Malware Analysis Report

2025-06-16 01:54

Sample ID 220912-v3v3nsdgb4
Target https://www.logixoft.com/es-es/index
Tags
discovery persistence ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://www.logixoft.com/es-es/index was found to be: Known bad.

Malicious Activity Summary

discovery persistence ransomware spyware stealer

Registers COM server for autorun

Downloads MZ/PE file

Executes dropped EXE

Drops file in Drivers directory

Loads dropped DLL

Reads user/profile data of web browsers

Checks computer location settings

Checks installed software on the system

Adds Run key to start application

Enumerates connected drives

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Enumerates physical storage devices

Suspicious behavior: AddClipboardFormatListener

Suspicious use of SetWindowsHookEx

Modifies system certificate store

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Creates scheduled task(s)

Enumerates system info in registry

Checks processor information in registry

Modifies Internet Explorer settings

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Modifies registry class

NTFS ADS

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Checks SCSI registry key(s)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2022-09-12 17:31

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2022-09-12 17:31

Reported

2022-09-12 18:06

Platform

win10v2004-20220812-en

Max time kernel

2099s

Max time network

2103s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.logixoft.com/es-es/index

Signatures

Downloads MZ/PE file

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\drivers\rvlkl.sys C:\Users\Admin\AppData\Local\Temp\rkfree_setup\rkfree_setup64.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\rvlkl.sys C:\Users\Admin\AppData\Local\Temp\rkfree_setup\rkfree_setup64.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\rvlkl.sys C:\Users\Admin\AppData\Local\Temp\rkfree_setup\rkfree_setup64.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\rkfree_setup\rkfree_setup64.exe N/A
N/A N/A C:\Windows\system32\rvlkl.exe N/A
N/A N/A C:\Windows\system32\rvlkl.exe N/A
N/A N/A C:\Windows\System32\rvlkl.exe N/A
N/A N/A C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3064_2091734735\ChromeRecovery.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7z22E0D6CC\Uninst.exe N/A
N/A N/A C:\Windows\System32\rvlkl.exe N/A
N/A N/A C:\Users\Admin\Downloads\muveeReveal11_11.0.0.26213_2915.exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup_FileViewPro_2022.exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup_FileViewPro_2022.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{B95C4501-C4E8-4CF3-9F39-F77272AB7F81}\Setup_WinThruster_2020.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-8LOT8.tmp\Setup_WinThruster_2020.tmp N/A
N/A N/A C:\Program Files (x86)\WinThruster\WTNotifications.exe N/A
N/A N/A C:\Program Files (x86)\WinThruster\WinThruster.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{767C6E88-C7EC-4F1B-9500-7AC3006B0B85}\FileViewPro-S-1.9.8.19.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp N/A
N/A N/A C:\Program Files\FileViewPro\FileViewPro.exe N/A
N/A N/A C:\Program Files\FileViewPro\FileViewPro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rkfree_setup\rkfree_setup64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rkfree_setup\rkfree_setup64.exe N/A
N/A N/A C:\Windows\system32\rvlkl.exe N/A
N/A N/A C:\Windows\system32\rvlkl.exe N/A

