusRetail "
C:\Windows\System32\findstr.exe
findstr /I " ProPlusRetail "
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo ProPlusRetail "
C:\Windows\System32\findstr.exe
findstr /I "ProPlusRetail"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo: "
C:\Windows\System32\find.exe
find /i "-ProPlusRetail-"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo ProPlusRetail "
C:\Windows\System32\find.exe
find /i "2024"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo "Retail" "
C:\Windows\System32\find.exe
find /i "Subscription"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo "26b394d7-7ad7-4aab-8fcc-6ea678395a91 339a5901-9bde-4f48-a88d-d048a42b54b1 5829fd99-2b17-4be4-9814-381145e49019 596bf8ec-7cab-4a98-83ae-459db70d24e4 60afa663-984d-47a6-ac9c-00346ff5e8f0 6755c7a7-4dfe-46f5-bce8-427be8e9dc62 6c1bed1d-0273-4045-90d2-e0836f3c380b 70d9ceb6-6dfa-4da4-b413-18c1c3c76e2e 84832881-46ef-4124-8abc-eb493cdcf78e 85dd8b5f-eaa4-4af3-a628-cce9e77c9a03 aa64f755-8a7b-4519-bc32-cab66deb92cb c8ce6adc-ede7-4ce2-8e7b-c49f462ab8c3 de52bd50-9564-4adc-8fcb-a345c17f84f9 e1fef7e5-6886-458c-8e45-7c1e9daab00c" "
C:\Windows\System32\find.exe
find /i "de52bd50-9564-4adc-8fcb-a345c17f84f9"
C:\Windows\System32\Wbem\WMIC.exe
wmic path SoftwareLicensingService where __CLASS='SoftwareLicensingService' call InstallProductKey ProductKey="GM43N-F742Q-6JDDK-M622J-J8GDV"
C:\Windows\System32\cmd.exe
cmd /c exit /b 0
C:\Windows\System32\Wbem\WMIC.exe
wmic path SoftwareLicensingService where __CLASS='SoftwareLicensingService' call RefreshLicenseStatus
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe "$f=[io.file]::ReadAllText('C:\Windows\Temp\MAS_7faedfbd-33d9-4432-a020-e7f1421cbfc1.cmd') -split ':sppc64.dll\:.*';$encoded = ($f[1]) -replace '-', 'A' -replace '_', 'a';$bytes = [Convert]::FromBase64String($encoded); $PePath='"C:\Program Files\Microsoft Office\root\vfs\System\sppc.dll"'; $offset='"3076"'; $m=[io.file]::ReadAllText('C:\Windows\Temp\MAS_7faedfbd-33d9-4432-a020-e7f1421cbfc1.cmd') -split ':hexedit\:.*';iex ($m[1]);"
C:\Windows\System32\find.exe
find /i "Error found"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo " ProPlusRetail " "
C:\Windows\System32\find.exe
find /i "Volume"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c powershell.exe "$p = 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList'; Get-ChildItem $p | ForEach-Object { $pi = (Get-ItemProperty """"$p\$($_.PSChildName)"""").ProfileImagePath; if ($pi -like '*\Users\*' -and (Test-Path """"$pi\NTUSER.DAT"""") -and -not ($_.PSChildName -match '\.bak$')) { Split-Path $_.PSPath -Leaf } }" 2>nul
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe "$p = 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList'; Get-ChildItem $p | ForEach-Object { $pi = (Get-ItemProperty """"$p\$($_.PSChildName)"""").ProfileImagePath; if ($pi -like '*\Users\*' -and (Test-Path """"$pi\NTUSER.DAT"""") -and -not ($_.PSChildName -match '\.bak$')) { Split-Path $_.PSPath -Leaf } }"
C:\Windows\System32\reg.exe
reg query HKU\S-1-5-21-2584844841-1405471295-1760131749-1000\Software
C:\Windows\System32\reg.exe
reg delete HKU\S-1-5-21-2584844841-1405471295-1760131749-1000\Software\Microsoft\Office\15.0\Common\Licensing /f
C:\Windows\System32\reg.exe
reg delete HKU\S-1-5-21-2584844841-1405471295-1760131749-1000\Software\Microsoft\Office\15.0\Common\Identity /f
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c "reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2584844841-1405471295-1760131749-1000" /v ProfileImagePath" 2>nul
C:\Windows\System32\reg.exe
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2584844841-1405471295-1760131749-1000" /v ProfileImagePath
C:\Windows\System32\reg.exe
reg delete "HKLM\SOFTWARE\Microsoft\Office\15.0\Common\Licensing" /f
C:\Windows\System32\reg.exe
reg delete "HKLM\SOFTWARE\Microsoft\Office\15.0\Common\Licensing" /f /reg:32
C:\Windows\System32\reg.exe
reg delete "HKLM\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Licensing" /f
C:\Windows\System32\reg.exe
reg delete "HKLM\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Licensing" /f /reg:32
C:\Windows\System32\reg.exe
reg delete HKU\S-1-5-21-2584844841-1405471295-1760131749-1000\Software\Microsoft\Office\16.0\Common\Licensing /f
C:\Windows\System32\reg.exe
reg delete HKU\S-1-5-21-2584844841-1405471295-1760131749-1000\Software\Microsoft\Office\16.0\Common\Identity /f
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c "reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2584844841-1405471295-1760131749-1000" /v ProfileImagePath" 2>nul
C:\Windows\System32\reg.exe
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2584844841-1405471295-1760131749-1000" /v ProfileImagePath
C:\Windows\System32\reg.exe
reg delete "HKLM\SOFTWARE\Microsoft\Office\16.0\Common\Licensing" /f
C:\Windows\System32\reg.exe
reg delete "HKLM\SOFTWARE\Microsoft\Office\16.0\Common\Licensing" /f /reg:32
C:\Windows\System32\reg.exe
reg delete "HKLM\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Licensing" /f
C:\Windows\System32\reg.exe
reg delete "HKLM\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Licensing" /f /reg:32
C:\Windows\System32\reg.exe
reg delete HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration /v SharedComputerLicensing /f
C:\Windows\System32\reg.exe
reg delete HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration /v SharedComputerLicensing /f /reg:32
C:\Windows\System32\reg.exe
reg delete HKLM\SOFTWARE\Microsoft\Office\15.0\ClickToRun\Configuration /v SharedComputerLicensing /f
C:\Windows\System32\reg.exe
reg delete HKLM\SOFTWARE\Microsoft\Office\15.0\ClickToRun\Configuration /v SharedComputerLicensing /f /reg:32
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c reg query "HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration" /f *.DeviceBasedLicensing 2>nul | findstr REG_
C:\Windows\System32\reg.exe
reg query "HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration" /f *.DeviceBasedLicensing
C:\Windows\System32\findstr.exe
findstr REG_
C:\Windows\System32\reg.exe
reg delete "HKLM\SOFTWARE\Microsoft\Office\15.0\Common\OEM" /f
C:\Windows\System32\reg.exe
reg delete "HKLM\SOFTWARE\Microsoft\Office\15.0\Common\OEM" /f /reg:32
C:\Windows\System32\reg.exe
reg delete "HKLM\SOFTWARE\Microsoft\Office\16.0\Common\OEM" /f
C:\Windows\System32\reg.exe
reg delete "HKLM\SOFTWARE\Microsoft\Office\16.0\Common\OEM" /f /reg:32
C:\Windows\System32\reg.exe
reg delete "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Policies\0ff1ce15-a989-479d-af46-f275c6370663" /f
C:\Windows\System32\reg.exe
reg delete "HKU\S-1-5-20\Software\Microsoft\OfficeSoftwareProtectionPlatform\Policies\0ff1ce15-a989-479d-af46-f275c6370663" /f
C:\Windows\System32\reg.exe
reg delete "HKU\S-1-5-20\Software\Microsoft\OfficeSoftwareProtectionPlatform\Policies\59a52881-a989-479d-af46-f275c6370663" /f
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c "reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" /v Default" 2>nul
C:\Windows\System32\reg.exe
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" /v Default
C:\Windows\System32\reg.exe
reg load HKU\DEFTEMP-12688 "C:\Users\Default\NTUSER.DAT"
C:\Windows\System32\reg.exe
reg query HKU\DEFTEMP-12688\Software
C:\Windows\System32\reg.exe
reg add HKU\DEFTEMP-12688\Software\Microsoft\Office\16.0\Common\Licensing\Resiliency /v "TimeOfLastHeartbeatFailure" /t REG_SZ /d "2040-01-01T00:00:00Z" /f
C:\Windows\System32\reg.exe
reg unload HKU\DEFTEMP-12688
C:\Windows\System32\reg.exe
reg delete HKU\S-1-5-21-2584844841-1405471295-1760131749-1000\Software\Microsoft\Office\16.0\Common\Licensing\Resiliency /f
C:\Windows\System32\reg.exe
reg add HKU\S-1-5-21-2584844841-1405471295-1760131749-1000\Software\Microsoft\Office\16.0\Common\Licensing\Resiliency /v "TimeOfLastHeartbeatFailure" /t REG_SZ /d "2040-01-01T00:00:00Z" /f
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c "wmic path SoftwareLicensingProduct where (ApplicationID='0ff1ce15-a989-479d-af46-f275c6370663' and PartialProductKey is not null) get ID /VALUE" 2>nul
C:\Windows\System32\Wbem\WMIC.exe
wmic path SoftwareLicensingProduct where (ApplicationID='0ff1ce15-a989-479d-af46-f275c6370663' and PartialProductKey is not null) get ID /VALUE
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c powershell.exe "(Get-WmiObject -Query 'SELECT ID FROM SoftwareLicensingProduct WHERE ApplicationID=''0ff1ce15-a989-479d-af46-f275c6370663'' AND LicenseStatus=1 AND GracePeriodRemaining=0 AND PartialProductKey IS NOT NULL').ID" 2>nul
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe "(Get-WmiObject -Query 'SELECT ID FROM SoftwareLicensingProduct WHERE ApplicationID=''0ff1ce15-a989-479d-af46-f275c6370663'' AND LicenseStatus=1 AND GracePeriodRemaining=0 AND PartialProductKey IS NOT NULL').ID"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo " de52bd50-9564-4adc-8fcb-a345c17f84f9" "
C:\Windows\System32\find.exe
find /i "85dd8b5f-eaa4-4af3-a628-cce9e77c9a03"
C:\Windows\System32\Wbem\WMIC.exe
wmic path SoftwareLicensingProduct where ID='85dd8b5f-eaa4-4af3-a628-cce9e77c9a03' call UninstallProductKey
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo " de52bd50-9564-4adc-8fcb-a345c17f84f9" "
C:\Windows\System32\find.exe
find /i "de52bd50-9564-4adc-8fcb-a345c17f84f9"
C:\Windows\System32\mode.com
mode 76, 33
C:\Windows\System32\choice.exe
choice /C:123456789H0 /N
C:\Windows\System32\mode.com
mode 98, 30
C:\Windows\System32\cmd.exe
cmd /c "wmic path Win32_ComputerSystem get CreationClassName /value"
C:\Windows\System32\find.exe
find /i "computersystem"
C:\Windows\System32\Wbem\WMIC.exe
wmic path Win32_ComputerSystem get CreationClassName /value
C:\Windows\System32\sc.exe
sc start sppsvc
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe "$job = Start-Job { (Get-WmiObject -Query 'SELECT * FROM SoftwareLicensingService').Version }; if (-not (Wait-Job $job -Timeout 30)) {write-host 'sppsvc is not working correctly. Help - https://massgrave.dev/troubleshoot'}"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c ver
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c "wmic path SoftwareLicensingProduct where (ApplicationID='55c92734-d682-4d71-983e-d6ec3f16059f' AND LicenseDependsOn is NULL AND PartialProductKey IS NOT NULL) get LicenseFamily /VALUE" 2>nul
C:\Windows\System32\Wbem\WMIC.exe
wmic path SoftwareLicensingProduct where (ApplicationID='55c92734-d682-4d71-983e-d6ec3f16059f' AND LicenseDependsOn is NULL AND PartialProductKey IS NOT NULL) get LicenseFamily /VALUE
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c "reg query HKLM\SOFTWARE\Wow6432Node\Microsoft\Office\ClickToRun /v InstallPath" 2>nul
C:\Windows\System32\reg.exe
reg query HKLM\SOFTWARE\Wow6432Node\Microsoft\Office\ClickToRun /v InstallPath
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c "reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun /v InstallPath" 2>nul
C:\Windows\System32\reg.exe
reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun /v InstallPath
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c "reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun /v InstallPath" 2>nul
C:\Windows\System32\reg.exe
reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun /v InstallPath
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c "reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration /v Platform" 2>nul
C:\Windows\System32\reg.exe
reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration /v Platform
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c "reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration /v ClientFolder" 2>nul
C:\Windows\System32\reg.exe
reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration /v ClientFolder
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c "reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration /v AudienceId" 2>nul
C:\Windows\System32\reg.exe
reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration /v AudienceId
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c "reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration /v ClientCulture" 2>nul
C:\Windows\System32\reg.exe
reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration /v ClientCulture
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c "reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration /v ClientVersionToReport" 2>nul
C:\Windows\System32\reg.exe
reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration /v ClientVersionToReport
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c "reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration /v VersionToReport" 2>nul
C:\Windows\System32\reg.exe
reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration /v VersionToReport
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c "reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration /v AudienceData" 2>nul
C:\Windows\System32\reg.exe
reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration /v AudienceData
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c "reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun\ProductReleaseIDs /v ActiveConfiguration" 2>nul
C:\Windows\System32\reg.exe
reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun\ProductReleaseIDs /v ActiveConfiguration
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo "HKLM\SOFTWARE\Microsoft\Office\ClickToRun" "
C:\Windows\System32\find.exe
find /i "Wow6432Node"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c reg query "HKLM\SOFTWARE\Microsoft\Office\ClickToRun\ProductReleaseIDs\50013EA2-E284-4D73-9D7F-3962DA10F878" /f ".16" /k 2>nul | findstr /i "Retail Volume"
C:\Windows\System32\reg.exe
reg query "HKLM\SOFTWARE\Microsoft\Office\ClickToRun\ProductReleaseIDs\50013EA2-E284-4D73-9D7F-3962DA10F878" /f ".16" /k
C:\Windows\System32\findstr.exe
findstr /i "Retail Volume"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo 16.0.12527.20470 16.0.12527.20482 "
C:\Windows\System32\findstr.exe
findstr "16.0.103 16.0.104 16.0.105"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo 16.0.12527.20470 16.0.12527.20482 "
C:\Windows\System32\findstr.exe
findstr "16.0.14332"
C:\Windows\System32\mode.com
mode 76, 25
C:\Windows\System32\choice.exe
choice /C:123450 /N
C:\Windows\System32\mode.com
mode 76, 33
C:\Windows\System32\choice.exe
choice /C:123456789H0 /N
C:\Windows\System32\mode.com
mode 76, 25
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c tasklist | findstr /I ".exe" 2>nul
C:\Windows\System32\tasklist.exe
tasklist
C:\Windows\System32\findstr.exe
findstr /I ".exe"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo -smss.exe- -csrss.exe- -wininit.exe- -csrss.exe- -winlogon.exe- -services.exe- -lsass.exe- -svchost.exe- -fontdrvhost.exe- -fontdrvhost.exe- -svchost.exe- -svchost.exe- -dwm.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -spoolsv.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sysmon.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sihost.exe- -svchost.exe- -unsecapp.exe- -explorer.exe- -svchost.exe- -svchost.exe- -SearchHost.exe- -RuntimeBroker.exe- -RuntimeBroker.exe- -svchost.exe- -dllhost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -OfficeClickToRun.exe- -svchost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -chrome.exe- -powershell.exe- -conhost.exe- -cmd.exe- -conhost.exe- -powershell.exe- -cmd.exe- -WmiPrvSE.exe- -svchost.exe- -sppsvc.exe- -cmd.exe- -tasklist.exe- -findstr.exe- "
C:\Windows\System32\find.exe
find /i "-msaccess.exe-"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo -smss.exe- -csrss.exe- -wininit.exe- -csrss.exe- -winlogon.exe- -services.exe- -lsass.exe- -svchost.exe- -fontdrvhost.exe- -fontdrvhost.exe- -svchost.exe- -svchost.exe- -dwm.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -spoolsv.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sysmon.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sihost.exe- -svchost.exe- -unsecapp.exe- -explorer.exe- -svchost.exe- -svchost.exe- -SearchHost.exe- -RuntimeBroker.exe- -RuntimeBroker.exe- -svchost.exe- -dllhost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -OfficeClickToRun.exe- -svchost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -chrome.exe- -powershell.exe- -conhost.exe- -cmd.exe- -conhost.exe- -powershell.exe- -cmd.exe- -WmiPrvSE.exe- -svchost.exe- -sppsvc.exe- -cmd.exe- -tasklist.exe- -findstr.exe- "
C:\Windows\System32\find.exe
find /i "-excel.exe-"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo -smss.exe- -csrss.exe- -wininit.exe- -csrss.exe- -winlogon.exe- -services.exe- -lsass.exe- -svchost.exe- -fontdrvhost.exe- -fontdrvhost.exe- -svchost.exe- -svchost.exe- -dwm.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -spoolsv.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sysmon.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sihost.exe- -svchost.exe- -unsecapp.exe- -explorer.exe- -svchost.exe- -svchost.exe- -SearchHost.exe- -RuntimeBroker.exe- -RuntimeBroker.exe- -svchost.exe- -dllhost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -OfficeClickToRun.exe- -svchost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -chrome.exe- -powershell.exe- -conhost.exe- -cmd.exe- -conhost.exe- -powershell.exe- -cmd.exe- -WmiPrvSE.exe- -svchost.exe- -sppsvc.exe- -cmd.exe- -tasklist.exe- -findstr.exe- "
C:\Windows\System32\find.exe
find /i "-groove.exe-"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo -smss.exe- -csrss.exe- -wininit.exe- -csrss.exe- -winlogon.exe- -services.exe- -lsass.exe- -svchost.exe- -fontdrvhost.exe- -fontdrvhost.exe- -svchost.exe- -svchost.exe- -dwm.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -spoolsv.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sysmon.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sihost.exe- -svchost.exe- -unsecapp.exe- -explorer.exe- -svchost.exe- -svchost.exe- -SearchHost.exe- -RuntimeBroker.exe- -RuntimeBroker.exe- -svchost.exe- -dllhost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -OfficeClickToRun.exe- -svchost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -chrome.exe- -powershell.exe- -conhost.exe- -cmd.exe- -conhost.exe- -powershell.exe- -cmd.exe- -WmiPrvSE.exe- -svchost.exe- -sppsvc.exe- -cmd.exe- -tasklist.exe- -findstr.exe- "
C:\Windows\System32\find.exe
find /i "-lync.exe-"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo -smss.exe- -csrss.exe- -wininit.exe- -csrss.exe- -winlogon.exe- -services.exe- -lsass.exe- -svchost.exe- -fontdrvhost.exe- -fontdrvhost.exe- -svchost.exe- -svchost.exe- -dwm.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -spoolsv.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sysmon.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sihost.exe- -svchost.exe- -unsecapp.exe- -explorer.exe- -svchost.exe- -svchost.exe- -SearchHost.exe- -RuntimeBroker.exe- -RuntimeBroker.exe- -svchost.exe- -dllhost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -OfficeClickToRun.exe- -svchost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -chrome.exe- -powershell.exe- -conhost.exe- -cmd.exe- -conhost.exe- -powershell.exe- -cmd.exe- -WmiPrvSE.exe- -svchost.exe- -sppsvc.exe- -cmd.exe- -tasklist.exe- -findstr.exe- "
C:\Windows\System32\find.exe
find /i "-onenote.exe-"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo -smss.exe- -csrss.exe- -wininit.exe- -csrss.exe- -winlogon.exe- -services.exe- -lsass.exe- -svchost.exe- -fontdrvhost.exe- -fontdrvhost.exe- -svchost.exe- -svchost.exe- -dwm.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -spoolsv.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sysmon.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sihost.exe- -svchost.exe- -unsecapp.exe- -explorer.exe- -svchost.exe- -svchost.exe- -SearchHost.exe- -RuntimeBroker.exe- -RuntimeBroker.exe- -svchost.exe- -dllhost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -OfficeClickToRun.exe- -svchost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -chrome.exe- -powershell.exe- -conhost.exe- -cmd.exe- -conhost.exe- -powershell.exe- -cmd.exe- -WmiPrvSE.exe- -svchost.exe- -sppsvc.exe- -cmd.exe- -tasklist.exe- -findstr.exe- "
C:\Windows\System32\find.exe
find /i "-outlook.exe-"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo -smss.exe- -csrss.exe- -wininit.exe- -csrss.exe- -winlogon.exe- -services.exe- -lsass.exe- -svchost.exe- -fontdrvhost.exe- -fontdrvhost.exe- -svchost.exe- -svchost.exe- -dwm.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -spoolsv.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sysmon.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sihost.exe- -svchost.exe- -unsecapp.exe- -explorer.exe- -svchost.exe- -svchost.exe- -SearchHost.exe- -RuntimeBroker.exe- -RuntimeBroker.exe- -svchost.exe- -dllhost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -OfficeClickToRun.exe- -svchost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -chrome.exe- -powershell.exe- -conhost.exe- -cmd.exe- -conhost.exe- -powershell.exe- -cmd.exe- -WmiPrvSE.exe- -svchost.exe- -sppsvc.exe- -cmd.exe- -tasklist.exe- -findstr.exe- "
C:\Windows\System32\find.exe
find /i "-powerpnt.exe-"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo -smss.exe- -csrss.exe- -wininit.exe- -csrss.exe- -winlogon.exe- -services.exe- -lsass.exe- -svchost.exe- -fontdrvhost.exe- -fontdrvhost.exe- -svchost.exe- -svchost.exe- -dwm.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -spoolsv.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sysmon.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sihost.exe- -svchost.exe- -unsecapp.exe- -explorer.exe- -svchost.exe- -svchost.exe- -SearchHost.exe- -RuntimeBroker.exe- -RuntimeBroker.exe- -svchost.exe- -dllhost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -OfficeClickToRun.exe- -svchost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -chrome.exe- -powershell.exe- -conhost.exe- -cmd.exe- -conhost.exe- -powershell.exe- -cmd.exe- -WmiPrvSE.exe- -svchost.exe- -sppsvc.exe- -cmd.exe- -tasklist.exe- -findstr.exe- "
C:\Windows\System32\find.exe
find /i "-winproj.exe-"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo -smss.exe- -csrss.exe- -wininit.exe- -csrss.exe- -winlogon.exe- -services.exe- -lsass.exe- -svchost.exe- -fontdrvhost.exe- -fontdrvhost.exe- -svchost.exe- -svchost.exe- -dwm.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -spoolsv.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sysmon.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sihost.exe- -svchost.exe- -unsecapp.exe- -explorer.exe- -svchost.exe- -svchost.exe- -SearchHost.exe- -RuntimeBroker.exe- -RuntimeBroker.exe- -svchost.exe- -dllhost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -OfficeClickToRun.exe- -svchost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -chrome.exe- -powershell.exe- -conhost.exe- -cmd.exe- -conhost.exe- -powershell.exe- -cmd.exe- -WmiPrvSE.exe- -svchost.exe- -sppsvc.exe- -cmd.exe- -tasklist.exe- -findstr.exe- "
C:\Windows\System32\find.exe
find /i "-mspub.exe-"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo -smss.exe- -csrss.exe- -wininit.exe- -csrss.exe- -winlogon.exe- -services.exe- -lsass.exe- -svchost.exe- -fontdrvhost.exe- -fontdrvhost.exe- -svchost.exe- -svchost.exe- -dwm.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -spoolsv.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sysmon.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sihost.exe- -svchost.exe- -unsecapp.exe- -explorer.exe- -svchost.exe- -svchost.exe- -SearchHost.exe- -RuntimeBroker.exe- -RuntimeBroker.exe- -svchost.exe- -dllhost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -OfficeClickToRun.exe- -svchost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -chrome.exe- -powershell.exe- -conhost.exe- -cmd.exe- -conhost.exe- -powershell.exe- -cmd.exe- -WmiPrvSE.exe- -svchost.exe- -sppsvc.exe- -cmd.exe- -tasklist.exe- -findstr.exe- "
C:\Windows\System32\find.exe
find /i "-visio.exe-"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo -smss.exe- -csrss.exe- -wininit.exe- -csrss.exe- -winlogon.exe- -services.exe- -lsass.exe- -svchost.exe- -fontdrvhost.exe- -fontdrvhost.exe- -svchost.exe- -svchost.exe- -dwm.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -spoolsv.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sysmon.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sihost.exe- -svchost.exe- -unsecapp.exe- -explorer.exe- -svchost.exe- -svchost.exe- -SearchHost.exe- -RuntimeBroker.exe- -RuntimeBroker.exe- -svchost.exe- -dllhost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -OfficeClickToRun.exe- -svchost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -chrome.exe- -powershell.exe- -conhost.exe- -cmd.exe- -conhost.exe- -powershell.exe- -cmd.exe- -WmiPrvSE.exe- -svchost.exe- -sppsvc.exe- -cmd.exe- -tasklist.exe- -findstr.exe- "
C:\Windows\System32\find.exe
find /i "-winword.exe-"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo -smss.exe- -csrss.exe- -wininit.exe- -csrss.exe- -winlogon.exe- -services.exe- -lsass.exe- -svchost.exe- -fontdrvhost.exe- -fontdrvhost.exe- -svchost.exe- -svchost.exe- -dwm.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -spoolsv.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sysmon.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sihost.exe- -svchost.exe- -unsecapp.exe- -explorer.exe- -svchost.exe- -svchost.exe- -SearchHost.exe- -RuntimeBroker.exe- -RuntimeBroker.exe- -svchost.exe- -dllhost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -OfficeClickToRun.exe- -svchost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -chrome.exe- -powershell.exe- -conhost.exe- -cmd.exe- -conhost.exe- -powershell.exe- -cmd.exe- -WmiPrvSE.exe- -svchost.exe- -sppsvc.exe- -cmd.exe- -tasklist.exe- -findstr.exe- "
C:\Windows\System32\find.exe
find /i "-lime.exe-"
C:\Windows\System32\choice.exe
choice /C:1230 /N
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://massgrave.dev/genuine-installation-media
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb4e193cb8,0x7ffb4e193cc8,0x7ffb4e193cd8
C:\Windows\System32\mode.com
mode 76, 25
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c tasklist | findstr /I ".exe" 2>nul
C:\Windows\System32\tasklist.exe
tasklist
C:\Windows\System32\findstr.exe
findstr /I ".exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,7219532480772302226,7259413889571951952,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1904 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,7219532480772302226,7259413889571951952,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,7219532480772302226,7259413889571951952,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7219532480772302226,7259413889571951952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7219532480772302226,7259413889571951952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo -smss.exe- -csrss.exe- -wininit.exe- -csrss.exe- -winlogon.exe- -services.exe- -lsass.exe- -svchost.exe- -fontdrvhost.exe- -fontdrvhost.exe- -svchost.exe- -svchost.exe- -dwm.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -spoolsv.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sysmon.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sihost.exe- -svchost.exe- -unsecapp.exe- -explorer.exe- -svchost.exe- -svchost.exe- -SearchHost.exe- -RuntimeBroker.exe- -RuntimeBroker.exe- -svchost.exe- -dllhost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -OfficeClickToRun.exe- -svchost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -chrome.exe- -powershell.exe- -conhost.exe- -cmd.exe- -conhost.exe- -powershell.exe- -cmd.exe- -WmiPrvSE.exe- -svchost.exe- -sppsvc.exe- -msedge.exe- -msedge.exe- -cmd.exe- -tasklist.exe- -findstr.exe- "
C:\Windows\System32\find.exe
find /i "-msaccess.exe-"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo -smss.exe- -csrss.exe- -wininit.exe- -csrss.exe- -winlogon.exe- -services.exe- -lsass.exe- -svchost.exe- -fontdrvhost.exe- -fontdrvhost.exe- -svchost.exe- -svchost.exe- -dwm.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -spoolsv.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sysmon.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sihost.exe- -svchost.exe- -unsecapp.exe- -explorer.exe- -svchost.exe- -svchost.exe- -SearchHost.exe- -RuntimeBroker.exe- -RuntimeBroker.exe- -svchost.exe- -dllhost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -OfficeClickToRun.exe- -svchost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -chrome.exe- -powershell.exe- -conhost.exe- -cmd.exe- -conhost.exe- -powershell.exe- -cmd.exe- -WmiPrvSE.exe- -svchost.exe- -sppsvc.exe- -msedge.exe- -msedge.exe- -cmd.exe- -tasklist.exe- -findstr.exe- "
C:\Windows\System32\find.exe
find /i "-excel.exe-"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo -smss.exe- -csrss.exe- -wininit.exe- -csrss.exe- -winlogon.exe- -services.exe- -lsass.exe- -svchost.exe- -fontdrvhost.exe- -fontdrvhost.exe- -svchost.exe- -svchost.exe- -dwm.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -spoolsv.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sysmon.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sihost.exe- -svchost.exe- -unsecapp.exe- -explorer.exe- -svchost.exe- -svchost.exe- -SearchHost.exe- -RuntimeBroker.exe- -RuntimeBroker.exe- -svchost.exe- -dllhost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -OfficeClickToRun.exe- -svchost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -chrome.exe- -powershell.exe- -conhost.exe- -cmd.exe- -conhost.exe- -powershell.exe- -cmd.exe- -WmiPrvSE.exe- -svchost.exe- -sppsvc.exe- -msedge.exe- -msedge.exe- -cmd.exe- -tasklist.exe- -findstr.exe- "
C:\Windows\System32\find.exe
find /i "-groove.exe-"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo -smss.exe- -csrss.exe- -wininit.exe- -csrss.exe- -winlogon.exe- -services.exe- -lsass.exe- -svchost.exe- -fontdrvhost.exe- -fontdrvhost.exe- -svchost.exe- -svchost.exe- -dwm.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -spoolsv.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sysmon.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sihost.exe- -svchost.exe- -unsecapp.exe- -explorer.exe- -svchost.exe- -svchost.exe- -SearchHost.exe- -RuntimeBroker.exe- -RuntimeBroker.exe- -svchost.exe- -dllhost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -OfficeClickToRun.exe- -svchost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -chrome.exe- -powershell.exe- -conhost.exe- -cmd.exe- -conhost.exe- -powershell.exe- -cmd.exe- -WmiPrvSE.exe- -svchost.exe- -sppsvc.exe- -msedge.exe- -msedge.exe- -cmd.exe- -tasklist.exe- -findstr.exe- "
C:\Windows\System32\find.exe
find /i "-lync.exe-"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo -smss.exe- -csrss.exe- -wininit.exe- -csrss.exe- -winlogon.exe- -services.exe- -lsass.exe- -svchost.exe- -fontdrvhost.exe- -fontdrvhost.exe- -svchost.exe- -svchost.exe- -dwm.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -spoolsv.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sysmon.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sihost.exe- -svchost.exe- -unsecapp.exe- -explorer.exe- -svchost.exe- -svchost.exe- -SearchHost.exe- -RuntimeBroker.exe- -RuntimeBroker.exe- -svchost.exe- -dllhost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -OfficeClickToRun.exe- -svchost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -chrome.exe- -powershell.exe- -conhost.exe- -cmd.exe- -conhost.exe- -powershell.exe- -cmd.exe- -WmiPrvSE.exe- -svchost.exe- -sppsvc.exe- -msedge.exe- -msedge.exe- -cmd.exe- -tasklist.exe- -findstr.exe- "
C:\Windows\System32\find.exe
find /i "-onenote.exe-"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo -smss.exe- -csrss.exe- -wininit.exe- -csrss.exe- -winlogon.exe- -services.exe- -lsass.exe- -svchost.exe- -fontdrvhost.exe- -fontdrvhost.exe- -svchost.exe- -svchost.exe- -dwm.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -spoolsv.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sysmon.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sihost.exe- -svchost.exe- -unsecapp.exe- -explorer.exe- -svchost.exe- -svchost.exe- -SearchHost.exe- -RuntimeBroker.exe- -RuntimeBroker.exe- -svchost.exe- -dllhost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -OfficeClickToRun.exe- -svchost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -chrome.exe- -powershell.exe- -conhost.exe- -cmd.exe- -conhost.exe- -powershell.exe- -cmd.exe- -WmiPrvSE.exe- -svchost.exe- -sppsvc.exe- -msedge.exe- -msedge.exe- -cmd.exe- -tasklist.exe- -findstr.exe- "
C:\Windows\System32\find.exe
find /i "-outlook.exe-"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo -smss.exe- -csrss.exe- -wininit.exe- -csrss.exe- -winlogon.exe- -services.exe- -lsass.exe- -svchost.exe- -fontdrvhost.exe- -fontdrvhost.exe- -svchost.exe- -svchost.exe- -dwm.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -spoolsv.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sysmon.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sihost.exe- -svchost.exe- -unsecapp.exe- -explorer.exe- -svchost.exe- -svchost.exe- -SearchHost.exe- -RuntimeBroker.exe- -RuntimeBroker.exe- -svchost.exe- -dllhost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -OfficeClickToRun.exe- -svchost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -chrome.exe- -powershell.exe- -conhost.exe- -cmd.exe- -conhost.exe- -powershell.exe- -cmd.exe- -WmiPrvSE.exe- -svchost.exe- -sppsvc.exe- -msedge.exe- -msedge.exe- -cmd.exe- -tasklist.exe- -findstr.exe- "
C:\Windows\System32\find.exe
find /i "-powerpnt.exe-"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo -smss.exe- -csrss.exe- -wininit.exe- -csrss.exe- -winlogon.exe- -services.exe- -lsass.exe- -svchost.exe- -fontdrvhost.exe- -fontdrvhost.exe- -svchost.exe- -svchost.exe- -dwm.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -spoolsv.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sysmon.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sihost.exe- -svchost.exe- -unsecapp.exe- -explorer.exe- -svchost.exe- -svchost.exe- -SearchHost.exe- -RuntimeBroker.exe- -RuntimeBroker.exe- -svchost.exe- -dllhost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -OfficeClickToRun.exe- -svchost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -chrome.exe- -powershell.exe- -conhost.exe- -cmd.exe- -conhost.exe- -powershell.exe- -cmd.exe- -WmiPrvSE.exe- -svchost.exe- -sppsvc.exe- -msedge.exe- -msedge.exe- -cmd.exe- -tasklist.exe- -findstr.exe- "
C:\Windows\System32\find.exe
find /i "-winproj.exe-"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo -smss.exe- -csrss.exe- -wininit.exe- -csrss.exe- -winlogon.exe- -services.exe- -lsass.exe- -svchost.exe- -fontdrvhost.exe- -fontdrvhost.exe- -svchost.exe- -svchost.exe- -dwm.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -spoolsv.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sysmon.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sihost.exe- -svchost.exe- -unsecapp.exe- -explorer.exe- -svchost.exe- -svchost.exe- -SearchHost.exe- -RuntimeBroker.exe- -RuntimeBroker.exe- -svchost.exe- -dllhost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -OfficeClickToRun.exe- -svchost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -chrome.exe- -powershell.exe- -conhost.exe- -cmd.exe- -conhost.exe- -powershell.exe- -cmd.exe- -WmiPrvSE.exe- -svchost.exe- -sppsvc.exe- -msedge.exe- -msedge.exe- -cmd.exe- -tasklist.exe- -findstr.exe- "
C:\Windows\System32\find.exe
find /i "-mspub.exe-"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo -smss.exe- -csrss.exe- -wininit.exe- -csrss.exe- -winlogon.exe- -services.exe- -lsass.exe- -svchost.exe- -fontdrvhost.exe- -fontdrvhost.exe- -svchost.exe- -svchost.exe- -dwm.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -spoolsv.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sysmon.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sihost.exe- -svchost.exe- -unsecapp.exe- -explorer.exe- -svchost.exe- -svchost.exe- -SearchHost.exe- -RuntimeBroker.exe- -RuntimeBroker.exe- -svchost.exe- -dllhost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -OfficeClickToRun.exe- -svchost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -chrome.exe- -powershell.exe- -conhost.exe- -cmd.exe- -conhost.exe- -powershell.exe- -cmd.exe- -WmiPrvSE.exe- -svchost.exe- -sppsvc.exe- -msedge.exe- -msedge.exe- -cmd.exe- -tasklist.exe- -findstr.exe- "
C:\Windows\System32\find.exe
find /i "-visio.exe-"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo -smss.exe- -csrss.exe- -wininit.exe- -csrss.exe- -winlogon.exe- -services.exe- -lsass.exe- -svchost.exe- -fontdrvhost.exe- -fontdrvhost.exe- -svchost.exe- -svchost.exe- -dwm.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -spoolsv.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sysmon.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sihost.exe- -svchost.exe- -unsecapp.exe- -explorer.exe- -svchost.exe- -svchost.exe- -SearchHost.exe- -RuntimeBroker.exe- -RuntimeBroker.exe- -svchost.exe- -dllhost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -OfficeClickToRun.exe- -svchost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -chrome.exe- -powershell.exe- -conhost.exe- -cmd.exe- -conhost.exe- -powershell.exe- -cmd.exe- -WmiPrvSE.exe- -svchost.exe- -sppsvc.exe- -msedge.exe- -msedge.exe- -cmd.exe- -tasklist.exe- -findstr.exe- "
C:\Windows\System32\find.exe
find /i "-winword.exe-"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo -smss.exe- -csrss.exe- -wininit.exe- -csrss.exe- -winlogon.exe- -services.exe- -lsass.exe- -svchost.exe- -fontdrvhost.exe- -fontdrvhost.exe- -svchost.exe- -svchost.exe- -dwm.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -spoolsv.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sysmon.exe- -svchost.exe- -svchost.exe- -svchost.exe- -sihost.exe- -svchost.exe- -unsecapp.exe- -explorer.exe- -svchost.exe- -svchost.exe- -SearchHost.exe- -RuntimeBroker.exe- -RuntimeBroker.exe- -svchost.exe- -dllhost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -OfficeClickToRun.exe- -svchost.exe- -dllhost.exe- -svchost.exe- -svchost.exe- -svchost.exe- -chrome.exe- -powershell.exe- -conhost.exe- -cmd.exe- -conhost.exe- -powershell.exe- -cmd.exe- -WmiPrvSE.exe- -svchost.exe- -sppsvc.exe- -msedge.exe- -msedge.exe- -cmd.exe- -tasklist.exe- -findstr.exe- "
C:\Windows\System32\find.exe
find /i "-lime.exe-"
C:\Windows\System32\choice.exe
choice /C:1230 /N
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,7219532480772302226,7259413889571951952,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5060 /prefetch:8
C:\Windows\System32\mode.com
mode 76, 33
C:\Windows\System32\choice.exe
choice /C:123456789H0 /N
C:\Windows\System32\mode.com
mode 76, 30
C:\Windows\System32\choice.exe
choice /C:120 /N
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://massgrave.dev/genuine-installation-media
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb4e193cb8,0x7ffb4e193cc8,0x7ffb4e193cd8
C:\Windows\System32\mode.com
mode 76, 30
C:\Windows\System32\choice.exe
choice /C:120 /N
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,3940758165821791225,7323429078584335435,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1892 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,3940758165821791225,7323429078584335435,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,3940758165821791225,7323429078584335435,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3940758165821791225,7323429078584335435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3940758165821791225,7323429078584335435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,3940758165821791225,7323429078584335435,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5044 /prefetch:8
C:\Windows\System32\mode.com
mode 76, 33
C:\Windows\System32\choice.exe
choice /C:123456789H0 /N