Registers COM server for autorun

persistence
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 C:\Users\Admin\AppData\Local\Temp\7z22E0D6CC\Uninst.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\rkfree_setup\rkfree_setup64.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\rkfree_setup\rkfree_setup64.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\Setup_FileViewPro_2022.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\WinThruster\WinThruster.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation C:\Program Files\FileViewPro\FileViewPro.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files (x86)\WinThruster\WTNotifications.exe N/A
N/A N/A C:\Program Files (x86)\WinThruster\WinThruster.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp N/A
N/A N/A C:\Program Files\FileViewPro\FileViewPro.exe N/A
N/A N/A C:\Program Files\FileViewPro\FileViewPro.exe N/A
N/A N/A C:\Program Files\FileViewPro\FileViewPro.exe N/A
N/A N/A C:\Program Files\FileViewPro\FileViewPro.exe N/A
N/A N/A C:\Program Files\FileViewPro\FileViewPro.exe N/A
N/A N/A C:\Program Files\FileViewPro\FileViewPro.exe N/A
N/A N/A C:\Program Files\FileViewPro\FileViewPro.exe N/A
N/A N/A C:\Program Files\FileViewPro\FileViewPro.exe N/A
N/A N/A C:\Program Files\FileViewPro\FileViewPro.exe N/A
N/A N/A C:\Program Files\FileViewPro\FileViewPro.exe N/A
N/A N/A C:\Program Files\FileViewPro\FileViewPro.exe N/A
N/A N/A C:\Program Files\FileViewPro\FileViewPro.exe N/A
N/A N/A C:\Program Files\FileViewPro\FileViewPro.exe N/A
N/A N/A C:\Program Files\FileViewPro\FileViewPro.exe N/A
N/A N/A C:\Program Files\FileViewPro\FileViewPro.exe N/A
N/A N/A C:\Program Files\FileViewPro\FileViewPro.exe N/A
N/A N/A C:\Program Files\FileViewPro\FileViewPro.exe N/A
N/A N/A C:\Program Files\FileViewPro\FileViewPro.exe N/A
N/A N/A C:\Program Files\FileViewPro\FileViewPro.exe N/A
N/A N/A C:\Program Files\FileViewPro\FileViewPro.exe N/A
N/A N/A C:\Program Files\FileViewPro\FileViewPro.exe N/A
N/A N/A C:\Program Files\FileViewPro\FileViewPro.exe N/A
N/A N/A C:\Program Files\FileViewPro\FileViewPro.exe N/A
N/A N/A C:\Program Files\FileViewPro\FileViewPro.exe N/A
N/A N/A C:\Program Files\FileViewPro\FileViewPro.exe N/A
N/A N/A C:\Program Files\FileViewPro\FileViewPro.exe N/A
N/A N/A C:\Program Files\FileViewPro\FileViewPro.exe N/A
N/A N/A C:\Program Files\FileViewPro\FileViewPro.exe N/A
N/A N/A C:\Program Files\FileViewPro\FileViewPro.exe N/A
N/A N/A C:\Program Files\FileViewPro\FileViewPro.exe N/A
N/A N/A C:\Program Files\FileViewPro\FileViewPro.exe N/A
N/A N/A C:\Program Files\FileViewPro\FileViewPro.exe N/A
N/A N/A C:\Program Files\FileViewPro\FileViewPro.exe N/A
N/A N/A C:\Program Files\FileViewPro\FileViewPro.exe N/A
N/A N/A C:\Program Files\FileViewPro\FileViewPro.exe N/A
N/A N/A C:\Program Files\FileViewPro\FileViewPro.exe N/A
N/A N/A C:\Program Files\FileViewPro\FileViewPro.exe N/A
N/A N/A C:\Program Files\FileViewPro\FileViewPro.exe N/A
N/A N/A C:\Program Files\FileViewPro\FileViewPro.exe N/A
N/A N/A C:\Program Files\FileViewPro\FileViewPro.exe N/A
N/A N/A C:\Program Files\FileViewPro\FileViewPro.exe N/A
N/A N/A C:\Program Files\FileViewPro\FileViewPro.exe N/A
N/A N/A C:\Program Files\FileViewPro\FileViewPro.exe N/A
N/A N/A C:\Program Files\FileViewPro\FileViewPro.exe N/A
N/A N/A C:\Program Files\FileViewPro\FileViewPro.exe N/A
N/A N/A C:\Program Files\FileViewPro\FileViewPro.exe N/A
N/A N/A C:\Program Files\FileViewPro\FileViewPro.exe N/A
N/A N/A C:\Program Files\FileViewPro\FileViewPro.exe N/A
N/A N/A C:\Program Files\FileViewPro\FileViewPro.exe N/A
N/A N/A C:\Program Files\FileViewPro\FileViewPro.exe N/A
N/A N/A C:\Program Files\FileViewPro\FileViewPro.exe N/A
N/A N/A C:\Program Files\FileViewPro\FileViewPro.exe N/A
N/A N/A C:\Program Files\FileViewPro\FileViewPro.exe N/A
N/A N/A C:\Program Files\FileViewPro\FileViewPro.exe N/A
N/A N/A C:\Program Files\FileViewPro\FileViewPro.exe N/A
N/A N/A C:\Program Files\FileViewPro\FileViewPro.exe N/A
N/A N/A C:\Program Files\FileViewPro\FileViewPro.exe N/A
N/A N/A C:\Program Files\FileViewPro\FileViewPro.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Windows\CurrentVersion\Run C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Windows\CurrentVersion\Run C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Windows\CurrentVersion\Run C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\F: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\system32\rvlkl.exe C:\Users\Admin\AppData\Local\Temp\rkfree_setup\rkfree_setup64.exe N/A
File opened for modification C:\Windows\system32\rvlkl.exe C:\Users\Admin\AppData\Local\Temp\rkfree_setup\rkfree_setup64.exe N/A
File opened for modification C:\Windows\system32\rvlkl.dll C:\Users\Admin\AppData\Local\Temp\rkfree_setup\rkfree_setup64.exe N/A
File created C:\Windows\system32\rvlkl.exe C:\Users\Admin\AppData\Local\Temp\rkfree_setup\rkfree_setup64.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\FileViewPro\is-P0U7Q.tmp C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp N/A
File created C:\Program Files\FileViewPro\Raw\is-APM1H.tmp C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp N/A
File created C:\Program Files\FileViewPro\Langs\is-2UN8R.tmp C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp N/A
File created C:\Program Files\FileViewPro\Langs\is-10VL5.tmp C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp N/A
File opened for modification C:\Program Files (x86)\WinThruster\sqlite3.dll C:\Users\Admin\AppData\Local\Temp\is-8LOT8.tmp\Setup_WinThruster_2020.tmp N/A
File opened for modification C:\Program Files\FileViewPro\DevExpress.Snap.v18.1.Core.dll C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp N/A
File created C:\Program Files\FileViewPro\is-HO7G1.tmp C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp N/A
File created C:\Program Files\FileViewPro\is-EP3CI.tmp C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp N/A
File created C:\Program Files\FileViewPro\is-8VJIK.tmp C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp N/A
File created C:\Program Files\FileViewPro\Langs\is-MTJLA.tmp C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp N/A
File created C:\Program Files\FileViewPro\is-UVHTO.tmp C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp N/A
File created C:\Program Files (x86)\WinThruster\is-LICRV.tmp C:\Users\Admin\AppData\Local\Temp\is-8LOT8.tmp\Setup_WinThruster_2020.tmp N/A
File created C:\Program Files (x86)\WinThruster\is-MOKCL.tmp C:\Users\Admin\AppData\Local\Temp\is-8LOT8.tmp\Setup_WinThruster_2020.tmp N/A
File created C:\Program Files\FileViewPro\is-6PIUN.tmp C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp N/A
File created C:\Program Files\FileViewPro\Resources\Editor\monaco\min\vs\basic-languages\src\is-6HBBG.tmp C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp N/A
File created C:\Program Files\FileViewPro\Resources\Editor\monaco\min\vs\basic-languages\src\is-7JIF6.tmp C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp N/A
File opened for modification C:\Program Files\FileViewPro\7z\7z.dll C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp N/A
File opened for modification C:\Program Files\FileViewPro\DevExpress.Spreadsheet.v18.1.Core.dll C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp N/A
File created C:\Program Files\FileViewPro\Resources\Editor\monaco\min\vs\basic-languages\src\is-R355E.tmp C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp N/A
File created C:\Program Files\FileViewPro\Resources\Editor\monaco\min\vs\basic-languages\src\is-9G6VA.tmp C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp N/A
File created C:\Program Files\FileViewPro\is-240MB.tmp C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp N/A
File opened for modification C:\Program Files\FileViewPro\SolvuSoft.Resources.dll C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp N/A
File opened for modification C:\Program Files\FileViewPro\PaintDotNet.dll C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp N/A
File created C:\Program Files\FileViewPro\Resources\Editor\monaco\min\vs\basic-languages\src\is-S77CL.tmp C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp N/A
File created C:\Program Files\FileViewPro\Langs\is-PL42J.tmp C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp N/A
File opened for modification C:\Program Files\FileViewPro\Vlc.DotNet.Forms.dll C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp N/A
File created C:\Program Files\FileViewPro\unins000.msg C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp N/A
File created C:\Program Files\FileViewPro\is-17NR1.tmp C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp N/A
File created C:\Program Files\FileViewPro\is-GEPC9.tmp C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp N/A
File created C:\Program Files\FileViewPro\is-H10AH.tmp C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp N/A
File created C:\Program Files (x86)\WinThruster\is-AP6LP.tmp C:\Users\Admin\AppData\Local\Temp\is-8LOT8.tmp\Setup_WinThruster_2020.tmp N/A
File created C:\Program Files (x86)\WinThruster\is-09VB8.tmp C:\Users\Admin\AppData\Local\Temp\is-8LOT8.tmp\Setup_WinThruster_2020.tmp N/A
File opened for modification C:\Program Files\FileViewPro\DevExpress.XtraTreeList.v18.1.dll C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp N/A
File opened for modification C:\Program Files\FileViewPro\SDL.dll C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp N/A
File opened for modification C:\Program Files\FileViewPro\DevExpress.XtraBars.v18.1.dll C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp N/A
File opened for modification C:\Program Files\FileViewPro\SocialExplorer.FastDBF.dll C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp N/A