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb4e4acc40,0x7ffb4e4acc4c,0x7ffb4e4acc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1952,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=1948 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1776,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=2016 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2228,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=1700 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=3124 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3144,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=3172 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3592,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=4424 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4592,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=4584 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4712,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=4720 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4692,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=4684 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4924,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=4952 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4972,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=4968 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4888,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=4884 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4576,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=5144 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5064,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=4920 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5240,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=5084 /prefetch:2
C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x258,0x25c,0x260,0x234,0x264,0x7ff670c04698,0x7ff670c046a4,0x7ff670c046b0
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4788,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=4832 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=3112,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=3372 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=3152,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=4572 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5484,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=4724 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5160,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=4564 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=4960,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=5600 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5728,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=5744 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5880,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=5628 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5900,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=6024 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=6164,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=6328 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=6264,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=6332 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=6176,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=6236 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=6464,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=6616 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=6760,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=6792 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=6512,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=6932 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=7096,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=7052 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=7228,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=7112 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=7068,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=7368 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=7380,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=7356 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=7648,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=7512 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=7536,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=7684 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=7668,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=7832 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=7808,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=8088 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=8096,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=8232 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=8240,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=8264 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=8408,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=8508 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=8536,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=8652 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=8784,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=8804 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=8808,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=8844 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=8852,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=9092 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=9080,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=9220 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --field-trial-handle=9388,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=9116 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --field-trial-handle=9520,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=9272 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --field-trial-handle=9564,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=9672 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --field-trial-handle=9820,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=9664 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --field-trial-handle=9828,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=9968 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --field-trial-handle=9988,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=10120 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --field-trial-handle=9992,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=10268 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --field-trial-handle=10552,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=8540 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --field-trial-handle=10624,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=10648 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --field-trial-handle=10388,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=10296 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --field-trial-handle=9252,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=9248 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --field-trial-handle=10908,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=10948 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --field-trial-handle=10004,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=11052 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --field-trial-handle=11244,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=11228 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --field-trial-handle=11344,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=10244 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --field-trial-handle=11488,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=11452 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --field-trial-handle=11604,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=11624 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --field-trial-handle=11456,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=11752 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --field-trial-handle=11932,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=11940 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --field-trial-handle=12060,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=12088 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --field-trial-handle=12220,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=12240 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --field-trial-handle=12324,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=12340 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --field-trial-handle=11888,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=12524 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --field-trial-handle=3700,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=6288 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --field-trial-handle=12480,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=12644 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=12876,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=12864 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004B4 0x00000000000004D0
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --field-trial-handle=12092,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=12076 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --field-trial-handle=12204,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=12196 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --field-trial-handle=12136,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=12148 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --field-trial-handle=5996,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=8048 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --field-trial-handle=11104,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=11160 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --field-trial-handle=9632,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=5256 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --field-trial-handle=9236,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=7984 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=11464,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=12584 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --field-trial-handle=9312,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=9372 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --field-trial-handle=9232,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=12620 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --field-trial-handle=12192,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=11000 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=8212,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=5968 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=8036,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=7284 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --field-trial-handle=12472,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=12072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --field-trial-handle=5260,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=5092 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --field-trial-handle=12168,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=8412 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=10472,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=9316 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=9956,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=5028 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --field-trial-handle=8712,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=9608 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --field-trial-handle=10936,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=12584 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=10792,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=8744 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --field-trial-handle=1476,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=8744 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --field-trial-handle=7788,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=5944 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --field-trial-handle=6292,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=6064 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --field-trial-handle=5668,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=5652 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --field-trial-handle=12268,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=9860 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --field-trial-handle=12376,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=12232 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --field-trial-handle=7572,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=7596 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --field-trial-handle=5496,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=9664 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --field-trial-handle=5552,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=11920 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --field-trial-handle=12300,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=3260 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --field-trial-handle=5572,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=12652 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --field-trial-handle=11892,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=11944 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --field-trial-handle=12644,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=11576 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --field-trial-handle=7420,i,17625049473618779134,9396071992740956027,262144 --variations-seed-version=20241112-180131.892000 --mojo-platform-channel-handle=3780 /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\OutMerge.bat" "
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| GB | 142.250.187.202:443 | ogads-pa.googleapis.com | tcp |
| GB | 142.250.187.238:443 | apis.google.com | tcp |
| GB | 142.250.187.202:443 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| GB | 142.250.200.46:443 | play.google.com | tcp |
| GB | 216.58.204.78:443 | chrome.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.212.193:443 | clients2.googleusercontent.com | tcp |
| GB | 216.58.204.78:443 | chrome.google.com | tcp |
| GB | 2.18.66.43:443 | tcp | |
| GB | 2.18.66.43:443 | tcp | |
| GB | 92.123.128.179:443 | www.bing.com | tcp |
| GB | 92.123.128.179:443 | www.bing.com | tcp |
| GB | 92.123.128.179:443 | www.bing.com | tcp |
| GB | 92.123.128.179:443 | www.bing.com | tcp |
| GB | 92.123.128.179:443 | www.bing.com | tcp |
| GB | 92.123.128.179:443 | www.bing.com | tcp |
| US | 20.189.173.16:443 | browser.pipe.aria.microsoft.com | tcp |
| GB | 92.123.128.174:443 | www.bing.com | tcp |
| US | 104.21.22.3:443 | massgrave.dev | tcp |
| US | 104.21.24.156:443 | git.activated.win | tcp |
| US | 104.21.22.3:443 | massgrave.dev | tcp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| US | 104.21.22.3:443 | massgrave.dev | tcp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 142.250.178.10:443 | ogads-pa.googleapis.com | udp |
| GB | 142.250.178.10:443 | ogads-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | 4.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| GB | 142.250.200.46:443 | consent.google.com | udp |
| GB | 142.250.178.14:443 | clients2.google.com | udp |
| GB | 216.58.212.193:443 | clients2.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 2.213.58.216.in-addr.arpa | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| GB | 142.250.178.10:443 | ogads-pa.googleapis.com | tcp |
| GB | 142.250.178.10:443 | ogads-pa.googleapis.com | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| GB | 142.250.200.46:443 | consent.google.com | tcp |
| GB | 142.250.200.46:443 | consent.google.com | udp |
| US | 8.8.8.8:53 | api.whatismyip.com | udp |
| US | 104.27.206.92:443 | cf.whatismyip.com | tcp |
| US | 104.27.206.92:443 | cf.whatismyip.com | tcp |
| US | 34.117.39.86:443 | api.whatismyip.com | tcp |
| FR | 18.245.175.17:443 | global.proper.io | tcp |
| US | 104.27.206.92:443 | cf.whatismyip.com | udp |
| US | 8.8.8.8:53 | 92.206.27.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.39.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.175.245.18.in-addr.arpa | udp |
| FR | 52.222.169.13:443 | widget.sellwild.com | tcp |
| DE | 18.155.145.44:443 | live.primis.tech | tcp |
| US | 104.27.207.92:443 | cf.whatismyip.com | tcp |
| US | 104.17.248.203:443 | unpkg.com | tcp |
| US | 13.107.253.65:443 | www.clarity.ms | tcp |
| US | 8.8.8.8:53 | cache.sellwild.com | udp |
| BE | 142.250.110.156:443 | stats.g.doubleclick.net | tcp |
| GB | 172.217.169.3:443 | www.google.co.uk | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| FR | 18.245.175.17:443 | global.proper.io | tcp |
| FR | 18.155.129.13:443 | cache.sellwild.com | tcp |
| FR | 18.155.129.13:443 | cache.sellwild.com | tcp |
| US | 104.22.4.69:443 | a.ad.gt | tcp |
| GB | 172.217.16.226:443 | securepubads.g.doubleclick.net | tcp |
| IE | 13.74.129.1:443 | c.clarity.ms | tcp |
| FR | 18.244.28.126:443 | abcheck.proper.io | tcp |
| FR | 18.244.28.126:443 | abcheck.proper.io | tcp |
| US | 13.107.21.237:443 | c.bing.com | tcp |
| GB | 172.217.16.226:443 | securepubads.g.doubleclick.net | udp |
| DE | 91.228.74.200:443 | secure.quantserve.com | tcp |
| US | 172.64.154.78:443 | static.vidazoo.com | tcp |
| US | 44.242.127.23:443 | bids.proper.io | tcp |
| US | 104.22.74.216:443 | btloader.com | tcp |
| US | 4.153.129.168:443 | b.clarity.ms | tcp |
| GB | 216.58.204.78:443 | fundingchoicesmessages.google.com | tcp |
| FR | 18.244.28.79:443 | rules.quantcount.com | tcp |
| US | 104.26.3.70:443 | ad-delivery.net | tcp |
| US | 104.26.3.70:443 | ad-delivery.net | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| GB | 216.58.204.78:443 | fundingchoicesmessages.google.com | udp |
| GB | 142.250.187.225:443 | lh3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 92.207.27.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.248.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.253.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.110.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.129.155.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.4.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.129.74.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.28.244.18.in-addr.arpa | udp |
| GB | 216.58.204.78:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.154.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.74.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.74.228.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.129.153.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.28.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.127.242.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.3.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.211.130.in-addr.arpa | udp |
| IE | 54.229.42.39:443 | ce.lijit.com | tcp |
| GB | 87.248.114.12:443 | ups.analytics.yahoo.com | tcp |
| DE | 18.155.145.44:443 | live.primis.tech | udp |
| FR | 18.245.194.122:443 | c.amazon-adsystem.com | tcp |
| FR | 18.245.194.122:443 | c.amazon-adsystem.com | tcp |
| FR | 3.165.113.121:443 | player.propervideo.io | tcp |
| US | 172.64.154.78:443 | static.vidazoo.com | tcp |
| GB | 2.22.249.19:443 | pxdrop.lijit.com | tcp |
| NL | 35.214.136.108:443 | x.bidswitch.net | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| US | 8.8.8.8:53 | htlb.casalemedia.com | udp |
| US | 18.233.249.147:443 | reachms.bfmio.com | tcp |
| FR | 18.244.28.86:443 | hb.yellowblue.io | tcp |
| US | 69.166.1.32:443 | apex.go.sonobi.com | tcp |
| US | 69.166.1.32:443 | apex.go.sonobi.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| US | 8.8.8.8:53 | fastlane.rubiconproject.com | udp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| US | 8.8.8.8:53 | ssc.33across.com | udp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| US | 35.186.253.211:443 | rtb.openx.net | tcp |
| DE | 37.252.171.21:443 | ib.adnxs.com | tcp |
| DE | 37.252.171.21:443 | ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| DE | 18.159.212.21:443 | btlr.sharethrough.com | tcp |
| DE | 18.159.212.21:443 | btlr.sharethrough.com | tcp |
| FR | 52.84.174.40:443 | config.aps.amazon-adsystem.com | tcp |
| US | 89.187.176.167:443 | ssc.33across.com | tcp |
| US | 89.187.176.167:443 | ssc.33across.com | tcp |
| US | 89.187.176.167:443 | ssc.33across.com | tcp |
| DE | 18.157.230.4:443 | tlx.3lift.com | tcp |
| US | 161.35.253.186:443 | prebid.cootlogix.com | tcp |
| US | 161.35.253.186:443 | prebid.cootlogix.com | tcp |
| US | 161.35.253.186:443 | prebid.cootlogix.com | tcp |
| US | 34.120.63.153:443 | prebid.media.net | tcp |
| IE | 52.208.154.107:443 | ap.lijit.com | tcp |
| IE | 52.211.233.195:443 | g2.gumgum.com | tcp |
| IE | 52.211.233.195:443 | g2.gumgum.com | tcp |
| IE | 52.211.233.195:443 | g2.gumgum.com | tcp |
| IE | 52.211.233.195:443 | g2.gumgum.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| US | 172.64.151.101:443 | htlb.casalemedia.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| NL | 35.214.136.108:443 | x.bidswitch.net | udp |
| US | 52.25.90.190:443 | usync.proper.io | tcp |
| FR | 52.222.159.154:443 | aax.amazon-adsystem.com | tcp |
| FR | 52.222.159.154:443 | aax.amazon-adsystem.com | tcp |
| US | 52.25.90.190:443 | usync.proper.io | tcp |
| GB | 2.22.249.19:443 | pxdrop.lijit.com | tcp |
| US | 8.8.8.8:53 | api.intentiq.com | udp |
| US | 8.8.8.8:53 | sync.intentiq.com | udp |
| GB | 3.162.20.127:443 | cdn.browsiprod.com | tcp |
| GB | 104.78.175.230:443 | secure.cdn.fastclick.net | tcp |
| FR | 172.234.57.28:443 | aps.zqtk.net | tcp |
| US | 104.22.52.86:443 | cdn.id5-sync.com | tcp |
| FR | 18.155.129.56:443 | tags.crwdcntrl.net | tcp |
| GB | 216.58.212.193:443 | 13778806bcf109121abab5b7588f5a04.safeframe.googlesyndication.com | tcp |
| US | 45.77.157.114:443 | wserver.vidazoo.com | tcp |
| US | 104.22.53.173:443 | cdn.hadronid.net | tcp |
| FR | 13.249.9.80:443 | sync.intentiq.com | tcp |
| FR | 99.86.91.52:443 | api.intentiq.com | tcp |
| GB | 142.250.200.33:443 | ep2.adtrafficquality.google | tcp |
| US | 44.225.22.39:443 | events.browsiprod.com | tcp |
| US | 172.67.23.234:443 | id.hadron.ad.gt | tcp |
| FR | 3.162.38.114:443 | yield-manager.browsiprod.com | tcp |
| US | 18.211.222.87:443 | cs-server-s2s.yellowblue.io | tcp |
| US | 8.8.8.8:53 | mb9eo.publishers.tremorhub.com | udp |
| US | 8.8.8.8:53 | cs.media.net | udp |
| US | 8.8.8.8:53 | video.primis.tech | udp |
| US | 8.8.8.8:53 | ads.stickyadstv.com | udp |
| US | 34.98.64.218:443 | u.openx.net | tcp |
| GB | 2.23.204.244:443 | ads.pubmatic.com | tcp |
| US | 35.71.131.137:443 | match.adsrvr.org | tcp |
| IE | 18.202.187.23:443 | bcp.crwdcntrl.net | tcp |
| US | 76.223.111.18:443 | eb2.3lift.com | tcp |
| GB | 142.250.187.194:443 | pubads.g.doubleclick.net | tcp |
| GB | 2.23.220.28:443 | cs.media.net | tcp |
| US | 3.165.148.106:443 | video.primis.tech | tcp |
| FR | 154.54.250.81:443 | ads.stickyadstv.com | tcp |
| NL | 69.173.156.149:443 | pixel.rubiconproject.com | tcp |
| GB | 142.250.187.194:443 | pubads.g.doubleclick.net | udp |
| NL | 35.214.175.96:443 | csync.loopme.me | tcp |
| FR | 3.165.136.123:443 | sync-gdpr.intentiq.com | tcp |
| US | 34.98.64.218:443 | u.openx.net | udp |
| US | 104.18.36.155:443 | htlb.casalemedia.com | udp |
| FR | 3.165.136.123:443 | sync-gdpr.intentiq.com | tcp |
| IE | 52.95.122.74:443 | aax-eu.amazon-adsystem.com | tcp |
| US | 80.77.87.163:443 | cs.admanmedia.com | tcp |
| US | 167.172.230.145:443 | ads.bidstreamserver.com | tcp |
| US | 167.172.230.145:443 | ads.bidstreamserver.com | tcp |
| US | 34.238.78.119:443 | mb9eo.publishers.tremorhub.com | tcp |
| GB | 142.250.179.225:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.179.225:443 | tpc.googlesyndication.com | tcp |
| GB | 18.172.88.52:443 | rtb.primis.tech | tcp |
| GB | 216.58.212.226:443 | cm.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | ad.360yield.com | udp |
| US | 18.217.92.0:443 | amspbs.com | tcp |
| US | 18.217.92.0:443 | amspbs.com | tcp |
| NL | 89.149.193.96:443 | prg.smartadserver.com | tcp |
| NL | 89.149.193.96:443 | prg.smartadserver.com | tcp |
| NL | 89.149.193.96:443 | prg.smartadserver.com | tcp |
| NL | 89.149.193.96:443 | prg.smartadserver.com | tcp |
| DE | 51.89.9.251:443 | onetag-sys.com | tcp |
| NL | 35.214.175.96:443 | csync.loopme.me | tcp |
| US | 8.8.8.8:53 | 123.136.165.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.253.186.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.28.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.174.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.171.252.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.174.84.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.63.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.151.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.212.159.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.230.157.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.233.211.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.154.208.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.1.166.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.249.233.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.253.35.161.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.176.187.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.175.78.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.159.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.20.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.52.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.53.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.57.234.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.129.155.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.91.86.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.9.249.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.157.77.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.90.25.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.38.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.23.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.64.98.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.204.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.22.225.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.220.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.148.165.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.131.71.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.187.202.18.in-addr.arpa | udp |
| FR | 163.5.194.35:443 | prebid.a-mo.net | tcp |
| IE | 34.242.121.72:443 | ad.360yield.com | tcp |
| IE | 34.242.121.72:443 | ad.360yield.com | tcp |
| IE | 34.242.121.72:443 | ad.360yield.com | tcp |
| IE | 34.242.121.72:443 | ad.360yield.com | tcp |
| NL | 89.149.193.117:443 | ssbsync-global.smartadserver.com | tcp |
| DK | 37.157.5.132:443 | cm.adform.net | tcp |
| GB | 172.217.16.226:443 | securepubads.g.doubleclick.net | tcp |
| GB | 172.217.16.226:443 | securepubads.g.doubleclick.net | tcp |
| GB | 172.217.16.226:443 | securepubads.g.doubleclick.net | tcp |
| GB | 142.250.200.33:443 | ep2.adtrafficquality.google | tcp |
| GB | 172.217.16.226:443 | securepubads.g.doubleclick.net | tcp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 165.227.88.228:443 | bis3.vidazoo.com | tcp |
| US | 3.165.148.34:443 | eb.proper.io | tcp |
| DE | 18.195.234.25:443 | match.sharethrough.com | tcp |
| NL | 46.228.174.117:443 | sync.targeting.unrulymedia.com | tcp |
| US | 198.199.89.226:443 | sync.kueezrtb.com | tcp |
| GB | 18.172.88.34:443 | live.primis.tech | tcp |
| GB | 172.217.16.226:443 | securepubads.g.doubleclick.net | udp |
| US | 104.18.41.106:443 | sync.ingage.tech | tcp |
| GB | 142.250.179.225:443 | tpc.googlesyndication.com | tcp |
| GB | 2.23.204.244:443 | ads.pubmatic.com | tcp |
| FR | 3.165.136.123:443 | sync-gdpr.intentiq.com | tcp |
| GB | 142.250.179.225:443 | tpc.googlesyndication.com | udp |
| NL | 46.228.174.117:443 | sync.targeting.unrulymedia.com | tcp |
| GB | 2.23.220.28:443 | hbx.media.net | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 35.244.193.51:443 | lexicon.33across.com | tcp |
| US | 167.172.230.145:443 | ads.bidstreamserver.com | tcp |
| NL | 46.228.174.117:443 | sync.targeting.unrulymedia.com | tcp |
| US | 8.8.8.8:53 | 226.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.9.89.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.92.217.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.175.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.194.5.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.121.242.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.193.149.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.5.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.148.165.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.234.195.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.88.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.88.227.165.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.89.199.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.41.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.193.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| GB | 172.217.16.226:443 | securepubads.g.doubleclick.net | udp |
| GB | 172.217.16.226:443 | securepubads.g.doubleclick.net | udp |
| DE | 141.95.33.120:443 | id5-sync.com | tcp |
| DE | 162.19.138.120:443 | id5-sync.com | tcp |
| US | 67.202.105.24:443 | ssc-cms.33across.com | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 34.120.133.55:443 | api.rlcdn.com | tcp |
| US | 34.120.133.55:443 | api.rlcdn.com | udp |
| US | 69.166.1.32:443 | apex.go.sonobi.com | tcp |
| US | 104.26.8.169:443 | script.4dex.io | tcp |
| US | 134.209.41.179:443 | prebid.bidstreamserver.com | tcp |
| US | 134.209.41.179:443 | prebid.bidstreamserver.com | tcp |
| US | 134.209.41.179:443 | prebid.bidstreamserver.com | tcp |
| US | 134.209.41.179:443 | prebid.bidstreamserver.com | tcp |
| DE | 141.95.33.120:443 | id5-sync.com | tcp |
| GB | 185.64.190.78:443 | image6.pubmatic.com | tcp |
| US | 104.26.8.169:443 | script.4dex.io | tcp |
| US | 104.18.22.145:443 | cadmus.script.ac | tcp |
| US | 8.8.8.8:53 | ssp-sync.criteo.com | udp |
| GB | 2.23.220.28:443 | hbx.media.net | tcp |
| US | 104.26.8.169:443 | script.4dex.io | tcp |
| NL | 178.250.1.57:443 | ssp-sync.criteo.com | tcp |
| DE | 51.89.9.251:443 | onetag-sys.com | tcp |
| DE | 51.89.9.251:443 | onetag-sys.com | tcp |
| FR | 18.164.52.46:443 | s.ad.smaato.net | tcp |
| US | 64.202.112.63:443 | b1sync.zemanta.com | tcp |
| IE | 54.229.148.225:443 | g2.gumgum.com | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| DE | 51.89.9.251:443 | onetag-sys.com | udp |
| US | 134.209.41.179:443 | prebid.bidstreamserver.com | tcp |
| NL | 89.149.193.84:443 | ssbsync.smartadserver.com | tcp |
| NL | 35.214.136.108:443 | x.bidswitch.net | tcp |
| DE | 18.195.234.25:443 | match.sharethrough.com | tcp |
| US | 8.8.8.8:53 | dsp-ap.eskimi.com | udp |
| US | 8.8.8.8:53 | ad.mrtnsvr.com | udp |
| US | 8.8.8.8:53 | match.prod.bidr.io | udp |
| US | 8.8.8.8:53 | p.rfihub.com | udp |
| NL | 35.214.136.108:443 | x.bidswitch.net | udp |
| DE | 37.252.171.21:443 | ib.adnxs.com | tcp |
| IE | 52.17.238.95:443 | match.prod.bidr.io | tcp |
| IE | 52.95.122.74:443 | aax-eu.amazon-adsystem.com | tcp |
| GB | 18.172.88.34:443 | live.primis.tech | udp |
| IE | 54.170.251.59:443 | dsp.360yield.com | tcp |
| DE | 91.228.74.159:443 | cms.quantserve.com | tcp |
| US | 34.102.163.6:443 | ad.mrtnsvr.com | tcp |
| US | 54.144.126.151:443 | sync.srv.stackadapt.com | tcp |
| US | 151.101.2.49:443 | sync-tm.everesttech.net | tcp |
| DK | 37.157.3.20:443 | c1.adform.net | tcp |
| DK | 37.157.3.20:443 | c1.adform.net | tcp |
| NL | 193.0.160.130:443 | p.rfihub.com | tcp |
| NL | 188.42.63.48:443 | dsp-ap.eskimi.com | tcp |
| NL | 82.145.213.8:443 | t.adx.opera.com | tcp |
| DE | 80.82.210.217:443 | dsp-cookie.adfarm1.adition.com | tcp |
| NL | 35.214.175.96:443 | csync.loopme.me | tcp |
| IE | 52.208.154.107:443 | ap.lijit.com | tcp |
| US | 76.223.111.18:443 | eb2.3lift.com | tcp |
| US | 34.102.163.6:443 | ad.mrtnsvr.com | tcp |
| NL | 193.0.160.130:443 | p.rfihub.com | tcp |
| NL | 46.228.174.117:443 | sync.targeting.unrulymedia.com | tcp |
| SE | 13.53.196.230:443 | d5p.de17a.com | tcp |
| US | 23.192.21.141:443 | eus.rubiconproject.com | tcp |
| IE | 52.51.128.45:443 | sync-amz.ads.yieldmo.com | tcp |
| US | 35.186.193.173:443 | ipac.ctnsnet.com | tcp |
| GB | 216.58.212.226:443 | cm.g.doubleclick.net | tcp |
| GB | 216.58.212.226:443 | cm.g.doubleclick.net | tcp |
| GB | 216.58.212.226:443 | cm.g.doubleclick.net | tcp |
| US | 35.71.131.137:443 | match.adsrvr.org | tcp |
| GB | 87.248.114.12:443 | s.yimg.com | tcp |
| US | 104.22.50.98:443 | mwzeom.zeotap.com | tcp |
| DK | 77.243.51.121:443 | uipglob.semasio.net | tcp |
| FR | 54.38.113.5:443 | pixel.onaudience.com | tcp |
| US | 8.8.8.8:53 | image2.pubmatic.com | udp |
| US | 8.8.8.8:53 | simage2.pubmatic.com | udp |
| NL | 198.47.127.205:443 | simage2.pubmatic.com | tcp |
| NL | 198.47.127.205:443 | simage2.pubmatic.com | tcp |
| GB | 185.64.191.210:443 | image2.pubmatic.com | tcp |
| GB | 185.64.191.210:443 | image2.pubmatic.com | tcp |
| GB | 216.58.212.226:443 | cm.g.doubleclick.net | udp |
| FR | 163.5.194.35:443 | prebid.a-mo.net | tcp |
| US | 34.13.138.208:443 | um.simpli.fi | tcp |
| IE | 54.229.42.39:443 | ce.lijit.com | tcp |
| US | 8.8.8.8:53 | 49.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.160.0.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.213.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.74.228.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.63.42.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.3.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.210.82.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.126.144.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.251.170.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.21.192.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.193.186.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.50.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.113.38.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.51.243.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.128.51.52.in-addr.arpa | udp |
| NL | 185.184.8.90:443 | creativecdn.com | tcp |
| IE | 34.251.26.95:443 | pr-bh.ybp.yahoo.com | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | tcp |
| US | 151.101.65.108:443 | acdn.adnxs.com | tcp |
| NL | 46.228.164.11:443 | ad.turn.com | tcp |
| NL | 64.227.64.62:443 | match.adsby.bidtheatre.com | tcp |
| NL | 63.215.202.140:443 | pubmatic-match.dotomi.com | tcp |
| NL | 208.93.169.131:443 | bh.contextweb.com | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | udp |
| DE | 3.122.214.165:443 | ps.eyeota.net | tcp |
| NL | 89.149.193.105:443 | rtb-csync.smartadserver.com | tcp |
| NL | 46.228.174.117:443 | sync.targeting.unrulymedia.com | tcp |
| GB | 185.64.191.214:443 | image8.pubmatic.com | tcp |
| NL | 69.173.156.148:443 | token.rubiconproject.com | tcp |
| IE | 34.240.236.190:443 | ads.yieldmo.com | tcp |
| NL | 46.228.174.117:443 | sync.targeting.unrulymedia.com | tcp |
| US | 35.171.195.136:443 | aorta.clickagy.com | tcp |
| FR | 13.249.9.36:443 | sync.serverbid.com | tcp |
| NL | 46.228.174.117:443 | sync.targeting.unrulymedia.com | tcp |
| IE | 34.240.236.190:443 | ads.yieldmo.com | tcp |
| IE | 34.247.233.198:443 | usersync.gumgum.com | tcp |
| GB | 185.64.190.81:443 | image4.pubmatic.com | tcp |
| GB | 185.64.190.81:443 | image4.pubmatic.com | tcp |
| IE | 34.247.233.198:443 | usersync.gumgum.com | tcp |
| US | 54.144.126.151:443 | sync.srv.stackadapt.com | tcp |
| US | 54.144.126.151:443 | sync.srv.stackadapt.com | tcp |
| NL | 89.207.16.201:443 | triplelift-match.dotomi.com | tcp |
| NL | 46.228.164.11:443 | ad.turn.com | tcp |
| US | 8.8.8.8:53 | 11.164.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.202.215.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.64.227.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.26.251.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.169.93.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.214.122.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.193.149.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.156.173.69.in-addr.arpa | udp |
| NL | 69.173.156.148:443 | token.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | 190.236.240.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.9.249.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.233.247.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.195.171.35.in-addr.arpa | udp |
| NL | 46.228.164.11:443 | ad.turn.com | tcp |
| US | 54.144.126.151:443 | sync.srv.stackadapt.com | tcp |
| US | 3.218.135.138:443 | sync.ipredictive.com | tcp |
| US | 8.18.47.7:443 | match.deepintent.com | tcp |
| IE | 34.247.233.198:443 | usersync.gumgum.com | tcp |
| IE | 34.247.233.198:443 | usersync.gumgum.com | tcp |
| JP | 124.146.153.151:443 | tg.socdm.com | tcp |
| GB | 23.215.239.190:443 | secure-assets.rubiconproject.com | tcp |
| NL | 69.173.156.148:443 | token.rubiconproject.com | tcp |
| NL | 69.173.156.148:443 | token.rubiconproject.com | tcp |
| NL | 69.173.156.148:443 | token.rubiconproject.com | tcp |
| NL | 69.173.156.149:443 | token.rubiconproject.com | tcp |
| NL | 69.173.156.149:443 | token.rubiconproject.com | tcp |
| NL | 69.173.156.149:443 | token.rubiconproject.com | tcp |
| US | 98.82.156.207:443 | s.amazon-adsystem.com | tcp |
| JP | 124.146.153.151:443 | tg.socdm.com | tcp |
| NL | 69.173.156.149:443 | token.rubiconproject.com | tcp |
| NL | 69.173.156.149:443 | token.rubiconproject.com | tcp |
| US | 13.107.42.14:443 | px.ads.linkedin.com | tcp |
| NL | 69.173.156.149:443 | token.rubiconproject.com | tcp |
| US | 98.82.156.207:443 | s.amazon-adsystem.com | tcp |
| US | 54.173.20.189:443 | vid-io-iad.springserve.com | tcp |
| US | 104.18.41.104:443 | capi.connatix.com | tcp |
| SI | 195.5.165.20:443 | core.iprom.net | tcp |
| US | 34.111.113.62:443 | pixel.tapad.com | tcp |
| SG | 35.186.154.107:443 | cm-supply-web.gammaplatform.com | tcp |
| US | 8.8.8.8:53 | 20.165.5.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.20.173.54.in-addr.arpa | udp |
| US | 67.202.105.31:443 | de.tynt.com | tcp |
| DK | 37.157.3.20:443 | c1.adform.net | tcp |
| FR | 18.245.199.2:443 | tbd4rmdvjk.execute-api.us-east-1.amazonaws.com | tcp |
| SG | 35.186.154.107:443 | cm-supply-web.gammaplatform.com | tcp |
| IE | 52.215.155.11:443 | cm.adgrx.com | tcp |
| FR | 141.95.171.140:443 | green.erne.co | tcp |
| US | 172.64.150.63:443 | a.tribalfusion.com | tcp |
| DE | 23.88.86.2:443 | matching.truffle.bid | tcp |
| FR | 54.38.113.3:443 | pixel-eu.onaudience.com | tcp |
| IE | 34.252.147.51:443 | sync.crwdcntrl.net | tcp |
| DE | 57.129.39.243:443 | bidberry.net | tcp |
| US | 3.165.148.106:443 | video.primis.tech | udp |
| DE | 23.88.86.2:443 | matching.truffle.bid | tcp |
| GB | 142.250.200.33:443 | ep2.adtrafficquality.google | udp |
| GB | 18.172.88.52:443 | live.primis.tech | udp |
| NL | 35.214.175.96:443 | csync.loopme.me | tcp |
| US | 104.18.36.155:443 | dsum.casalemedia.com | tcp |
| FR | 52.222.159.154:443 | aax.amazon-adsystem.com | tcp |
| NL | 63.215.202.172:443 | amazon-tam-match.dotomi.com | tcp |
| US | 104.18.36.155:443 | dsum.casalemedia.com | udp |
| NL | 89.207.16.140:443 | casale-match.dotomi.com | tcp |
| IE | 52.16.253.227:443 | pm.w55c.net | tcp |
| FR | 18.245.193.37:443 | m.media-amazon.com | tcp |
| NL | 46.228.174.117:443 | sync.targeting.unrulymedia.com | tcp |
| FR | 18.245.193.37:443 | m.media-amazon.com | udp |
| IE | 67.220.226.234:443 | aax-eu.amazon-adsystem.com | tcp |
| IE | 67.220.226.234:443 | aax-eu.amazon-adsystem.com | tcp |
| US | 151.101.65.16:443 | images-na.ssl-images-amazon.com | tcp |
| FR | 18.245.175.80:443 | ts.amazon-adsystem.com | tcp |
| IE | 52.18.108.50:443 | aes.eu-west.3px.axp.amazon-adsystem.com | tcp |
| GB | 2.22.249.19:443 | aqfer.lijit.com | tcp |
| DE | 162.55.120.196:443 | matching.truffle.bid | tcp |
| DE | 162.55.120.196:443 | matching.truffle.bid | tcp |
| DE | 37.252.171.21:443 | secure.adnxs.com | tcp |
| US | 35.186.253.211:443 | rtb.openx.net | udp |
| US | 34.120.63.153:443 | prebid.media.net | udp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| US | 89.187.176.167:443 | ssc.33across.com | tcp |
| US | 69.166.1.32:443 | apex.go.sonobi.com | tcp |
| DE | 18.159.212.21:443 | btlr.sharethrough.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| US | 172.64.151.101:443 | dsum.casalemedia.com | udp |