File opened for modification C:\Program Files\FileViewPro\O2S.Components.PDFView4NET.dll C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp N/A
File created C:\Program Files\FileViewPro\is-B3PAD.tmp C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp N/A
File created C:\Program Files\FileViewPro\is-NR86G.tmp C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp N/A
File created C:\Program Files\FileViewPro\is-HJ9L5.tmp C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp N/A
File created C:\Program Files\FileViewPro\Resources\Editor\monaco\min\vs\editor\is-KJRHU.tmp C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp N/A
File created C:\Program Files\FileViewPro\Langs\is-450FE.tmp C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp N/A
File opened for modification C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3064_2091734735\ChromeRecovery.exe C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe N/A
File created C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3064_2091734735\manifest.json C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe N/A
File opened for modification C:\Program Files\FileViewPro\SolvuSoft.Localization.dll C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp N/A
File opened for modification C:\Program Files\FileViewPro\DevExpress.XtraRichEdit.v18.1.dll C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp N/A
File opened for modification C:\Program Files\FileViewPro\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp N/A
File created C:\Program Files\FileViewPro\Langs\is-0ITED.tmp C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp N/A
File created C:\Program Files\FileViewPro\Langs\is-Q1HEG.tmp C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp N/A
File created C:\Program Files\FileViewPro\is-R2N9B.tmp C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp N/A
File created C:\Program Files\FileViewPro\is-ITJAM.tmp C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp N/A
File created C:\Program Files\FileViewPro\is-GQJIS.tmp C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp N/A
File created C:\Program Files\FileViewPro\Resources\Editor\monaco\min\vs\basic-languages\src\is-2MV3H.tmp C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp N/A
File created C:\Program Files\FileViewPro\Langs\is-6O5D6.tmp C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp N/A
File opened for modification C:\Program Files\FileViewPro\SevenZipSharp.dll C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp N/A
File created C:\Program Files\FileViewPro\is-JPVKM.tmp C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp N/A
File created C:\Program Files\FileViewPro\is-LL4SV.tmp C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp N/A
File created C:\Program Files\FileViewPro\Resources\Editor\monaco\min\vs\editor\is-CJG3T.tmp C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp N/A
File created C:\Program Files\FileViewPro\Langs\is-L1N1C.tmp C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp N/A
File opened for modification C:\Program Files\FileViewPro\ImageView.dll C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp N/A
File opened for modification C:\Program Files\FileViewPro\Vlc.DotNet.Core.dll C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp N/A
File created C:\Program Files\FileViewPro\Resources\Editor\monaco\min\vs\language\typescript\lib\is-H3E2E.tmp C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp N/A
File created C:\Program Files\FileViewPro\Resources\Editor\monaco\min\vs\basic-languages\src\is-FQRI5.tmp C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp N/A
File created C:\Program Files\FileViewPro\is-OK458.tmp C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000007c4a2b5d7b48cb040000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800007c4a2b5d0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3f000000ffffffff0000000007000100006809007c4a2b5d000000000000d0120000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000007c4a2b5d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000007c4a2b5d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Microsoft Office\root\Office16\Winword.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\Downloads\muveeReveal11_11.0.0.26213_2915.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Microsoft Office\root\Office16\Winword.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Microsoft Office\root\Office16\Winword.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\CentralProcessor\0 C:\Users\Admin\Downloads\muveeReveal11_11.0.0.26213_2915.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\Downloads\muveeReveal11_11.0.0.26213_2915.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\WinThruster\WinThruster.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files (x86)\WinThruster\WinThruster.exe N/A