| NL | 89.149.193.96:443 | prg.smartadserver.com | tcp |
| DE | 51.89.9.251:443 | onetag-sys.com | udp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| DE | 51.89.9.251:443 | onetag-sys.com | tcp |
| GB | 172.217.16.226:443 | securepubads.g.doubleclick.net | udp |
| GB | 172.217.16.226:443 | securepubads.g.doubleclick.net | udp |
| US | 34.120.133.55:443 | api.rlcdn.com | udp |
| IE | 54.73.182.240:443 | pn.ybp.yahoo.com | tcp |
| NL | 69.173.156.129:443 | beacon-ams3.rubiconproject.com | tcp |
| GB | 142.250.200.38:443 | s0.2mdn.net | tcp |
| GB | 87.248.114.11:443 | cdn.js7k.com | tcp |
| US | 23.192.20.210:443 | servedby.flashtalking.com | tcp |
| US | 35.80.132.205:443 | pixel.adsafeprotected.com | tcp |
| GB | 87.248.114.12:443 | cdn.js7k.com | tcp |
| FR | 52.222.159.154:443 | aax.amazon-adsystem.com | tcp |
| FR | 52.84.174.120:443 | ajs-assets.ftstatic.com | tcp |
| GB | 142.250.179.225:443 | tpc.googlesyndication.com | udp |
| MX | 192.178.56.35:443 | csi.gstatic.com | tcp |
| MX | 192.178.56.35:443 | csi.gstatic.com | tcp |
| FR | 18.245.193.37:443 | m.media-amazon.com | tcp |
| FR | 18.155.129.117:443 | agen-assets.ftstatic.com | tcp |
| FR | 18.245.175.80:443 | ts.amazon-adsystem.com | tcp |
| MX | 192.178.56.35:443 | csi.gstatic.com | tcp |
| IE | 52.48.243.18:443 | premierinn.demdex.net | tcp |
| FR | 18.244.33.53:443 | images-na.ssl-images-amazon.com | tcp |
| FR | 52.222.169.4:443 | cdn.flashtalking.com | tcp |
| FR | 52.222.169.4:443 | cdn.flashtalking.com | tcp |
| GB | 18.170.252.3:443 | ad-events.flashtalking.com | tcp |
| GB | 18.170.252.3:443 | ad-events.flashtalking.com | tcp |
| GB | 18.172.88.111:443 | static.adsafeprotected.com | tcp |
| GB | 142.250.187.234:443 | content-autofill.googleapis.com | tcp |
| IE | 52.50.31.191:443 | aes.eu-west.3px.axp.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | 4.169.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.243.48.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.252.170.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.88.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.31.50.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dt.adsafeprotected.com | udp |
| US | 54.227.179.134:443 | dt.adsafeprotected.com | tcp |
| US | 54.227.179.134:443 | dt.adsafeprotected.com | tcp |
| US | 54.227.179.134:443 | dt.adsafeprotected.com | tcp |
| US | 54.227.179.134:443 | dt.adsafeprotected.com | tcp |
| US | 54.227.179.134:443 | dt.adsafeprotected.com | tcp |
| MX | 192.178.56.35:443 | csi.gstatic.com | udp |
| US | 4.153.129.168:443 | b.clarity.ms | tcp |
| US | 3.165.148.106:443 | video.primis.tech | udp |
| MX | 192.178.56.35:443 | csi.gstatic.com | udp |
| GB | 142.250.200.14:443 | gcdn.2mdn.net | tcp |
| GB | 74.125.105.134:443 | r1---sn-aigl6nsr.c.2mdn.net | tcp |
| GB | 142.250.200.38:443 | s0.2mdn.net | tcp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 4.153.129.168:443 | b.clarity.ms | tcp |
| GB | 142.250.200.14:443 | gcdn.2mdn.net | udp |
| GB | 74.125.105.134:443 | r1---sn-aigl6nsr.c.2mdn.net | udp |
| IE | 67.220.226.234:443 | aax-eu.amazon-adsystem.com | tcp |
| IE | 67.220.226.234:443 | aax-eu.amazon-adsystem.com | tcp |
| IE | 67.220.226.234:443 | aax-eu.amazon-adsystem.com | tcp |
| DE | 37.252.171.21:443 | secure.adnxs.com | tcp |
| NL | 89.149.193.96:443 | prg.smartadserver.com | tcp |
| DE | 51.89.9.251:443 | onetag-sys.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | tcp |
| GB | 172.217.16.226:443 | securepubads.g.doubleclick.net | udp |
| GB | 172.217.16.226:443 | securepubads.g.doubleclick.net | udp |
| US | 4.153.129.168:443 | b.clarity.ms | tcp |
| US | 34.120.63.153:443 | prebid.media.net | udp |
| US | 35.186.253.211:443 | rtb.openx.net | udp |
| US | 104.18.36.155:443 | htlb.casalemedia.com | udp |
| US | 89.187.176.167:443 | ssc.33across.com | tcp |
| US | 161.35.253.186:443 | prebid.cootlogix.com | tcp |
| US | 161.35.253.186:443 | prebid.cootlogix.com | tcp |
| US | 161.35.253.186:443 | prebid.cootlogix.com | tcp |
| US | 69.166.1.32:443 | apex.go.sonobi.com | tcp |
| DE | 3.120.207.148:443 | btlr.sharethrough.com | tcp |
| US | 34.120.133.55:443 | api.rlcdn.com | udp |
| DE | 51.89.9.251:443 | onetag-sys.com | tcp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | tcp |
| IE | 54.228.54.61:443 | nrb.ybp.yahoo.com | tcp |
| US | 4.153.129.168:443 | b.clarity.ms | tcp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 142.250.178.10:443 | content-autofill.googleapis.com | udp |
| GB | 142.250.200.46:443 | consent.google.com | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| GB | 142.250.178.10:443 | content-autofill.googleapis.com | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| GB | 142.250.200.46:443 | consent.google.com | udp |
| US | 4.153.129.168:443 | b.clarity.ms | tcp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| NL | 89.149.193.96:443 | prg.smartadserver.com | tcp |
| DE | 37.252.171.21:443 | secure.adnxs.com | tcp |
| DE | 51.89.9.251:443 | onetag-sys.com | tcp |
| US | 3.165.148.106:443 | video.primis.tech | udp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | udp |
| SG | 34.87.124.238:443 | e2c8.gcp.gvt2.com | tcp |
| GB | 172.217.16.226:443 | securepubads.g.doubleclick.net | udp |
| GB | 172.217.16.226:443 | securepubads.g.doubleclick.net | udp |
| US | 34.120.133.55:443 | api.rlcdn.com | udp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | udp |
| GB | 142.250.187.195:443 | beacons.gvt2.com | tcp |
| US | 69.166.1.32:443 | apex.go.sonobi.com | tcp |
| DE | 51.89.9.251:443 | onetag-sys.com | tcp |
| PL | 34.118.72.152:443 | e2c12.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| MX | 172.217.15.3:443 | beacons2.gvt2.com | tcp |
| US | 8.8.8.8:53 | 152.72.118.34.in-addr.arpa | udp |
| DE | 34.89.141.94:443 | e2c16.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 3.15.217.172.in-addr.arpa | udp |
| US | 4.153.129.168:443 | b.clarity.ms | tcp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.35:443 | beacons3.gvt2.com | tcp |
| US | 8.8.8.8:53 | ad.360yield.com | udp |
| DE | 37.252.171.21:443 | secure.adnxs.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| DE | 51.89.9.251:443 | onetag-sys.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | udp |
| FR | 5.135.209.96:443 | prg.smartadserver.com | tcp |
| GB | 172.217.16.226:443 | securepubads.g.doubleclick.net | udp |
| GB | 172.217.16.226:443 | securepubads.g.doubleclick.net | udp |
| GB | 172.217.16.226:443 | securepubads.g.doubleclick.net | udp |
| GB | 172.217.16.226:443 | securepubads.g.doubleclick.net | udp |
| US | 34.120.133.55:443 | api.rlcdn.com | udp |
| US | 69.166.1.32:443 | apex.go.sonobi.com | tcp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| DE | 51.89.9.251:443 | onetag-sys.com | tcp |
| US | 4.153.129.168:443 | b.clarity.ms | tcp |
| US | 8.8.8.8:53 | s1.nordcdn.com | udp |
| GB | 216.58.213.4:443 | www.google.com | udp |
| US | 104.16.208.203:443 | web-api.nordvpn.com | tcp |
| US | 104.16.208.203:443 | web-api.nordvpn.com | tcp |
| US | 104.16.208.203:443 | web-api.nordvpn.com | tcp |
| US | 104.16.156.111:443 | s1.nordcdn.com | tcp |
| US | 104.16.156.111:443 | s1.nordcdn.com | tcp |
| US | 104.16.156.111:443 | s1.nordcdn.com | tcp |
| US | 104.16.156.111:443 | s1.nordcdn.com | tcp |
| US | 104.16.208.203:443 | web-api.nordvpn.com | udp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | e2c19.gcp.gvt2.com | udp |
| FR | 52.84.174.97:443 | sb.nordcdn.com | tcp |
| US | 104.16.208.203:443 | cm.nordvpn.com | tcp |
| US | 104.16.208.203:443 | cm.nordvpn.com | tcp |
| CH | 34.65.65.90:443 | e2c19.gcp.gvt2.com | tcp |
| BE | 142.250.110.156:443 | stats.g.doubleclick.net | tcp |
| GB | 172.217.169.3:443 | id.google.com | tcp |
| GB | 216.58.213.4:443 | www.google.com | tcp |
| GB | 142.250.187.195:443 | beacons.gvt2.com | tcp |
| GB | 216.58.213.4:443 | www.google.com | udp |
| GB | 172.217.169.3:443 | id.google.com | udp |
| FR | 52.84.174.97:443 | sb.nordcdn.com | tcp |
| GB | 142.250.178.6:443 | 12123059.fls.doubleclick.net | tcp |
| GB | 142.250.178.6:443 | 12123059.fls.doubleclick.net | udp |
| US | 8.8.8.8:53 | insight.adsrvr.org | udp |
| US | 35.71.131.137:443 | insight.adsrvr.org | tcp |
| FR | 18.244.32.109:443 | js.adsrvr.org | tcp |
| US | 23.192.20.210:443 | servedby.flashtalking.com | tcp |
| FR | 5.135.209.96:443 | prg.smartadserver.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| DE | 37.252.171.21:443 | secure.adnxs.com | tcp |
| DE | 51.89.9.251:443 | onetag-sys.com | tcp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.16.226:443 | securepubads.g.doubleclick.net | udp |
| GB | 172.217.16.226:443 | securepubads.g.doubleclick.net | udp |
| GB | 172.217.16.226:443 | securepubads.g.doubleclick.net | udp |
| US | 4.153.129.168:443 | b.clarity.ms | tcp |
| FR | 5.135.209.96:443 | prg.smartadserver.com | tcp |
| DE | 51.89.9.251:443 | onetag-sys.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| NL | 185.89.210.82:443 | ib.adnxs.com | tcp |
| GB | 172.217.16.226:443 | securepubads.g.doubleclick.net | udp |
| GB | 172.217.16.226:443 | securepubads.g.doubleclick.net | udp |
| GB | 172.217.16.226:443 | securepubads.g.doubleclick.net | udp |
| US | 4.153.129.168:443 | b.clarity.ms | tcp |
| GB | 172.217.169.3:443 | id.google.com | udp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | tcp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | tcp |
| GB | 172.217.169.3:443 | id.google.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| NL | 185.89.210.82:443 | ib.adnxs.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| DE | 51.89.9.251:443 | onetag-sys.com | tcp |
| FR | 5.135.209.96:443 | prg.smartadserver.com | tcp |
| GB | 172.217.16.226:443 | securepubads.g.doubleclick.net | udp |
| GB | 172.217.16.226:443 | securepubads.g.doubleclick.net | udp |
| GB | 172.217.16.226:443 | securepubads.g.doubleclick.net | udp |
| US | 4.153.129.168:443 | b.clarity.ms | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| NL | 185.89.210.82:443 | ib.adnxs.com | tcp |
| US | 89.187.176.167:443 | ssc.33across.com | tcp |
| US | 35.186.253.211:443 | rtb.openx.net | udp |
| US | 104.18.36.155:443 | htlb.casalemedia.com | udp |
| US | 8.8.8.8:53 | g2.gumgum.com | udp |
| US | 69.166.1.32:443 | apex.go.sonobi.com | tcp |
| US | 8.8.8.8:53 | tlx.3lift.com | udp |
| US | 8.8.8.8:53 | prebid.media.net | udp |
| US | 8.8.8.8:53 | reachms.bfmio.com | udp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | btlr.sharethrough.com | udp |
| IE | 54.229.148.225:443 | g2.gumgum.com | tcp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | udp |
| US | 161.35.253.186:443 | prebid.cootlogix.com | tcp |
| US | 161.35.253.186:443 | prebid.cootlogix.com | tcp |
| US | 161.35.253.186:443 | prebid.cootlogix.com | tcp |
| DE | 3.72.6.211:443 | btlr.sharethrough.com | tcp |
| US | 44.196.243.115:443 | reachms.bfmio.com | tcp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | udp |
| DE | 3.78.168.176:443 | tlx.3lift.com | tcp |
| IE | 63.35.111.236:443 | ap.lijit.com | tcp |
| US | 34.120.63.153:443 | prebid.media.net | udp |
| GB | 18.172.88.77:443 | live.primis.tech | udp |
| US | 104.16.208.203:443 | cm.nordvpn.com | udp |
| US | 104.16.208.203:443 | cm.nordvpn.com | udp |
| US | 104.27.206.92:443 | cf.whatismyip.com | udp |
| GB | 172.217.169.3:443 | id.google.com | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| US | 34.117.39.86:443 | api.whatismyip.com | udp |
| FR | 18.245.175.55:443 | global.proper.io | tcp |
| US | 104.27.207.92:443 | cf.whatismyip.com | udp |
| FR | 18.245.175.55:443 | global.proper.io | tcp |
| US | 13.107.246.65:443 | www.clarity.ms | tcp |
| GB | 216.58.204.78:443 | fundingchoicesmessages.google.com | udp |
| GB | 216.58.204.78:443 | fundingchoicesmessages.google.com | udp |
| FR | 18.244.28.66:443 | abcheck.proper.io | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| FR | 18.245.194.122:443 | c.amazon-adsystem.com | tcp |
| DE | 3.72.6.211:443 | btlr.sharethrough.com | tcp |
| US | 69.166.1.32:443 | apex.go.sonobi.com | tcp |
| US | 44.242.127.23:443 | bids.proper.io | tcp |
| FR | 3.165.113.74:443 | player.propervideo.io | tcp |
| DE | 91.228.74.244:443 | pixel.quantserve.com | tcp |
| US | 3.214.207.9:443 | cs-server-s2s.yellowblue.io | tcp |
| GB | 142.250.187.194:443 | pubads.g.doubleclick.net | udp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| FR | 172.234.57.28:443 | aps.zqtk.net | tcp |
| DK | 37.157.5.132:443 | cm.adform.net | tcp |
| US | 3.165.148.55:443 | video.primis.tech | udp |
| GB | 87.248.114.11:443 | ups.analytics.yahoo.com | tcp |
| FR | 51.178.195.213:443 | ssbsync-global.smartadserver.com | tcp |
| FR | 3.165.136.96:443 | sync-gdpr.intentiq.com | tcp |
| GB | 142.250.187.194:443 | pubads.g.doubleclick.net | udp |
| US | 44.236.223.253:443 | events.browsiprod.com | tcp |
| FR | 3.162.38.114:443 | yield-manager.browsiprod.com | tcp |
| GB | 142.250.179.225:443 | tpc.googlesyndication.com | udp |
| IE | 54.239.33.159:443 | aax-eu.amazon-adsystem.com | tcp |
| US | 68.183.31.191:443 | wserver.vidazoo.com | tcp |
| US | 34.238.18.166:443 | prod.us-east-1.cxm-bcn.publisher-services.amazon.dev | tcp |
| US | 8.8.8.8:53 | 244.74.228.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.207.214.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.148.165.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.136.165.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.195.178.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.223.236.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.33.239.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.31.183.68.in-addr.arpa | udp |
| GB | 216.58.212.193:443 | be6b639257c230621090932e7c80667c.safeframe.googlesyndication.com | tcp |
| DE | 51.89.9.251:443 | onetag-sys.com | tcp |
| US | 159.223.175.97:443 | bis6.vidazoo.com | tcp |
| DE | 141.95.33.120:443 | id5-sync.com | tcp |
| GB | 142.250.180.1:443 | ep2.adtrafficquality.google | udp |
| GB | 172.217.16.226:443 | securepubads.g.doubleclick.net | udp |
| FR | 5.135.209.96:443 | prg.smartadserver.com | tcp |
| US | 67.202.105.24:443 | ssc-cms.33across.com | tcp |
| MX | 192.178.56.35:443 | csi.gstatic.com | udp |
| IE | 54.239.33.159:443 | aax-eu.amazon-adsystem.com | tcp |
| MX | 192.178.56.35:443 | csi.gstatic.com | udp |
| FR | 52.84.180.29:443 | m.media-amazon.com | udp |
| DE | 141.95.33.120:443 | id5-sync.com | tcp |
| US | 172.64.149.180:443 | js-sec.indexww.com | tcp |
| DE | 162.19.138.120:443 | id5-sync.com | tcp |
| US | 69.166.1.32:443 | apex.go.sonobi.com | tcp |
| DE | 3.72.6.211:443 | btlr.sharethrough.com | tcp |
| FR | 163.5.194.34:443 | sync.a-mo.net | tcp |
| NL | 185.89.210.82:443 | ib.adnxs.com | tcp |
| NL | 69.173.156.148:443 | pixel.rubiconproject.com | tcp |
| US | 104.19.158.19:443 | assets.a-mo.net | tcp |
| US | 35.186.253.211:443 | rtb.openx.net | tcp |
| DK | 37.157.5.132:443 | cm.adform.net | tcp |
| FR | 51.178.195.213:443 | ssbsync-global.smartadserver.com | tcp |
| IE | 63.35.111.236:443 | ap.lijit.com | tcp |
| NL | 79.127.227.46:443 | id.rtb.mx | tcp |
| FR | 163.5.194.37:443 | sync.a-mo.net | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| NL | 46.228.164.11:443 | ad.turn.com | tcp |
| NL | 46.228.174.117:443 | sync.targeting.unrulymedia.com | tcp |
| US | 192.132.33.67:443 | bttrack.com | tcp |
| NL | 69.173.156.148:443 | pixel.rubiconproject.com | tcp |
| NL | 69.173.156.148:443 | pixel.rubiconproject.com | tcp |
| NL | 69.173.156.148:443 | pixel.rubiconproject.com | tcp |
| NL | 69.173.156.148:443 | pixel.rubiconproject.com | tcp |
| NL | 69.173.156.148:443 | pixel.rubiconproject.com | tcp |
| DK | 37.157.3.20:443 | c1.adform.net | tcp |
| US | 52.55.55.106:443 | sync.srv.stackadapt.com | tcp |
| DE | 37.252.172.123:443 | secure.adnxs.com | tcp |
| US | 35.244.174.68:443 | id.rlcdn.com | tcp |
| US | 54.92.246.50:443 | i.liadm.com | tcp |
| FR | 163.5.194.36:443 | sync.a-mo.net | tcp |
| NL | 69.173.156.148:443 | pixel.rubiconproject.com | tcp |
| GB | 18.172.88.77:443 | live.primis.tech | udp |
| NL | 46.228.174.117:443 | sync.targeting.unrulymedia.com | tcp |
| IE | 54.229.42.39:443 | ce.lijit.com | tcp |
| US | 34.149.50.64:443 | s.seedtag.com | tcp |
| FR | 185.255.84.152:443 | visitor.omnitagjs.com | tcp |
| DE | 18.184.206.66:443 | match.sharethrough.com | tcp |
| US | 4.153.129.168:443 | b.clarity.ms | tcp |
| DE | 18.159.85.125:443 | exchange.mediavine.com | tcp |
| FR | 52.222.169.6:443 | widget.sellwild.com | tcp |
| FR | 163.5.194.36:443 | sync.a-mo.net | tcp |
| GB | 142.250.200.42:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | 67.33.132.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.55.55.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.246.92.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.50.149.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.84.255.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.206.184.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.85.159.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.169.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.200.250.142.in-addr.arpa | udp |
| US | 161.35.253.186:443 | prebid.cootlogix.com | tcp |
| US | 161.35.253.186:443 | prebid.cootlogix.com | tcp |
| US | 161.35.253.186:443 | prebid.cootlogix.com | tcp |
| US | 69.166.1.32:443 | apex.go.sonobi.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| DE | 3.72.6.211:443 | btlr.sharethrough.com | tcp |
| DE | 79.127.216.47:443 | id.rtb.mx | tcp |
| NL | 185.89.208.11:443 | prebid.adnxs.com | tcp |
| GB | 185.64.190.84:443 | ow.pubmatic.com | tcp |
| GB | 172.217.169.3:443 | www.google.co.uk | udp |
| US | 4.153.129.168:443 | b.clarity.ms | tcp |
| FR | 163.5.194.30:443 | sync.a-mo.net | tcp |
| GB | 172.217.169.3:443 | www.google.co.uk | udp |
| FR | 163.5.194.30:443 | sync.a-mo.net | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 185.89.210.82:443 | ib.adnxs.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| DE | 51.89.9.251:443 | onetag-sys.com | tcp |
| US | 159.223.175.97:443 | bis6.vidazoo.com | tcp |
| NL | 89.149.193.113:443 | prg.smartadserver.com | tcp |
| GB | 172.217.16.226:443 | securepubads.g.doubleclick.net | udp |
| GB | 172.217.16.226:443 | securepubads.g.doubleclick.net | udp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| US | 34.120.63.153:443 | prebid.media.net | udp |
| US | 104.18.36.155:443 | ssum.casalemedia.com | udp |
| US | 89.187.176.167:443 | ssc.33across.com | tcp |
| US | 69.166.1.32:443 | apex.go.sonobi.com | tcp |
| US | 35.186.253.211:443 | rtb.openx.net | udp |
| DE | 3.72.6.211:443 | btlr.sharethrough.com | tcp |
| NL | 89.149.193.113:443 | prg.smartadserver.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 185.89.210.82:443 | ib.adnxs.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| DE | 51.89.9.251:443 | onetag-sys.com | tcp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | udp |
| GB | 216.58.201.110:443 | google.com | tcp |
| GB | 172.217.16.226:443 | securepubads.g.doubleclick.net | udp |
| GB | 142.250.179.225:443 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.226:443 | securepubads.g.doubleclick.net | udp |
| GB | 172.217.16.226:443 | securepubads.g.doubleclick.net | udp |
| US | 34.120.63.153:443 | prebid.media.net | udp |
| US | 69.166.1.32:443 | apex.go.sonobi.com | tcp |
| US | 161.35.253.186:443 | prebid.cootlogix.com | tcp |
| US | 161.35.253.186:443 | prebid.cootlogix.com | tcp |
| US | 161.35.253.186:443 | prebid.cootlogix.com | tcp |
| US | 161.35.253.186:443 | prebid.cootlogix.com | tcp |
| US | 161.35.253.186:443 | prebid.cootlogix.com | tcp |
| US | 161.35.253.186:443 | prebid.cootlogix.com | tcp |
| US | 8.8.8.8:53 | tlx.3lift.com | udp |
| US | 104.18.36.155:443 | ssum.casalemedia.com | udp |
| US | 8.8.8.8:53 | ssc.33across.com | udp |
| US | 8.8.8.8:53 | reachms.bfmio.com | udp |
| US | 8.8.8.8:53 | g2.gumgum.com | udp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| US | 35.186.253.211:443 | rtb.openx.net | udp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | udp |
| US | 79.127.243.242:443 | ssc.33across.com | tcp |
| DE | 3.72.78.234:443 | btlr.sharethrough.com | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| US | 4.153.129.168:443 | b.clarity.ms | tcp |
| GB | 172.217.169.3:443 | www.google.co.uk | udp |
| US | 79.127.243.242:443 | ssc.33across.com | tcp |
| US | 79.127.243.242:443 | ssc.33across.com | tcp |
| US | 79.127.243.242:443 | ssc.33across.com | tcp |
| US | 79.127.243.242:443 | ssc.33across.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 104.16.208.203:443 | cm.nordvpn.com | udp |
| GB | 172.217.169.3:443 | www.google.co.uk | udp |
Files
\??\pipe\crashpad_1424_BPKLIRRBOKFWUACM
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Temp\scoped_dir1424_1451532125\e194c10a-2ee3-451a-bc74-c877d697ad1f.tmp
| MD5 | da75bb05d10acc967eecaac040d3d733 |
| SHA1 | 95c08e067df713af8992db113f7e9aec84f17181 |
| SHA256 | 33ae9b8f06dc777bb1a65a6ba6c3f2a01b25cd1afc291426b46d1df27ea6e7e2 |
| SHA512 | 56533de53872f023809a20d1ea8532cdc2260d40b05c5a7012c8e61576ff092f006a197f759c92c6b8c429eeec4bb542073b491ddcfd5b22cd4ecbe1a8a7c6ef |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 1f16a57eaa30cc43c2e6fa6149e73434 |
| SHA1 | 149342500c585fd3a935a69c2681e5c35e7b7d60 |
| SHA256 | 921024c437b401c9b382fc69346ef3c90e0fd01ba4df76e1894b9841d3acc213 |
| SHA512 | fae998d86236c80e4833a01abb5b0b657688c7ac5abd5aec2cc1c28c1f36e193414b7ffb2544c295a41c11e7b5b81aa1ef341caebece80322e8e9afd2eb80740 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | fb64e276b6dd03c069b1141447eec6b0 |
| SHA1 | d87e937a386ce083242994adde74b054327e2505 |
| SHA256 | 18f57a945b4d195fa7cb175398dc936f93002cda8ebc66850b7f18186647333c |
| SHA512 | b8b602c528a15f30581ae0fdd4378d1f7cd91ce3a74bfbaefa31b728acff6fee156d8393ca25e66f093838960d8bea856f23e5fcc5c6b1833bbd245689014784 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\428dcf90-60fd-4cde-9c2d-511a19cbb4f8.tmp
| MD5 | c44490d8a3ff1d4eb7b264a15e33439c |
| SHA1 | e773b3b697ae92cc5dcaed54b903939d930b8c1b |
| SHA256 | 0b48cc9a5870c3d39bbbf97f74ded24daf256a63e9478be8bc1c6424a715e3cf |
| SHA512 | ae230d2298589b440aa6ebb1c7c30e813cbb7ddfc20c9bc85387eaacc27679c59f63aba6a7ed90186aa33a756298c705a742abd501e0c0f1640619e2e73afe80 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 633291c9d16c8b180442aee05c422263 |
| SHA1 | d19a265a4f0c885481bfa10dcf80f36e34e7ce00 |
| SHA256 | b81fe66ecf61794c0a62f612da2095129b331c6c75fb96cf9576417b64e4e47f |
| SHA512 | b994fd38ff282d28088e301aef3184b35f47d383a555f1b24c0e3b26e7080d679ba93d66a69c899ac52f8ad629dd1c2626e8479efcdac3ecec47da5deeaf125c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 48437e5eb99dec5501910620d592ad75 |
| SHA1 | 1bff507ea3a4c51fe3e438a08e8e717cb751a34e |
| SHA256 | 4bf2dd995c6b1f5202d0f5cd365306c33b219d091575448086c6f23bb04a2a12 |
| SHA512 | 838bfc05e12a99110f4009c71aedf3c5d2bcdedd3d60d019e1d1c8e1a35f4ea8535d901613fc74784acd4ceba0dfb24e4580fa4a6db85187f854609bb5e50beb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d38f3e26f48106dccce663eaac790b29 |
| SHA1 | 39880fe3f2d6f7b41ee264fd8df05c3dbd029b5a |
| SHA256 | 3c821429451f634a6df9c29bc4674a019373b863ea67d0e1d2b7e56863bde76c |
| SHA512 | ff00f87aa0d7bc9a8f950a954f800d1c4469f7713c0e76a6dfff0c3681058a078ea5d90aa4be23e0fd41745d3de58c334f6d9f3d06515c60e37df61d74eb3030 |
memory/1328-86-0x00000222EFCB0000-0x00000222EFCD2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_v2ixmam2.r0h.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/1328-95-0x00000222F01E0000-0x00000222F0226000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\01ee8850-5f54-4f4d-b92f-c6967e19b8da.down_data
| MD5 | 5683c0028832cae4ef93ca39c8ac5029 |
| SHA1 | 248755e4e1db552e0b6f8651b04ca6d1b31a86fb |
| SHA256 | 855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e |
| SHA512 | aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 9af9ac5149073734e6655f895501184c |
| SHA1 | 03902234535eafb35b3cc93023e110ce1db4d186 |
| SHA256 | df9d459f6f5d805f7d6e75faee1568160aeb4079cb31b2f1a43437c15f796e75 |
| SHA512 | c44e2c4055db9704b006f6ddc040e89b1ab9e3e9a2d498e4f80c6ef713382d3a736815cf1531d9ae8f948d7b32d19b346f50297d59b114f201c0d36e4d0d57a8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4ad4b60d887976be565c36824ea57478 |
| SHA1 | a9726e3320d9a14ed4e535033d3792f4c7b3079b |
| SHA256 | 39dcb163f70571e38f96a1d996a0b7763056b8e3d017457a4132d63713f9eed5 |
| SHA512 | 2a1d4d8d4ec6dcfccc7d329f1a1a7386735c15c48536035f525077365a7508dbd3baa3aaa299bf4fb22772e98d00e29ae9ba1281cc0a73d07a5c05f9f70d2998 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a77a3d9d247270e8a7bbfc92ac286995 |
| SHA1 | 0fa92d13df211ee07c5235ed7fce7dda9207b261 |
| SHA256 | 15e393c0c9798b933ad899b1f1d7094126c2067b28755319f3bec628bb51205b |
| SHA512 | 41c4966c4f4a46310e1c41341b5c6b4d85143ae75cbfc5edb247f96fba6a3aa48b4f783a23ed47c211b7924b284bd4aa24b77b107c23e594a35469a88256f45c |
memory/1328-132-0x00000222F0400000-0x00000222F05C2000-memory.dmp
C:\Windows\Temp\MAS_7faedfbd-33d9-4432-a020-e7f1421cbfc1.cmd
| MD5 | 18d2897d369dcccfbe3a830f3d9713d4 |
| SHA1 | 6e599542010a457ad00304ad2dfea1db22f08950 |
| SHA256 | f79caa2aa5db0f98031605bd138080f3d7b6a401150ba411c42c09c5956ef126 |
| SHA512 | 00015cbb6794e3f4fe81d1e9d84d8ad11ab614bfa5272c35e1c4db170ddd1369e42dd382af3e3892622660041bcf9fd6b2c0bc8787927d8467d39c4efff63e7f |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
| MD5 | e566632d8956997225be604d026c9b39 |
| SHA1 | 94a9aade75fffc63ed71404b630eca41d3ce130e |
| SHA256 | b7f66a3543488b08d8533f290eb5f2df7289531934e6db9c346714cfbf609cf0 |
| SHA512 | f244eb419eef0617cd585002e52c26120e57fcbadc37762c100712c55ff3c29b0f3991c2ffa8eefc4080d2a8dbfa01b188250ea440d631efed358e702cc3fecd |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
| MD5 | 5f4c933102a824f41e258078e34165a7 |
| SHA1 | d2f9e997b2465d3ae7d91dad8d99b77a2332b6ee |
| SHA256 | d69b7d84970cb04cd069299fd8aa9cef8394999588bead979104dc3cb743b4f2 |
| SHA512 | a7556b2be1a69dbc1f7ff4c1c25581a28cb885c7e1116632c535fee5facaa99067bcead8f02499980f1d999810157d0fc2f9e45c200dee7d379907ef98a6f034 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 8a9ce637f47cb4acdbef782b0c075292 |
| SHA1 | 61c4f0209f159fae19220a78c4428848c90d0e01 |
| SHA256 | fd949ff64bc93b6bcff447de4f7307dbd4cfb391faf81efe2a845f8349d9b10c |
| SHA512 | 6452ea5fff0d3139dd61de41cb37738a228bd13f7b039aa519acb8ab5f2084c10473415f0d3631a68829e81da3dc6018e37cff3618c48ae358c9a94fa91eb122 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 5a7997b9cd9a9e512ad671443f815627 |
| SHA1 | fb9ad246acd82f99e797297a58134a9d0f997ba4 |
| SHA256 | ca530245f940ad5023933109e6f32d2e3f9b3d79c460affa9ae3105305c073ae |
| SHA512 | 916efb6ce72ee2a6d0a65be247234ae3f05252fc4466ba8bb02b004087a35d3a586174d4fcac767346da35410fd67557900419e1b80174aa3f8d198737b96713 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 473b79b99c60e3035769c12334a2926f |
| SHA1 | f60d7700da1bd3e2798464c6530a8234acc32786 |
| SHA256 | 9451b0f71ce6633418886779391595de60467a96c0294ef0ac340206dcd1a858 |
| SHA512 | 89b975ddba1ad7455eac98a11271e0e79529d018372668f7aeef966134c5a08ac653a06b2eec85f037c61ef8e49818b78299f8d77eaa33c10b50c6403e1786f6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a569c389654e062a26fd285b3ff1ec6b |
| SHA1 | 0c8c32b77513d2aeb43b028edfb04e687396029d |
| SHA256 | 9847b63cd562284bfb2d606891ddaefef34fb2983b37cc8e20c6b10519d788f5 |
| SHA512 | acba65f13e1d4a3fdfc4b51663f5e416735f09a6e3df64e28bc9b1627a222db6e5383a60dcbe679a377002efd2bbcd7be87e3172a7099ce2d529ad581f96f748 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 2c89b9b7bd1ea74a5103682311e922f5 |
| SHA1 | 7d04398cb3e58748cd981ef1ab2ae3cd57a3d052 |
| SHA256 | f79afadc48255d9e46bd8f3cf5a8bad8fd5569230a68f3bdfdf10a7d8cf57ab9 |
| SHA512 | 5296f49434adbf25afebcf6c5416abf60311a9d8e8acedbc0deb4e8e683a3c95752da06c2ba667c3327108f6384ef1e96aa7851f9777e243f7549a857d30d2d5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 31795ba7bb11b6e5f9766e1de7d83779 |
| SHA1 | e1c8d8d3ed3218d7871be4eec3c48e9b1d4ef38d |
| SHA256 | 261ade92bf572ef079ae491d3ee3c722d34516376e005b32364e2dd74c640437 |
| SHA512 | 46b70c624cab8feef5d7a4cfb2979161e0292f9deb100075b0459b1f0a5eb38151a8d2d00e95bddef28149f2b4c420bd9744464f203f3e79b7e65377ffea1582 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a2786e5ca1b4bc3ae656a7aaf96d06fa |
| SHA1 | 6da601cac283055f2071f5c3babd9b3db53f9578 |
| SHA256 | a2d6fa5e1ddcc21e8078a501d8c4a7061425edbaf47776fbc6bda9db1464ebe9 |
| SHA512 | d0add5644824fb06a1357caca3796d611b7323ac024dfe8d3e8039fff5da7729d0563169d0e56435507761090893bab36d56386fe364da153310ac9507768424 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | efbdcb1e96c21b1fa3a8ee282decfaa7 |
| SHA1 | 4b29742350c7851853767013e11d09fb954063ac |
| SHA256 | a2f2f0033d120152c7f43db61e5867c538be686267424e37ebf1f81c2108c41f |
| SHA512 | 8e88e8ff7da00f85b2f2840a94eca8f75f425c8058a6cc86a1681784e5b0370369560a04320dc747602e3fefed9b5af750afef52bcc137944999c1c4f5e8a808 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | b61169c9edc1a98db544cef9bf2252e6 |
| SHA1 | 4403b93c1c9a645874148498d5f517b9612ae500 |
| SHA256 | 381e3cd06ab77d3c83c2289fc0507cf684ebc2b2c8ba978b5a148499b6c831d3 |
| SHA512 | 85f85ac0a6c442534b470df7088d3f358679cd934ce9b9f5f4c006dd7403ad4c20c29ade538970782670da519afbff7bdf1714910651d382fd6059405c6b3268 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | b9d6991ff53b9449c6309c88b29c8ecd |
| SHA1 | b216bee89e62e442573322614cc9ef4670847209 |
| SHA256 | f5d3c064817c82403567234b39eef76a84bea1c8201b7648bdd83ce5a7ffad15 |
| SHA512 | e634d699f9cf9f0c66c954058cba643e8e60bee950bf730677652c3066ce79bfa2d7b8e3de82c9d3d2e8035236fd7c756771a45da072c335611ff9d069f0c44f |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | e16230c01991373e9431ebee63505e40 |
| SHA1 | 352ff273303185e7fd3e1c7b8bdec40b5315b3c3 |
| SHA256 | 07632f6f4a596d9119a5c4fde348a9b6c001646849c2409937c42d45e5abc77d |
| SHA512 | 99f240645697825aefaa83d7928044475e5f7866370eedc9ed1dff7891725ec052d974c0a1bf5245367f29774c3694090b2b03f89c0d0270d8cf1eefb30fa034 |
memory/3420-257-0x0000023454050000-0x00000234541C6000-memory.dmp
memory/3420-258-0x00000234543E0000-0x00000234545EA000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5dc94771f074fc66ecaf24bb950dcb07 |
| SHA1 | 90c9a6e324af174c3160a54721b9b4765ccbc876 |
| SHA256 | 00b557abce48e9dde431cb11d5dfd2715fc12f577e4562c9dbf51b4fcc0869d4 |
| SHA512 | 89f01f6b6037b8e21b5fc8edf4840ec25cff33150356055c81aec60d3fa879df372654852a8ad74d785aac95f346cede782ea7bc1de6661a17bf12050cf9de68 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | a234e5a3d3b33dc215ba6cb8a633ccb9 |
| SHA1 | e28da8d6f6a159d6320ed80e6ce56c42499f0c80 |
| SHA256 | 47ea060ca03c816fb95cc64838442bcc5b0288eea663f093b09f1fed0c139102 |
| SHA512 | 9715bdf9b6623e15c98b1b7224ce8f16e1038f1de149caa182f8c3dbccdd2c685dba6fb9b0e425447fac88556edd11e1c574cd9de5314f782aee4687972e78b9 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 8df572a0817133b4466d3e8a290a90ef |
| SHA1 | fa72d850ffc8c58d0029177d712209b51060d395 |
| SHA256 | 1dae22de933a5c5deae232e37eb094478ee623d2d21d70937eee35527e2fb708 |
| SHA512 | e3f5032856f285b7c3a474a6fb88aff157967537f8a173bd300b6e0caca113633470af4e2fb145557efad7d42751f08fa5e4c8952a47c7333f8e83e98736535f |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 4ff61168764e8d61420df03058f20397 |
| SHA1 | 50fa0cf7645fbfca7d04854aec3c449d0a6ecf5c |
| SHA256 | 58c5418788096c4b56e73782496175326565909923cc68e23868286c040b91b4 |
| SHA512 | 26c02fa0c149fe7825138d1f90fdfda58332a12ed6a2054b90da0fb9a585213b63e6c1982e12c1b557b2bb6ac500d01cd1f647ba5b6759a94c43bd65c62a3e82 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 41e5e27d5dd0bb8f89d1101e2fd04f23 |
| SHA1 | 08d3ddf3ed53ffd507fe562d6bf57114213444ec |
| SHA256 | df6221e3e7a9f17d313f70f83ec0633ace6bbedc1e6ff6a8c39c71e22dbb8378 |
| SHA512 | 20819b915d463bfb5429f240cd83ffb20a4a89ffcc40ca236ffedd2dfa5547dbfdc89e1251d91f9c04d662563a7fb7847481132a3f0a9742e757401907b2aca4 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | f9a3fed7674532a6c437cdc562e2cd98 |
| SHA1 | 1afde1020a74c82a995f3ac3fe1ca107b6b926e9 |
| SHA256 | 0cac778b1788102322d0a6c6b84b4bba8de3b3a4b88d6b883ac0e76d066cf6b7 |
| SHA512 | 883d60352705353ca410f46da9857b22ec9b4bca947a156efffa9c812a3faabb66e795e9dbb0947b76dfb9ad9c12a0975c541df96dedc510c29a789505660d0b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 2ed3e93c5ea3cd1214104c7be0e3b5e5 |
| SHA1 | cb1ac632d617f7386fed7c02c4c9803f2e57619a |
| SHA256 | 7c67401d7bacb6154e748233412b4b9331c54eef286a5ea506b1b297faef2461 |
| SHA512 | 4779ab2c814c7b2aa9f204ecbfae1f6d19f1891b5cd9507fc754f5fec12d75e17e2d68c1a3f36ad75217f40c7383bd75cf9f96718a235f6e4b3a2ca7f61155ef |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | adb872a12e371f2404cff901071b9a8a |
| SHA1 | 66f36bf6b6ae95b0087f7d1c8d5190d300126e26 |
| SHA256 | da1c5782779a447f967fda6305e906c24a9c7caa2d0cc8c5e1a6c4f14aae7022 |
| SHA512 | 6119bf9000764b6e502ef69019dc49a2d04980b8dc7199dc95dc94b6811603b645a0211fcbfafaf4226ce2b2d757c25987d96c9a83fc1cd7dc991670a309bab6 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | bf75ed68cdedc78a21d970fd42bfe675 |
| SHA1 | 8a63bb6befbe1f3aa995c44b76c9135f1609f6c0 |
| SHA256 | a164d5b76e95adc84156fa9bfca60e9f07fc07145153d2928a77c195e3c629db |
| SHA512 | 3f2db4bbd63316ea9f14f1c305b615af681855ae702561920bdc748239e2baf5142b8f7023abcc6e05c3da9a2e549441d9804fe60622f53f1ed2862b79f73b0d |
C:\ProgramData\Microsoft\Windows\ClipSVC\GenuineTicket\GenuineTicket
| MD5 | 67a8abe602fd21c5683962fa75f8c9fd |
| SHA1 | e296942da1d2b56452e05ae7f753cd176d488ea8 |
| SHA256 | 1d19fed36f7d678ae2b2254a5eef240e6b6b9630e5696d0f9efb8b744c60e411 |
| SHA512 | 70b0b27a2b89f5f771467ac24e92b6cc927f3fdc10d8cb381528b2e08f2a5a3e8c25183f20233b44b71b54ce910349c279013c6a404a1a95b3cc6b8922ab9fc6 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | b6c336e3b3cb2cd04d42baac1aa4aa0d |
| SHA1 | 35a943816f3e9cd596e91be92c4bdb1b05a42d88 |
| SHA256 | 4518fb6ffb3f70be78cb243cac94fcf74d9c58d2e7bd8c510ebe696d3f81cb60 |
| SHA512 | 42c4a8f07051ac7c00014ddaa0b0db50bdbcb49a30ae96803e37f3a566c100932367e0a50baead881509ae4a4d49c769513626c5015fe0a02d1d3ae22ca759f4 |
memory/3636-381-0x00000298B4B20000-0x00000298B4B30000-memory.dmp
memory/3636-382-0x00000298B4B20000-0x00000298B4B30000-memory.dmp
memory/5092-384-0x0000028D32C10000-0x0000028D32C20000-memory.dmp
memory/5092-383-0x0000028D32C10000-0x0000028D32C20000-memory.dmp
memory/5092-388-0x0000028D32C10000-0x0000028D32C20000-memory.dmp
memory/3636-390-0x00000298B4B20000-0x00000298B4B30000-memory.dmp
C:\Windows\SystemTemp\temC005.tmp
| MD5 | b13af738aa8be55154b2752979d76827 |
| SHA1 | 64a5f927720af02a367c105c65c1f5da639b7a93 |
| SHA256 | 663ef05eb1c17b68e752a2d1e2dcd0eaa024e4c2ec88a7bc99a59e0aeabdf79b |
| SHA512 | cb774f2729ce6b5cda325417fbad93e952b447fa2e9285375c26eb0fbdb7f4f8b644b1007038caafd6d8ba4efb3cc8c5da307c14e12be3454103d52848a029a4 |
memory/1688-398-0x0000021AA9F20000-0x0000021AA9F30000-memory.dmp
memory/1688-397-0x0000021AA9F20000-0x0000021AA9F30000-memory.dmp
memory/668-400-0x000001EB043D0000-0x000001EB043E0000-memory.dmp
memory/668-399-0x000001EB043D0000-0x000001EB043E0000-memory.dmp
memory/668-404-0x000001EB043D0000-0x000001EB043E0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\temC758.tmp
| MD5 | 6b66b9430f41f128c1819c1e2d70a896 |
| SHA1 | 5b305c83c14521dc33d394a38abdeb8f85d52a3f |
| SHA256 | 6c2326e6d50981ea6499aedb5dde2ae26bc307f984faee51833a0b0d78c4f7e7 |
| SHA512 | e9f2341a17746d4ba99a2041dffb0b82b5b88255aa6a5a60337c2fc696cf5d828c3efaa722cbcfa08f5464a1d97c9d0aaea7eb9ef43a5cb2a15668b3bb3c6558 |
memory/1688-406-0x0000021AA9F20000-0x0000021AA9F30000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 8763501687bb4a9fe9c1e5cf46300f51 |
| SHA1 | 707ffedee9090e87f84cecbdfb2e56301369575d |
| SHA256 | 6c48610e3f917711bb88c066f6cdcfee4a7bf6aaa46f07c614bae0bb964ae848 |
| SHA512 | 68e95316361fd88c665c0561a222e1e9c1580f90ddd545d5e72cda892413bd010195dde0804a3585785aed7a48cbcadf64b62e42b87535d3bef36497c559b0f2 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 1e84b6b878dfc86f8ed59df71a52e495 |
| SHA1 | 5b17b7db1fb8062ce94420e6de4d7e58c0ea6232 |
| SHA256 | 3d382407f7e012bd850e70e312a74cec62a5e43c84e8acbaf54382f49caa0f06 |
| SHA512 | 666e28cbca1d5b70cf179ee98acfb1bd1e514c62afa539fa279b5b412f208cbe2e5c91ed98228bcd27bfd5d129b0f3845371583410a0ad1384e44ea3ad184b17 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8bc1854e6797529e6d307ade42f3ad9a |
| SHA1 | 403fd3dcb0ed04e80fd37fe76d0c0556a76a3a9d |
| SHA256 | 46d3c9dbaec5a9a2ffee91e59aa10b532f417cfd2400989809dc68918a670efe |
| SHA512 | f67bf3829b712f0f90a2e441992e7811151beb1ca29ab3939302d73bdc3e20c84276c14681b8b56cc8345c88f03ae51fe0f4f8c2d685bc051cfc5286b0da1eda |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 57abf6ca512e43fe186ce419abf9f81b |
| SHA1 | a47f75b5de71a260f1d68919b9ed9f2e0145720e |
| SHA256 | 02fce44a7208321dd023124e7041c26f36777a1c562043bc97de999ae94dab8b |
| SHA512 | f47bbc731651b03d6cab59c0aab7a93ffb99731c21f8dc31df4f534304e40ba5101b82419dc4c3127458b1f13f0b053124e943bb5f3ba55732482ee7d0755a47 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1
| MD5 | d56ec83037d9230c7b3ed19c1a2dd3ea |
| SHA1 | 35e112ad019e333c01e374ed4b34b56435990bd7 |
| SHA256 | f91c24bb3a54565c8338526885ab5944503c8e5e0d02e920b640fbb843872c18 |
| SHA512 | 4a8ac9cfb32df89fe16f8730df5b994b94c066504f22c2fd5cee97bc41358f76d1c10eebd7e2fb445bcab93952ae525062c3cb3c576236bdd9d65b888ec81adb |
C:\Users\Admin\AppData\Local\Temp\BA2549D1-BB80-48DB-953B-5AA600DAFFD9\DismHost.exe
| MD5 | 17275206102d1cf6f17346fd73300030 |
| SHA1 | bbec93f6fb2ae56c705efd6e58d6b3cc68bf1166 |
| SHA256 | dead0ebd5b5bf5d4b0e68ba975e9a70f98820e85d056b0a6b3775fc4df4da0f6 |
| SHA512 | ce14a4f95328bb9ce437c5d79084e9d647cb89b66cde86a540b200b1667edc76aa27a36061b6e2ceccecb70b9a011b4bd54040e2a480b8546888ba5cc84a01b3 |
C:\Users\Admin\AppData\Local\Temp\BA2549D1-BB80-48DB-953B-5AA600DAFFD9\DismCorePS.dll
| MD5 | 7f751738de9ac0f2544b2722f3a19eb0 |
| SHA1 | 7187c57cd1bd378ef73ba9ad686a758b892c89dc |
| SHA256 | db995f4f55d8654fc1245da0df9d1d9d52b02d75131bc3bce501b141888232fc |
| SHA512 | 0891c2dedb420e10d8528996bc9202c9f5f96a855997f71b73023448867d7d03abee4a9a7e2e19ebe2811e7d09497bce1ea4e9097fcb810481af10860ff43dfb |
C:\Users\Admin\AppData\Local\Temp\BA2549D1-BB80-48DB-953B-5AA600DAFFD9\dismprov.dll
| MD5 | 2ac64cc617d144ae4f37677b5cdbb9b6 |
| SHA1 | 13fe83d7489d302de9ccefbf02c7737e7f9442f9 |
| SHA256 | 006464f42a487ab765e1e97cf2d15bfa7db76752946de52ff7e518bc5bbb9a44 |
| SHA512 | acdb2c9727f53889aa4f1ca519e1991a5d9f08ef161fb6680265804c99487386ca6207d0a22f6c3e02f34eaeb5ded076655ee3f6b4b4e1f5fab5555d73addfd7 |
C:\Users\Admin\AppData\Local\Temp\BA2549D1-BB80-48DB-953B-5AA600DAFFD9\OSProvider.dll
| MD5 | e9833a54c1a1bfdab3e5189f3f740ff9 |
| SHA1 | ffb999c781161d9a694a841728995fda5b6da6d3 |
| SHA256 | ec137f9caebcea735a9386112cf68f78b92b6a5a38008ce6415485f565e5cf85 |
| SHA512 | 0b18932b24c0257c80225c99be70c5125d2207f9b92681fd623870e7a62599a18fa46bcb5f2b4b01889be73aeb084e1b7e00a4968c699c7fdb3c083ef17a49f9 |
C:\Users\Admin\AppData\Local\Temp\BA2549D1-BB80-48DB-953B-5AA600DAFFD9\LogProvider.dll
| MD5 | c63f6b6d4498f2ec95de15645c48e086 |
| SHA1 | 29f71180feed44f023da9b119ba112f2e23e6a10 |
| SHA256 | 56aca41c62c8d0d1b26db3a01ef6c2da4a6a51fc963eb28411f8f7f029f1bfde |
| SHA512 | 3a634340d8c66cbc1bef19f701d8bdb034449c28afecce4e8744d18181a20f85a17af3b66c8853cecb8be53f69ae73f85b70e45deac29debab084a25eb3c69dc |
C:\Windows\Logs\DISM\dism.log
| MD5 | 38aa5f20c6e6b0dac4ee531f80230acd |
| SHA1 | 49734c0fca522000f9258cd3c04fd606d4ecbc07 |
| SHA256 | 76562d10270cde5c63526b27fbd8fae6e0eef43a94a3b91b87b1a2460c3d5369 |
| SHA512 | 64ac18c55e7b285fa669729aa191d4fd1b1082e819d3049bf0231151b5777408a79bb5c37625f132bd19016acdd64078b259b1631609e4ffe3ab1f2b669207e9 |
C:\Users\Admin\AppData\Local\Temp\BA2549D1-BB80-48DB-953B-5AA600DAFFD9\TransmogProvider.dll
| MD5 | c1c56a9c6ea636dbca49cfcc45a188c3 |
| SHA1 | d852e49978a08e662804bf3d7ec93d8f6401a174 |
| SHA256 | b20b3eb2df22998fd7f9ff6898ba707d6b8833a8274719a5e09d5148d868faaf |
| SHA512 | f6db05e4644d734f81c2461e4ad49c4e81880c9e4beee13dbbda923360ef6cf4821fccd9040671b86ab2cd8c85fc313c951c1a69e4df14d94268753ce7ae5b2e |
C:\Users\Admin\AppData\Local\Temp\BA2549D1-BB80-48DB-953B-5AA600DAFFD9\ServicingCommon.dll
| MD5 | 07231bdae9d15bfca7d97f571de3a521 |
| SHA1 | 04aec0f1afcf7732bc4cd1f7aab36e460c325ba6 |
| SHA256 | be75afbbc30cad7235adf03dcc07fcee3c0c330c89b00e326ebbef2e57df5935 |
| SHA512 | 2a46e0657e84481faf5c9d3de410884cb5c6e7b35039f5be04183cdac6c088cc42b12d0097e27836af14699e7815d794ca1cec80960833ab093b8dc6d44e2129 |
C:\Users\Admin\AppData\Local\Temp\BA2549D1-BB80-48DB-953B-5AA600DAFFD9\ImagingProvider.dll
| MD5 | 4c6d681704e3070df2a9d3f42d3a58a2 |
| SHA1 | a9f6286ac25f17b6b2acd1fce6459b0bc94c6c81 |
| SHA256 | f1bbab35b2602d04d096c8de060b2a5cf802499a937fd1ffe749ff7f54852137 |
| SHA512 | daa0c723312680256c24457162e0ef026b753ba267f3e2755f838e2864a163802c078d8668dd2c2064cb8887f4e382a73d6402a5533b6ac5c3cbf662ad83db86 |
C:\Users\Admin\AppData\Local\Temp\BA2549D1-BB80-48DB-953B-5AA600DAFFD9\Ffuprovider.dll
| MD5 | a41b0e08419de4d9874893b813dccb5c |
| SHA1 | 2390e00f2c2bc9779e99a669193666688064ea77 |
| SHA256 | 57ce7761531058f3c4289b1240bea6dc06355c9c4b4e88b9c9c0df8012edc5b3 |
| SHA512 | bd370e49da266148d50144c621f6415bdd5358e6274b1d471b8d4ee1888d93774331c3f75e6cb99782f1c8e772981cbc5a4baf5592c6400f340407dc670e547a |
C:\Users\Admin\AppData\Local\Temp\BA2549D1-BB80-48DB-953B-5AA600DAFFD9\EdgeProvider.dll
| MD5 | c22cc16103ee51ba59b765c6b449bddb |
| SHA1 | b0683f837e1e44c46c9a050e0a3753893ece24ad |
| SHA256 | eb68c7d48f78b46933acba617cf3b5fcb5b8695c8a29295a9fa075f36910825b |
| SHA512 | 2c382aaddeca4efda63162584c4a2338ffcc1f4828362ce7e927e0b39c470f1f66a7933ae2210d63afb5a2ae25412266fde2ee6bdb896c3c030bdc08b67ec54e |
C:\Users\Admin\AppData\Local\Temp\BA2549D1-BB80-48DB-953B-5AA600DAFFD9\UnattendProvider.dll
| MD5 | 7c61284580a6bc4a4c9c92a39bd9ea08 |
| SHA1 | 4579294e3f3b6c03b03b15c249b9cac66e730d2a |
| SHA256 | 3665872e68264bbf3827c2bf0cfa60124ea1d87912728f2fc3685dce32855cb8 |
| SHA512 | b30b89d0d5e065042811d6ff397d226877ff698aeb1153681692aedabe3730e2f3746ad9d70e3120e336552bab880644f9ead0c91a451197a8f0977a2126a0fe |
C:\Users\Admin\AppData\Local\Temp\BA2549D1-BB80-48DB-953B-5AA600DAFFD9\OfflineSetupProvider.dll
| MD5 | 3437087e6819614a8d54c9bc59a23139 |
| SHA1 | ae84efe44b02bacdb9da876e18715100a18362be |
| SHA256 | 8b247665218f5151f0d19f59ea902a7c28f745d67a5d51b63b77242ffb4bdd74 |
| SHA512 | 018e88f6c121dd4ecaceb44794e2fa7a44b52ddb22e7a5a30a332905e02065cbc1d1dcddc197676277b22f741195c1b7c4c185d328b096b6560b84e9749d6dde |
C:\Users\Admin\AppData\Local\Temp\BA2549D1-BB80-48DB-953B-5AA600DAFFD9\WimProvider.dll
| MD5 | bcf8735528bb89555fc687b1ed358844 |
| SHA1 | 5ef5b24631d2f447c58b0973f61cb02118ae4adc |
| SHA256 | 78b742deddee8305ea06d77f296ad9fe0f4b4a27d71b34dcdff8ae199364790c |
| SHA512 | 8b2be4e9a4334a5fc7f7c58579c20974c9194b771f7a872fd8e411d79f45fc5b7657df4c57ad11acb915d5ea5d1f0583c8a981b2c05104e3303b3ee1469b93f5 |
C:\Users\Admin\AppData\Local\Temp\BA2549D1-BB80-48DB-953B-5AA600DAFFD9\ProvProvider.dll
| MD5 | 2ef388f7769205ca319630dd328dcef1 |
| SHA1 | 6dc9ed84e72af4d3e7793c07cfb244626470f3b6 |
| SHA256 | 4915b0c9cd8dc8a29dd649739974d244f9105dc58725f1da0d592af3b546e2bf |
| SHA512 | b465917424dd98125d080c135c7e222a9485ed7ec89004f9a70e335b800e5b9419fbc932c8069bae9ff126494174cf48e2790030dd22aa2d75b7b9d8ccff752b |
C:\Users\Admin\AppData\Local\Temp\BA2549D1-BB80-48DB-953B-5AA600DAFFD9\Vhdprovider.dll
| MD5 | 8a655555544b2915b5d8676cbf3d77ab |
| SHA1 | 5a7529f8a6d50d3f4e13b2e3a0585f08eb0511a2 |
| SHA256 | d3a2dd7d47bfbb3897b927d1b7230b5b12e5fd7315d687458de15fbb08fb7e27 |
| SHA512 | c6da649ae3c3688065b37bccfb5525ade25ba7bc3b163ad7d61f3b3d1c4957c8fd6c9f2bf23b0dbc4fffe32e980acb5a5d3895b8a012c5ed086e3e38caee2e93 |
C:\Windows\Logs\DISM\dism.log
| MD5 | 39fea68b2ef2dad7d170c2651e2e9228 |
| SHA1 | 79d281de2a1517ad781545a15d65618067b88909 |
| SHA256 | 119d14c146c1755c9c1618d1b8026b4dde0ee00a831c88ca6174d2aad492fff6 |
| SHA512 | 21b12798adba1132237edcdd8393b8791dd409e029f31e648c9c193850bade9878f1af5c915fb02c0c3c642b96471cb8b7eb6ce951068c484f543ad806e6d5f6 |
memory/3708-1281-0x0000019DB6130000-0x0000019DB6156000-memory.dmp
memory/3708-1280-0x0000019D9D7F0000-0x0000019D9D7FA000-memory.dmp
memory/3708-1279-0x0000019DB60A0000-0x0000019DB60BC000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 02a4b762e84a74f9ee8a7d8ddd34fedb |
| SHA1 | 4a870e3bd7fd56235062789d780610f95e3b8785 |
| SHA256 | 366e497233268d7cdf699242e4b2c7ecc1999d0a84e12744f5af2b638e9d86da |
| SHA512 | 19028c45f2e05a0cb32865a2554513c1536bf9da63512ff4e964c94a3e171f373493c7787d2d2a6df8012648bbefab63a9de924f119c50c39c727cf81bdc659f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0291e93d-5e8a-42ca-bdd0-74837f2758a9.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 826c7cac03e3ae47bfe2a7e50281605e |
| SHA1 | 100fbea3e078edec43db48c3312fbbf83f11fca0 |
| SHA256 | 239b1d7cc6f76e1d1832b0587664f114f38a21539cb8548e25626ed5053ea2ab |
| SHA512 | a82f3c817a6460fd8907a4ac6ab37c2129fb5466707edcfb565c255680d7f7212a5669fe2a42976150f16e4e549ea8310078f22ed35514ee1b7b45b46d8cc96e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2bef0052b33414424f380aa39a1d1989 |
| SHA1 | d676a8bc5f804b77b010ae21ad30067251d5f79b |
| SHA256 | 92af44067157e4d90c57eaa8aa6cbf5a680edb7d7fa3c47a2a50bba25d27e58b |
| SHA512 | 4803847bc83ed8e3a0a19f7a30405bd4bafa9e5d2bb15cd11f10b9e74b9fb83d9956bfec1b9ae5093dac5a84ad60114275808ab1669cdd76cb24f93b336a81be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3fc4689ada1e5dd24e4d5f9224c54300 |
| SHA1 | 4765296779b2ce258e4043b7a65a84c9ff076c08 |
| SHA256 | 47b1fa930d2368630628845546015569ab07560d2a1f18cb6903635769f414ed |
| SHA512 | 1709798fc47ae4f252f195b75da7d6e3d1ab93c8dbc2661e6c63aaf2c8cab66c9bc70ad1d01d766fc260e8a8d6e0700a612cdb99f82b0b1d0d6673b0a15b063b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 05f80a840e35e61a05832b33d8552a1e |
| SHA1 | 9eea718d08883bcf229a03d865752ff2f81c64e3 |
| SHA256 | 0693f5bbaa02c336bbbb5404f7765fbb71177b00506196b790c5e4e4d110da42 |
| SHA512 | 25c48740f5517df4081247f11870c8ab745099db2b46f8541f3dd105edd39361ef1d5ef20a1f01beea8954b2075793c8a6ef448f781b1e406656b78f5336547e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b6e1551464141c18f085ff4a6e8bee15 |
| SHA1 | 039ec443e400a75a6f791d51696bf1ec56648533 |
| SHA256 | 1d629cfdc32cef3569df88266e333eeb6b47e15c5db110ec1ea9481692024806 |
| SHA512 | a0f121e700b48518d1a33f1e8f81ab51af903c28aebe38c9f65b5799bc34a4d30523606a262b0dda9b7cb0cb5b497920abe5417ec2af456ba91220b0b044b03d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | cc1db319db6494c9f2f5781ea54ef3e6 |
| SHA1 | c013d78e636f104fdc81e2777ee4f35aed65aff6 |
| SHA256 | 5bfafa93c8e62743f5f4cfe7989cd183504ecc5de4bd36cb8b4308205637858c |
| SHA512 | daf7e6fa5babbcc649af0bc3e44fc9a7d87c7a9c9d99a49e004401aaac612163903882a80b732c7e35938cf78abfc5499507c36a33f4a37035f9ec0ed79ac10e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 86235b5a657c7552bc3756e084e5e446 |
| SHA1 | e1eab22f8110f03152c78e03fa19347b417507e4 |
| SHA256 | 1b850c834606bdc26fa5ec11f0b132231655cf1db24a8bc6e71a98346b3b0d33 |
| SHA512 | a4ecf9d08a29cb372148beff4e4ece969b5a78713d5e36750231862658a5d0f4287cebf1ab67f74d0459f00f95ffed3961762d4fb603462e41d191616e7517eb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 01451050468e94373d45a5808a86d6a5 |
| SHA1 | adfe94988a7fb026776d5ed95a8199536a9da911 |
| SHA256 | 30ec92905e2705875ee6668c761f9f0fb4b5e1e67af42fdec513f847b4dfe229 |
| SHA512 | 44a3230da39bfcbd2ddc5de94cdbd97c6249b65720f6f8b2515a3dc4ce142220b0758e8dc490451323569bbf9090fee97157493aa08d8329d7b123c82cdae12f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ba91cd4ddf8e3d35841d63d76f9273e4 |
| SHA1 | 73cbf563839184985f8d8744dcb5d08812afaebf |
| SHA256 | 3e18910ebfc4a2c0abaafa593b2184147bcdbdc0aa4f3a92cd72323c0834d411 |
| SHA512 | 406f14baa7859804d0aef20fc70bdd450b961898de0243d7924460634d9e91b8960a1883c4c956aa7686bd87146d4c155e70c69c2bbca5d43dc1c3fe2fb6722b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fe8304596858c3e839c02481d6546259 |
| SHA1 | dd0d686da46f3bb0c9945d3e69bb3182c88d6d7c |
| SHA256 | 03ba521a9d5c0f0351d64c9ed393f59b72ff339717409d6663bda0fe9b5210f5 |
| SHA512 | fa107ffa198dcd101065596b1d17f18f0b9612a691d6427a0cb7f27665a45cda8eb11672d4e8d3120e752b75e6fa5bd91c00f85eb49616beb28d99c564f44643 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c4d3f1278d890f7e9e9f4214319c73e0 |
| SHA1 | c0320b0733f838c3b5592d050e29711d7ca431b6 |
| SHA256 | ba6af667b4f548dda26087dbb447e9e8d90f1a16e7d859b396f9c9bea44242c4 |
| SHA512 | acb649008557b3173ff108a03d2175c806218533c3e885032e3e6d88ce04e25a4a76e2c161af348405bb651276a8a407b2c9ffff83f1548e4a6bbaed17e16856 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 13a6af0d3b2ef210995717a9fa1d3820 |
| SHA1 | 3b8ca7d2dc19bca101636dad0b3941716095d64d |
| SHA256 | f3cfa6bbe1860dfc8a2a90cedc9f8d8dce121c559a0041fdf25363117b38f2e9 |
| SHA512 | af6125ed08a9e9a9a0607ca8c3809541c9e79d75624768112a078b3f17ecf6d540ee8197e641343dfe07556b8266554d1a598d00728516dd85a3b573fac4faeb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | fd221380f1161fb70c9a0c6bc8375645 |
| SHA1 | 3a5dae65f7913fdc7326b2113c4cfd127fee29ff |
| SHA256 | 1c2e43efc6fa17d44ccbf973b255cfb263aa72e05250ad30f7926157d6806aba |
| SHA512 | c5b0738dbb5adb16882f6b36194732fcf2372af558d9ca782f463524026b8c35a32306be2518e8b2a55a232fda1fe5875e009a1ca6d46d99146a383778b590e4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | 79e90b79849ab24f7077995c4e45f1d5 |
| SHA1 | 3dae744f25bcaa1b690d61b789a8b1e58a790953 |
| SHA256 | 3d2a7a2b6c89618f30d26fd5dac9ff7d52d6cf1d3651fd7aaa1d1229464b1507 |
| SHA512 | 6169379e245102bc4b1ff74bc2c7cf356f24fdef55e5f3f8a7323da36f6ca92f1ec38bf230cacecc89c33e12e1b201de417a570a998f31cb281bed3ae8f8deb1 |
C:\Users\Admin\AppData\Local\Temp\scoped_dir2772_288494346\CRX_INSTALL\manifest.json
| MD5 | 2d15a6576d5d85222f9f367c286205d5 |
| SHA1 | a51fccba42570f45a57b3e3951da75eb553eeb81 |
| SHA256 | 31e923ef15ac783399d5a4ca5c67e96342cf7f18437843e2a3f55b551c6dbce6 |
| SHA512 | 92217626f79111b1329a3c91ac4923354aa8fc31fd7ba7428a256e9acb35825d6ea28fde02b4ae44914adf359b3dd11d16f274040dd8e675f2aba66139b52661 |
C:\Users\Admin\AppData\Local\Temp\scoped_dir2772_288494346\CRX_INSTALL\_locales\en_CA\messages.json
| MD5 | 558659936250e03cc14b60ebf648aa09 |
| SHA1 | 32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825 |
| SHA256 | 2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b |
| SHA512 | 1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\dasherSettingSchema.json
| MD5 | 4ec1df2da46182103d2ffc3b92d20ca5 |
| SHA1 | fb9d1ba3710cf31a87165317c6edc110e98994ce |
| SHA256 | 6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6 |
| SHA512 | 939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\_locales\en_CA\messages.json
| MD5 | 07ffbe5f24ca348723ff8c6c488abfb8 |
| SHA1 | 6dc2851e39b2ee38f88cf5c35a90171dbea5b690 |
| SHA256 | 6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c |
| SHA512 | 7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | ea6f2764dc7249e222c04e3a90f6811f |
| SHA1 | 2c361f8f93bc279182e683da75a0aa7930633088 |
| SHA256 | 0c382208d22f3c15e0452c2f891cab74abd6b0bb936c5d03929c65d550319c37 |
| SHA512 | 95cd79c1932c19a791d8a5692c2604f156fcf8ffd091ed69979a1e5cfa8c4ee2956b2af1c064991f778f88a8e8751474313d340f2f2898d8483165656727da0a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7f954459f84b3c92d3e71bdf8d0df094 |
| SHA1 | 5247b2ba0233b5c0beeb88af9310b09b922e146c |
| SHA256 | 6653e795673d0da3f0751711673f749e1a195721579c1390f3bc7d6193632e7f |
| SHA512 | eca90c4c44074da0542f7b5ab4c78a5448a3ea2d39c7d5d7f670dcfed6dafdde9ca7ec2fc2116a0bb94b59c20cba5eaa053a9789c7135b1df9d9c758934a3419 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | dbe74add18c97d938adc89fda801991f |
| SHA1 | bd2db054387be26b86310e402d597095b17534e3 |
| SHA256 | f4335287747e90c48fb6c9859c7eaabc05d1530b74428a0aeea3ba078236e77f |
| SHA512 | 81cfda8902b848d2e2b8adebaffa140bb5bb23305c92b0aa7c7b1397793191bf22f66a623be40c9da2e65ebc575ce6c7009dde85a51f71916aacc773806380ad |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 596958fdf8e4274b5a7b357ba777344c |
| SHA1 | 3df8a6e0afbfe14505847026cd14e3b6c49030aa |
| SHA256 | ede5839fab2a7c66fb553d88f379dd2ac1e743badf4e725034ea9ed7acaf536e |
| SHA512 | d21c42c4d4fe2279392831abe5ae64c1856569b9206e0429e337ef4af668fb9b09f82f2ba5d99d3b245c5ab16e5695d91078ba89c13fd690ba0f6dbba30dbce1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b27c1f843bd8b66f9a682d2af3315a31 |
| SHA1 | de6c06543f934a721237627323da62fff554fbca |
| SHA256 | e735b8207361ed9bdf6eae699e991bfc242e6eba7d468a7be2e7c38232840f33 |
| SHA512 | 64e2c2ebed5c4aba79e32c2bc1cf3eb2e18f53bd5f1c82c848ceeeaab5533d3b2d2c36ab9f95c548c48e740dd69e5e97e3e6a9f5c44ed19d281884fd7133a82c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c01ee4135cc3f61b3e7832490ac953c3 |
| SHA1 | 8106be84012235ccd5db914adcd5a477e5f2fbe9 |
| SHA256 | 42530220a30658c872fca637a7bd62dd0f56f37a5bf608673cc86fcd2d6e812b |
| SHA512 | 75b276597f1304f72b52d4b85c30ac6bf00f50b4194f76515eb3061a904fc1664bdbe6ad22abaa8fd1bae200b7cd2f892bd807535d1b8f27accd946bcc3738b3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 167ffcc7b53754cf4e6bcf6dafa0453c |
| SHA1 | 799f22d916bf0c287decf440ee4cfccaf7d4ce4a |
| SHA256 | 4d23f2a3c38622163860e3445ee21cfb7a3be8571d6c4aeadd4b41d7c009d0c5 |
| SHA512 | df99019b7d7a0937281055754be3d24102682101033c64ed1bb3e77b5ee20fcb68b8638cbcbfbbbd2444cdb5e438603f6b9460744c9aa177e35e597cc018f079 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003d
| MD5 | e8c95f96a1ace513eb655ed4c8cbd2bb |
| SHA1 | 097040c1cf2b509dee77be6dfa358bc07efaeb4a |
| SHA256 | 52948a7cfed4f861063f1b3ecbb3cc7de35a0ff8dd9841fd27cbbf88ddc01e10 |
| SHA512 | d35d012c8ee924d78690ef4c4e739528d6871886d70ca351a1e003366fce81fa13619936f11ddf9bba096da8ef1cab766d2fbfa608e7d44c51255dca8107bc2f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d9abba141699137af73ca6dc3387a4e9 |
| SHA1 | 4c1cf7c8d826938a9a1c72cc31c5826b4fd8bab1 |
| SHA256 | 40f590fa4b5c9c57176e298e470c100d2d5eb2b57be6f948e678dbd19cba642b |
| SHA512 | ff67ec2c85549090ca672bbfc71e929029ed5b36f30887a9484bdaeaf12da32326472a49964d34963c9126c0fa3c0bab81224f5d9536cc5ce85762f02d731df0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 19d7cbd9e6115f3afe70539ae3abc9eb |
| SHA1 | 70dc69a582ef6e63ac63abbf3872d5cf16dcbf2d |
| SHA256 | 0053fa8af248de5ce1b22a365413088d1ed4e05d7f0441aac3eef1681c5aa870 |
| SHA512 | 8cb8cef604a384f256db0f8b5dc363be847e8e85c35577072b855f70168ba0ca74d9ad253f01a9ef39004402a8716a14148ea101fe240e3bdee714ee3d0ba9e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b2cb02f9e5919e89d5a7edae67e6c418 |
| SHA1 | 0f5386be8f93a98961f5edcaf59bb2edb06026e1 |
| SHA256 | 115b455a413869829fa44e1c22ea31cc80b022d7e1b426b9b0c13227a6da3587 |
| SHA512 | 1fc4aba6702c1d071279e2c7f218f8bbf4b809bb8f3f14bead1df72c5aa672ad0127779e192992bdc51520384fdcf04c4cdcedb6302e33d02b0ca6b81365ae88 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 35a4e6111fedc020fa98de7cd725584d |
| SHA1 | f642aa4bbb906517fdfbb5fac1e86be3b0b031c4 |
| SHA256 | fc3198529801b645c9b8d114fc29789ac9ab5e6f5db54e5508fd3f560549046c |
| SHA512 | 0d56347b2fd4fd8dcac68b27283060c3eddd26f6829402a724ff26f01937cae92d3956d1be189495c42e546dd172c4fa64cb547717328a1ce8241e43ea8f31cc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002f
| MD5 | 2681b2ff3f6e8c46f69f0e10f98de946 |
| SHA1 | 79cc433d1c8c9b5e77ff36daef581a64ec9f166a |
| SHA256 | c2577e85856476dac402b5900f4e4c65db3b9b4158ad2ee14c47a33b045964c7 |
| SHA512 | f89a756d88e0713240cd2e4029e1d102f6788fc2c17ba82bec11235df63db288616b4ec00d216030a4f87a767c18f2d8a9e8a0098324101f189c247deac5ba35 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.whatismyip.com_0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e558177f8db0e6fe56eadf27108c5b63 |
| SHA1 | 3d8c946b6cee475b59fe8afb7525322cf5e35c85 |
| SHA256 | 536ff838ccdf0afbeef24a6b48d6940a7edb4467ada377d7e5b0ab31f3b5fc3a |
| SHA512 | a03923c5234e4c73c29926c1df27a5e5b366cfdbad30af41d156be82beb0b72e8b2f1b77051000d9eede3b9be88e3be7dcba5158f3812e752995b1566b98bec9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 784c3424ee126eb0f4877e2bf017659f |
| SHA1 | cc917a7720f5764ff50b0ae45f42f4fb09805682 |
| SHA256 | 9aa4c6d2f54cfb1cc0f4167475f115e488307439b9dd48788f94a3d0129de0e4 |
| SHA512 | c959862bb3229c229c132443c9a86d5574fce66457ef874b13e7c223346b8a8c9fdac9a60a438ee23a229edd594acf34dd5b49532b702618b5bf58a18a4e499b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005b
| MD5 | e3360c4c637a600750a0cee0c1dd3e02 |
| SHA1 | 7dbc50b073509b8ca1642fbf0764bd0a5e8b46ef |
| SHA256 | 60c6994d0c4ba91c15cd866bdf5a871cd29dc8f523b86ec04c5ccff105760240 |
| SHA512 | aaf601f2302c8acb91d3d59cfd72b64010a29130dd4000f12926fab37454ab2a9d5f366b14a3ff6629615b96118517c505b4017c956e540dc4b5c3a9f4efe46e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 1ad3b895d15c3bdba997dddf1dfa3af8 |
| SHA1 | 690a7728e98cf41c6f9a8106c74287017cd4a9cd |
| SHA256 | 7a90caa805a5a68377dc506535573e3cd0681c4a2b6319955db9beb5daf91bcf |
| SHA512 | 9f8211d5d97face6fe7b6d503ff24bca3612750fe11fac54d5bc8caa472bdfe3d374c8f1618fb9dc8f56f54d6db179c2d2ca67137e5b7383cd1b5bcc4c00c01f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000042
| MD5 | 8fac76b62e43e540eae96c1330d4d988 |
| SHA1 | da7c85d68b5ba627926ed856f3d39814ed9d3a69 |
| SHA256 | 824427ad4e2e3a505e20b51f043c9725f0db309bff13158bf1789645853ab8c4 |
| SHA512 | caad8f502753902b13bd8ee499e3c0cc24205b6525f46f5bc0a0e20ddc75239a39a5f3612fd36cab7216179f23a7cf911168869595b2756b0efd1de1e7b2eda7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000044
| MD5 | 49295de6ccd23cf80b6418a2d209868f |
| SHA1 | 42a955b4560bb22cb9b5b39577f7a691ea345018 |
| SHA256 | d5a29c73c6200af2ed6918a61106e649b92098ecd476830d725ed4d2ea5a8efa |
| SHA512 | 2954ab185fd84a08933bb6e79d91e301021fce4e632b477e765c172cacf72913561e101ed2f7e66bfbdc5946b35f2b63eb2b6f878e0afc9d26ffe71ee112a1c0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000043
| MD5 | abaffb0b249aa0f4bd6c503219aedb83 |
| SHA1 | 5869304e7d3b66b3b55ba658c092ea8643fe00ea |
| SHA256 | 07b15d45ead616b938d56cd2e6ce41eb25af0dbc8734cb51e3852aea58206149 |
| SHA512 | fcdc4cc92a2771b62d88ecc1a8bdeff60c26f9659596fffafc1d28d930b572c773f9a4af06a5988a941b22a7fb7960930827ddafa3c4cfc32a6f93f391c5a950 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 6188506c8fa221fe82b6ff2e2455ca71 |
| SHA1 | 796fb6691ee25b4fabe0a105ce730d9dc4d4b171 |
| SHA256 | a953525e3be4674aa40da54ce75a97699112abbec08b9e9fc6faf2a874d4ec36 |
| SHA512 | 0fcefd41243e2b95d4630c4ec8a7ed35057dac998a9134b91fe6e5f98334ab66bbd16e8d1599a1f6080403b05d4ef14c303fc34fa54f86e841b3ae5b9dfad4c4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005f
| MD5 | 4d8b471a2271ac4e3b5d25b5683964d0 |
| SHA1 | 67b52c3bfabc09bc4f99d259de43213dfebbb5c8 |
| SHA256 | d0947470db9c332a7e6abf959a45cbdaa82e6e032e325c512cc9a3cd32dbae65 |
| SHA512 | d734faac61756e2fc07821704a9ebc5c5a0e7a7dec601b3c8ac4ad6b1cec59cd6446f38e4df41f9c51cf5a45bc7c6241801fa945023bec1a735c0bf450a0c0f1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7077d9a5f8093ed97f3887de64b13fd2 |
| SHA1 | f4ec48bbe6b24ab17f57b59791805b3b31e004bc |
| SHA256 | 8eff576c8ead61b5ebea47b7f7534507ae07b33310541897d6e10c479e6988b9 |
| SHA512 | 381b0c2f24911aac6742b54f26c1d773567223a3db694a2286e77f883942266791cea37730350699361c0cccac021fd15af7bb6aef24a381e00e4e8558da95d9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\fc73ed469d22892b_0
| MD5 | 76473b623f324efc19cddcda6693a5b2 |
| SHA1 | 3271bae603ce8ea7ff1ebcb133d0867283d49f76 |
| SHA256 | 6cd28f55a2dc128f212ef76458481da05302c4603737b13d14a4a853665f9993 |
| SHA512 | 5b060996f487ba57644995100c371ac3101bf328804ac7b6b7a5d1c0acaa0421c4e3582834759b256a2fd0b42e99dbff37681307fc438481075cc833cc794123 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a5d59e4e342ea6de_0
| MD5 | 068ecc29789c78e37844d43b5987218e |
| SHA1 | a4b42186e38a8e1fe99bcf6b7b57668976d93e0a |
| SHA256 | 525268c1f5039030e26da7046992d9374bacfb845083dd80b52b16f177aed3e0 |
| SHA512 | 8666da713bcf09b355b1e7e68a70c03382212e3e127b8f5288cf93ed77ab12b858d739a1c9027bd89f5b7865aca2bdcd04b8787a1e14bb25c918c0f8e6c4f6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1e089ee9d67de658_0
| MD5 | 24f0e1575555f8f9dc194d172dbf1239 |
| SHA1 | 49883f345a5c2ed6a0a2adacd17d06bf21dcd85d |
| SHA256 | fe855bdc3af73602f4636e21f3023e33d7ed33dc47d85c7b9571c027902db1ce |
| SHA512 | 3a50edcf7310c873ffd61cb3ca1a807dfe2dcbc2d7aa49e00ed378dbb85a440fcb860db2fc2adf3da4a99da71c2bb6241928182f0251db73a209c4a274817ca0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000032
| MD5 | eeb20ee0ad162f188c6f0df3625b7e6b |
| SHA1 | 1e72a860efe205c4273e0261c61716106cee19bb |
| SHA256 | d9a36c5fc9108765c77e3a654ae31b7f1e75388a5a2a18ff5c9dabb7da1ca52b |
| SHA512 | b383ce3740ea009987c3b13596eb402202ccf370e66b1ae44d7d2fd0d3c4215184958c1e9169959f2317cdb3557f12fe858e6c09c665b645a981662bac0beda4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8120fe4b941eb2a8c566dc98f858bef7 |
| SHA1 | 0f2ad1f63f6f586e9c566a8e2a52c24defe340d1 |
| SHA256 | e97b71525325265c4265a9e816f80ceef69443c09c7af94e764cbca5dea20800 |
| SHA512 | c46f64c54167af9500e709ce658f6acb3699691e4e9a02331c6069dc387299b20191e400d1d3cea08da610449293512b931faf48d86055733cdeec66fe44477a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\34951a4b7e0c8197_0
| MD5 | f0d4f8cc92a0c557816a0b15ed84d3f8 |
| SHA1 | f53869ed86bd6eaf00c54ae14aadfe5d8008807b |
| SHA256 | 544c6dd5febe6e24559756b6e81eb700e12431e867b407b8d2a6a9dcbb831144 |
| SHA512 | bd8dc5008026782c061ce18e6536a3f32da7d9a132ae2a41d0dbaa91d63a123a2e131a2a876b3c6c9dacc6dd1b2ea75ef93c159c450d1f31ec241493897f05f1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000034
| MD5 | d3d71879529d7499ff1c58ab448640bf |
| SHA1 | 6a5190136344c0d18f40e7aa66f743345acf2a08 |
| SHA256 | f2b28dd3bf823579341040436d5543e261d70fc4d1ef2c28ce9e281c545b3ff0 |
| SHA512 | 3bf45c5058223cbbbc6d9e4013450dafe5802948695df5831c317740c2c382a564d9163b9f4b599930b81f0626e30c6dc318aa0fdee49b89cce47300d27a1bf9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 19255476c6b37386b92e433532aa1a93 |
| SHA1 | 8ac3aa73978dde857207c393429342b73efbc1ee |
| SHA256 | a00c5a86e90cc2bbc00a56f29b3eeda2b9fcd99a1aea0f4f956d0d6a599e7098 |
| SHA512 | 9b98f03b2666f818438f9aba95e50feb09f1383ecbc2246c2972db392ff5f7f6bdf14b949337375b2bd5bd107549d873a6f8979489f8120691e8b9bcd825b4bd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 98109c8a79467a55cf6c6fd1bac4199d |
| SHA1 | b2d46508c66fbe1eecca2fb6baa7d4dcb2ebe044 |
| SHA256 | 7b21487bc214fc56ef65ff555f3b52268e00c53b169940603aa06dd98c58c244 |
| SHA512 | c4f5c497beeb1246ca347632f69dfc5e9631e0e4c8abab30ddf1b62a8cd7022ad894b001081c96a6fc1d9e2fc2e65181e7a858b30ffeb2a315860b91a9a20763 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | df25212ff83099c37951e7c352829724 |
| SHA1 | 6b777b9ea597ccc946248709019a16cb4d138bf4 |
| SHA256 | 00966ae5b712b1affe9a60a7e38b2fd6652e7b2da4a43e930e1712a0ced8e3a8 |
| SHA512 | 31a4e3b18b74e569ead8faefdd03f07b51b02009ca19d9541640ad9f42a67d4b7c53cdd32d99f312ab91fe76ef3204624e4d8ec9bc64c42d30d6180afe84ac19 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 1a47e414ca2411b9086deee66a35a954 |
| SHA1 | 7ac9eb24e7407d6976929b6826bde17ad3a4ec1a |
| SHA256 | a09afc3c3fcb19d60866d1e5f757681e0795768585f9d5fb942fcae4dfafc857 |
| SHA512 | 8fc1eb9e3c844afa90ca1f573923bba1d1c9b91c4ebef90ce001b92a914dac29f39ea6c44420b3eee82f7a7b6b56e3b10c6065f636cd644baddecc1fd55bb23f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009
| MD5 | 87c2b09a983584b04a63f3ff44064d64 |
| SHA1 | 8796d5ef1ad1196309ef582cecef3ab95db27043 |
| SHA256 | d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0 |
| SHA512 | df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b
| MD5 | dbbff6f4adbb2716977f84db049e50b7 |
| SHA1 | a645e2dbab0cb70e0c14f04c85c5e89f4b814c5f |
| SHA256 | 2d2d525301b8fd28b01b857a782b3b13587cb028f0f5f00e24e285a97fbb01ad |
| SHA512 | c63af3f49a4828feda6f55a5a6635b01626b7d0b96a2234d94392a936231c1e21ed30e7ef5ecb836e69239c245b4884277e11a02dfde13c191a371fe2a41ec1d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c
| MD5 | e8791a6b33e070194ffa8a2fdc755f4b |
| SHA1 | 588340556639c7fb10a873c5e03d71d172cdd5c1 |
| SHA256 | 4a7fa79da9f65b29d66f4052d720fcf40d0eb69dcef69b6a0fc45c7fc761083a |
| SHA512 | 2c010a1ab774e717e03261112e14f78087119220ab7d65896ded1aa072e1b835f7804e5f335ff7f9ea97dc9088db9c27d0ecde3d5ca407736ababb9f29243765 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d
| MD5 | 3d1eb8fefccc0d370769ee6bfcff532f |
| SHA1 | 65ba9ac9716f0da39d4b9b147921536eb5595c81 |
| SHA256 | adc5929b1fbea1bb2e47bba2564eea612d29f670ad972335235fab730f2678f1 |
| SHA512 | 2849eaea1d3924ed1ee74445a6818c77765d018373089c825b6112c22dc62c20df46a4da7df6d3b8d6c29393a6758d47abcaac791a6132ae39597e967dc61e8f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3282475a54fdbadf_0
| MD5 | 99daf5c9f5ebad9dabdb4377e7a45992 |
| SHA1 | 919784e7d189be453e96b780fb168b16b01ad5d8 |
| SHA256 | 193dbb44f8f842e69ba43afd2fd89e7018fca7fc5c19f48b32c4931f80d666f8 |
| SHA512 | 2a43688c86b933056f50d3b4adc38403c8f20e4cbc9052028d2acadf5a3f55559923de2508e1634b67e0ff94261cd9095684a98a1786057e323aa3c85da67c86 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\6b33d2b797250298_0
| MD5 | a3f42ef3c54aaf8acfc73281dc7f67ba |
| SHA1 | 50ef1da05a57d016794f40664d3cdee8a62282e2 |
| SHA256 | a7423e2990c2d4a840c5661d3516745341e36dd5738424e652f3fb53fc24aef3 |
| SHA512 | a64200ef6058a12b834c9e5bc5a228d68822a01c35df6a4a460b41291a2b97e3883c38406a53e37ced0fef18c18b72195290c13e7accc21041d5a8aa9fa12248 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 579ada1492f24b726ea0bb62b4d0270e |
| SHA1 | 19de96ba220ee1669d06e3589dc262da96eb4356 |
| SHA256 | 63e6a24c1b982c27fecf9c57c3a469ca436e9bcedd8f181f7617b775321226e5 |
| SHA512 | a5988a823d0b09d89b5ec70429c2766bea40e3537e4e56dae454d85417d46eb97a8d0cb38c2e07013cae9b3d9011b48486c53996a7c5e647a8174057ee7fc05b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | e0143b86f028dad56ded35537c8d6d6f |
| SHA1 | 50407775c6d39f5fa7815513f51a69e2a5538dda |
| SHA256 | b04939e3d0800367465bbc1e016e8c0aa7a0c844c6fba9489b477fb22218feaf |
| SHA512 | ba8aff1f915ee6e509a293f931dab61e3b73e4ac2510be952705b2488a520bb887207d9fa06cb94574bc9cc4ed41afc1f2aeb0adb464ed621c9935c9e2b59b9e |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
| MD5 | f49655f856acb8884cc0ace29216f511 |
| SHA1 | cb0f1f87ec0455ec349aaa950c600475ac7b7b6b |
| SHA256 | 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba |
| SHA512 | 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8 |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
| MD5 | b5ad5caaaee00cb8cf445427975ae66c |
| SHA1 | dcde6527290a326e048f9c3a85280d3fa71e1e22 |
| SHA256 | b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8 |
| SHA512 | 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
| MD5 | d222b77a61527f2c177b0869e7babc24 |
| SHA1 | 3f23acb984307a4aeba41ebbb70439c97ad1f268 |
| SHA256 | 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747 |
| SHA512 | d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a498aa1e1013048fb7498fe739006e94 |
| SHA1 | b2684a3e0e9edcf8007c51725af6deedc7e0dc50 |
| SHA256 | d4a243c3572d7e070e28faeae2ddb260903170a3ac79a5e3c388385654d1c343 |
| SHA512 | 87f4e6880d7b7c9d4abca536823b6d72f85ae87f6fe9dba12a798d8bdac6e734b13fabfe257197c078f0547abf0c09e187cefa50285b67946ca29ba16489ff3a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 08ad7376db50534abe2a4551da310061 |
| SHA1 | 8dea481f07aab0e731bd4ecf5fce154469797421 |
| SHA256 | 143ded3cea1d92d2f242a14bcd5ee4416e5b8e5f1316d14e20e348a234ff8641 |
| SHA512 | ad1dd3f859ac65d61e12abd086c6e6294f4904f687a8a2f1560d78b36fdf38eaa7516f6d759fd91819a2a2e32f70b2472c8377e6788d6a807724df8012f2ca96 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d44419dc1fbec646c58a02999c1a4ee3 |
| SHA1 | 69712b0010e39db0b1aa4ea58be4791d25279aaa |
| SHA256 | cde510b4624d5fe8ceb72900547c53291b0a4513ad8825bed4469254e43e526d |
| SHA512 | 163904e3deafd12278edddb5369b665b29933dab83f525d643841e74570639439a308cea7516c989bd00d4af5142428d110dcd1d5061f44f26c8e0f6e3581f24 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | dbb36a98d3e0b8a7fe1db37c696bed6a |
| SHA1 | b05d646a42dcbb6ca3027d0b368e7f0006c25c1a |
| SHA256 | de50cd588c5055260f76e77b4e6add06bd13a42dfee47ba3aac11c2a1091262e |
| SHA512 | 943fee068dd5a0e0dd23d26070ad7291c748441452c6c2a7ab95107fcdfce872c2136079249217d3cf695c201a67be2091b5c01d9bfd547d5b07c26958865439 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9592f179a5a637fcc1989864a67a39ae |
| SHA1 | e26de0b952ed5bb9f7e4dd7004251f6a9f5ffe9b |
| SHA256 | fa2847570cd17d3b8fbdf7273f86fe68c197e7fc9d049e418cc80d519ba84ffb |
| SHA512 | dcab447f4a425a61eb38279ca08a250e8d1821e7cf704197e23a3e28eadfd0727bd66d033222841510ec55e8a9f29b6006636ea32ce6ebbba57407b167335c64 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6c0449a84afbdff825d09beeea1476f0 |
| SHA1 | 2499ba2991d97a9dcc4e3bc52ac3cd694fad8d00 |
| SHA256 | 0157c08323d8110d87423abc61f9d41c2a239b834b342a0e73e693fa45e0cec2 |
| SHA512 | 443f30fd4d8996dbba7fac59f1f2f3323655a76a4cb02a7e0dcc69b833c5fb324a1c4d82a99926068244626a105428639ae35f6b445106aecbce974cec577118 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f1790f6b46c89a9ddcc55eb02ce92ec9 |
| SHA1 | 655e49be161a41369467d8c373aeab601d4bb0ad |
| SHA256 | 522a5387f114bad26440b1a9557a90d504d584a4617e1543f1e631041a500e9b |
| SHA512 | 7a73092fc0bb2dad3945c634ca3f2408dd1f564ee8829fa2fc11800630f37a37a15a99c4b176703d09524367c670115f8865c80a27077a70a0bd58efab9ec19c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | a3f2b7bf98005987e0e5a4a714277651 |
| SHA1 | 958b042e20529413f567850aba3368801c5920d9 |
| SHA256 | 9153819d6331b59f57a094f165c64ac9d82c166eeb037a24fbdbd69932f85b33 |
| SHA512 | 6c7dbedd9121f1313495b85e838d205768dc66d775feba993b06663d707308021565e1ed0cf8da00003a22924364baa85752f2b6aeb3f65f3c0b18e6917432b7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 852384257ae78f980c94fd8f2dbabd55 |
| SHA1 | 5b66fc0554029f738948d3537afb0ed41d6b9cb6 |
| SHA256 | c6a55cc9aaea09a4dd198749e0a9035a8c5aea527d8bb4d1061509f9aa540c88 |
| SHA512 | 136050606fd17996e2b0132b8676773df1c079c329da29f3bab850be144a206f7b625213f8a25cab341d85b552cc5da59e1a8c82526706f2e474bd2d6d48e667 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0e93e7512116ce49f7f820042b99c3ad |
| SHA1 | f1b72d84dcece8cc04969496bc0711ea6e607c94 |
| SHA256 | 9765b864ff6e4abbea09945e05fc44512f7e72ee5f2e5aefe60e7673a43ec6b9 |
| SHA512 | 16d6a6c52d472fe4ef01bf6d92aedbe513d1e695dc1163016160a464489e3298ed6c31b70b3f992a5b1b1f452c815dd6855b190525b17a006630c4be19f9a59a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4b03c6e577b5e72682a43606687660ed |
| SHA1 | 782cf402fad288f1be4a7326544c729985445525 |
| SHA256 | 157adbd2c23e451e6d081b659978ea260b89fa3ebf014ae600dcb8910915cefe |
| SHA512 | 505701e87fae8964be22f455a82ec38ea328e964bf5494579a8649bb3150d18092deaea29b378d98377e6bb7db4a5e66e9c77d46adb1f6f001287a3d36c03e7f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 37f6e8f609db96641125d09a16bf331c |
| SHA1 | b41063bffeaa837e406e096153d3258f24b7e6c6 |
| SHA256 | 0d2e027d2d2cc0594dd146c0c7bb665a89ed280f5fdc7ec6a4585ee4dfa51a48 |
| SHA512 | 86c744d9c607ec2fa062f99f30389ff41e210cf4275d724620d8ab5b050be2138966543f0a653982a4f3dc2b93a241ffdf9f7117e48d4b6b99ec87b870bff73c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e3633092c9b01596625d12c070bc68ac |
| SHA1 | ebedaf2b8f5f8b2fc3f71b32a29a7de31eb588de |
| SHA256 | aee05ba1b3644705ab55d97732391e9995e48be126bf31001d89d4367432f977 |
| SHA512 | 02b666e4786e83e65e25f4e46a2a0828997e9168392b440cbb60d683cb2e958e8da3061d99f6b17ac473989e1130ae2d7dbc84b76f11bd13c04d845e9762f710 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1ed42327e7b65b7e47f65cb6063e3187 |
| SHA1 | 3402175aaffd4aed32b762ffd298c6c8c247ab86 |
| SHA256 | 92913a3303068e5197fe4e4f58f2caa114a36107cba9041efd73fd514f17eeaf |
| SHA512 | a747bffc34a600d365ea689b3f4b0a888a5c4101fb9a00ac48114220bfd1f6fb543b940d68b36c1ae8c024cd88667a8dcae64d94f68880004e1f21c42903697a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 6ac98abd38ef1a7532dec87b81ba33b4 |
| SHA1 | 33f980fcb81ad9deaa598794ea22120570f8f948 |
| SHA256 | fb15b0b57eccda9b61c396c5c906e4490fa8e59e25dc6e45a421aff9d932dbcc |
| SHA512 | ee9f6dd29b595ff07ced850494247b23321842a25e3fefe44bf8c9dbd7d3409d5e5fee15038ce5c6c5de5883183844385768548645c2d9602b105574b7569cc2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f2333eee0e831d9f6bec45ad772a377b |
| SHA1 | 62098bbc157450ec710995e3a0cad4f61d5955de |
| SHA256 | 07fcfff54d59347dc495375c92be32020c06992c51e545e3bdaa286568f15f13 |
| SHA512 | 112f79de23613e2190ab10cd2f0bcd520cdba1e28ab2747c39d66b187b96b89f182c0cbefc22e4ad183f06b64dce1e3f61e3891b0439a0d4019133003f0d52d9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002e
| MD5 | 9a36e47b062c2a7cc98b2c7c60423338 |
| SHA1 | a981b814d5b10e4dc0ab86fff926c960f19d756f |
| SHA256 | cd85f4762e736ff87d7184e4a146149df68c9b646be1841aab202e55ccad499e |
| SHA512 | 8e4f25e2e4af4a3317e94eb97c580008ac622ba7110f3716e09a15647793921912ce57436c31dd48578185b6cd00edb975a49a21d1684420b07cb98c0f2902ed |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000093
| MD5 | 893866ac13017d7d75677eefa97b14d2 |
| SHA1 | 3c1f0eb8daa12906f0cee4862392e591b1bca065 |
| SHA256 | e461f2e117e2fadd8d3214cfd848323397b0c9a001351421ddca8b08fae7677c |
| SHA512 | 842769e9bc34e900408fe7600f6e0f018a7fccfac0099be72c7319e9f0368ae26a2213905d138332d2daf507f4888f8991ed2154a7adc3ed41b24ebb36a94e35 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b9a1f91e27e07209_0
| MD5 | 59407542a5d2330e40c8f24b196825c7 |
| SHA1 | 606ba2f2551d2ef92618b29954cbebe6017bdcef |
| SHA256 | b8acbbca85f487afb5f6a73c41d75ad2fcba08ca059f5e1f5f67beb3970235fb |
| SHA512 | ed178a1bf3f1530e2bcaa78287bb42d20fd61997edfe50b5bfed4aa9cd0e6d7d54b8d8857b2085e51b4f924ca2cc38e419db2322d494561684b6c8af442211ba |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\336a68eaaf209f48_0
| MD5 | a1ffac1e86bc4012a6d9fffb9d7b34f4 |
| SHA1 | 8cb227c2b76016530b92bf4ea4249858a7952fb1 |
| SHA256 | f0f314d56a5847c40354d5c85072ae48fd29de76376a810152d9344418a05a4a |
| SHA512 | 68ddc5396adc9cccead975f13a2fdd93ffd7da8bea756ccda4019abf69614fe0b29fcfa676a85c329006b8459d64622b79bcbb220d74cfbe74b396196a2de20c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000035
| MD5 | 9c6b5ce6b3452e98573e6409c34dd73c |
| SHA1 | de607fadef62e36945a409a838eb8fc36d819b42 |
| SHA256 | cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc |
| SHA512 | 4cfd6cc6e7af1e1c300a363a9be2c973d1797d2cd9b9009d9e1389b418dde76f5f976a6b4c2bf7ad075d784b5459f46420677370d72a0aaacd0bd477b251b8d7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 67c53202110f4b7a5c46bcbbc4c01c2c |
| SHA1 | 6c7a27ab492d3ff526647b36313c095a0fd0e77c |
| SHA256 | aff9a0613ba1dc962f524771370e063ef6fa0f45ad41a075fe077166126a9200 |
| SHA512 | f0eb0ab14fc43320cd844d6c0f08b9c0a0acf7df8602e5e31a66fc7f721a2aee8dcb7c34b41c9253586c720cf966569cd5baaf252840cc605d3b0e1b23d056a5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8ec63cd23911df2451f22e53ff1e0684 |
| SHA1 | 9617b8eab520688cbe1aae8d34ccd97cb3157721 |
| SHA256 | afc79eeda52668732fec68a478ce224984c0d7a7399a53b9f7f116df6bea3b04 |
| SHA512 | f5788530769cd94bfc1663ffa19e5b75ef0b304278dd0bbe211a145430f464fd01a62aa86b55dfec2233c69e277e549b614dd536d280f8185f157ed05ee5da20 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 945559400a1a691bb87e6d12b117e54b |
| SHA1 | 960a2b407b55e40a10e9899e2da61ceaee0c9e94 |
| SHA256 | d41e37ff95e2482b8173bd36ccb10b4bffd3982d5c253f73d96b1a0aa7744955 |
| SHA512 | 8147619ef6e7eb240d1208e3ab530232234421287b86852a1572bed52a3289da55965e8632ee056c9f60b747a114d53cfc608e8946d1c26516a052db9e817775 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6f1b21db69ebc1c3dd4b6e4f0681629a |
| SHA1 | ad62fbbe595bb595e3258711a571dc323e5fb098 |
| SHA256 | dc5a927707e5c89c833fec94b987c9f1910a88be2769b3ce543dc4fdcdde7746 |
| SHA512 | eabb642a3b4aab3a608b394d11e2e33979dd6c7dae24635bd55042ae2bc5ef1b7d784560172ad930c2dd0cab9dd650269a2d56d37a4e37b7feb3a8587c5e19bd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 4c16c22851c0216301e48a0aaeff118e |
| SHA1 | cb8a0e690e445cbf66ad9c7a7315b0eace4f6a6b |
| SHA256 | 606dcc5fddb7b467cfda1b08a72827212b7ef4f2f154834c9e9d5b0c72575e92 |
| SHA512 | 423dc7fa255fdf9cc2038155a8f56728e3e7c8874bdeb2b2dc71c451c97bb22141d648a4e364fa006fc8a9d46322ddaa59429a62f070de7293c3633d2e5f0480 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 3b5538c2d6db72d25da6d95996995d18 |
| SHA1 | 087ed94534805031db0637c072d1e2679e270aeb |
| SHA256 | 850e21e89545b3ab00c1f7f405900f946b230418d477d611d816a8e81d9334bd |
| SHA512 | 5401fb0d34a69c2019a831ae97c8bb4b757b7cff685a718c1832d9f146ff9344aef8d2246db89badb09d76a6d40815422c7444dc7c551e1116d264e5f46015b6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e972cf97fc9a5d235a6adc15426800c6 |
| SHA1 | 2bd6bf9a846438b888f57f0ff6c7dc15c10b8da4 |
| SHA256 | b13691a33f545bf9ce2f1109e4c4568b29f4582b15c1c362fc4d94a12ee24991 |
| SHA512 | 3ce42be6dfd8cfe8d3b0f1691f07c6d9ece56da9fcacdf40bf11b495bc0b126b8a0ac9bb0691e3fa9303023542c7c2d995c5d6d4df2391295aa7681d0c716ad6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2bfa63fcdf13993854302c04d4438ea5 |
| SHA1 | 8a7c30e6803c79d242fc4e1cd5d17e20a8f3b147 |
| SHA256 | 3d07ffbc80ae34df9f8f96ea32746f460826669d04072987b1a3a2ad03a8df1d |
| SHA512 | fd87e9d2849761b37c7231fc6dba885a76bfbb8bd2d057829f72c2cf1e91deadd73935d9684238a74097318d19ae1c12f2d5639c20cf4f52e9eec19e628a2327 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 926c01587f71d4b8f750801108bab483 |
| SHA1 | 19a80ed84d0b688f883a1311de3ec1f2838ffb7a |
| SHA256 | be439f9b547ff15e2d15f4b5538dfd3b390358e40579e3773cdc8384b86295fd |
| SHA512 | f018d48574f25e0b0f793500de3ef1265c873e7485bba3221ff93fe1744eba91da399803fc5d12d2dd6ef551699d9e77b3273115fee36a36a549069e7791aa3c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 8887f003176873abb8c231ba355f4f3c |
| SHA1 | 6eb6ab02408e44f99115aa30d574d296bb6a991e |
| SHA256 | ab2b509893d7835948e911aee37437dc94591336e5b4afac9e769bde525632b9 |
| SHA512 | ae051308508e3e04b04ae9e01ef19d9636b13855cf1b5faab565bb466b11ce2ff9c8ca7dfa1370d9da7d478e4c15a373eae97ed02d0d13542a2f3dc20cec174f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4c307b02b4dcc58c_0
| MD5 | 115671853407417cc666ee121f4a140f |
| SHA1 | 8efbaaf8029405def15b4250a7cfe2ad3ce8f0b6 |
| SHA256 | 419da1f1fb2a4976f3f77e0d4e7b44ed66d8ebbc406bd80fbedf1ae918c058c4 |
| SHA512 | 71454d880fb396c790dba32a659778ed0a13c7d253a426631c9d080dab7940544d38075d3eed61c0388df877d643be18ee93d5790d2818d0e15bb9b0922c36db |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\773c8ef5387f865b_0
| MD5 | 6253ad2274ff9d82d403144f1c0e824d |
| SHA1 | 92d9bb685ea08d21e39b5ef94ad37aa72d3bd236 |
| SHA256 | b7184215f8c08c61fc5fd6a5f99a0ac0c4c356885805505ccfbac730dca5a430 |
| SHA512 | 2159162898bb9cef090b4bc8865b95cea403ea96493f4cf5f9eea1dba7443d92ddeb124ad8f14bae0de8a8e828fdc0e98487d20ec98241e0474611416014b373 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 9a87c2f63d244d44c8eb046b462f9f12 |
| SHA1 | 76490dcb21da444ff9dd9a60449fcd0b88f3f813 |
| SHA256 | bf2ed848e15221cd7e529bcbc13a8fb97c8f404a4bd077cdd72f2ace969b9a6c |
| SHA512 | a9f244afa546e09b4dae1112285142d74f50e86b67c77f25115aabbd8e656ba5cceae4d56439fb097cbdeef6f0e9f159a7eb8ac2324616046d8b6af9407a4255 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 3e83f3c074f72f87c2aedb1c91b0f66d |
| SHA1 | 114914e9d28b6b92732082d4a804e79ecc3296f0 |
| SHA256 | b86cda5149a479320afc94799fc6da0c0559de462ca079bf0be1bcb6bab1aa4c |
| SHA512 | 727be645cb29d48323fa93b9412e82aea041b52920ad4230b4be1e6a2efb5095fef6c0f6ae30026e754f8f479a87c7cff85508c45ef8fc02b8eac193eb80855f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 02a6d9a009fc164c6b33e3a4c9c7d940 |
| SHA1 | 26fd5a54af45a9bfe85bdfba286f11c938d06dd7 |
| SHA256 | 3bb09bcaf021275ff798fff02336c6fdfd48dda51dc0b6257b964590288eae56 |
| SHA512 | edceef7055800db079b75cb4aa5af58663b6ba69308b1a7e48c36d76804625f35ef86c66e508e716580338002c1dca00c87220325fe747c1f0b86335b6db091d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 5dcb6a6feb7b6f1e18d36050d6dc309e |
| SHA1 | ad9713c1f4c3631adb6f2c67954b94aedaf6c6d9 |
| SHA256 | 53b44c1651cc9f3944197359b6aae9529f59b412f7fd1258cbc2bfd5835ee92b |
| SHA512 | 1c2bc987e84f3c2cb1a394b6de42453f5c20fd5e50140fb71ca96a32e2771642251b715de0dcf3ae4dae53f9d0e35f56ba7876e2cd050fa982decf13a7cb7215 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 8368a0b9ddf4e0a4a350c909fcabebd4 |
| SHA1 | 739cdb4d82ab153ab52a318681343536b8b87c93 |
| SHA256 | 213897241681909be39bfa795babb121b5760644bbe31ab3f31185486c315c1c |
| SHA512 | 9d712e15064be357201046d2097a10a7aa0fe97944c69f1b61a40baf3963549d9e46a418306d0e14831fcf46b30f265e9934be58f9106698dd73e1fd87173c49 |