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\BIOS C:\Users\Admin\Downloads\muveeReveal11_11.0.0.26213_2915.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\Downloads\muveeReveal11_11.0.0.26213_2915.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\Microsoft Office\root\Office16\Winword.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\Downloads\muveeReveal11_11.0.0.26213_2915.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVersion C:\Users\Admin\Downloads\muveeReveal11_11.0.0.26213_2915.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Program Files\Microsoft Office\root\Office16\Winword.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files\Microsoft Office\root\Office16\Winword.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings C:\Windows\system32\taskmgr.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\4 = 14001f706806ee260aa0d7449371beb064c986830000 C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\Shell\{D674391B-52D9-4E07-834E-67C98610F39D}\FFlags = "18874433" C:\Windows\explorer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\CONTEXTMENUHANDLERS\7-ZIP C:\Users\Admin\AppData\Local\Temp\7z22E0D6CC\Uninst.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0400000000000000030000000200000001000000ffffffff C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\Shell\{D674391B-52D9-4E07-834E-67C98610F39D}\IconSize = "16" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\Shell\{D674391B-52D9-4E07-834E-67C98610F39D}\IconSize = "16" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\netcenter.dll,-2#immutable1 = "Check network status, change network settings and set preferences for sharing files and printers." C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\4\MRUListEx = ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\Shell\{D674391B-52D9-4E07-834E-67C98610F39D} C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\Shell\{D674391B-52D9-4E07-834E-67C98610F39D}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\Vault.dll,-1#immutable1 = "Credential Manager" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Windows\System32\rvlkl.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\Mode = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\4\0\0 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Windows\System32\rvlkl.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\Shell\SniffedFolderType = "Documents" C:\Windows\System32\rvlkl.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1" C:\Windows\System32\rvlkl.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13 C:\Windows\System32\rvlkl.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202 C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12122#immutable1 = "Windows Defender Firewall" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-7#immutable1 = "Change advanced color management settings for displays, scanners, and printers." C:\Windows\explorer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 C:\Users\Admin\AppData\Local\Temp\7z22E0D6CC\Uninst.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 C:\Users\Admin\AppData\Local\Temp\7z22E0D6CC\Uninst.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\Shell\{D674391B-52D9-4E07-834E-67C98610F39D}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000050000001800000030f125b7ef471a10a5f102608c9eebac0a00000040010000904f1e8459ff164d8947e81bbffab36d1200000080000000537def0c64fad111a2030000f81fedee0800000080000000904f1e8459ff164d8947e81bbffab36d02000000c0000000904f1e8459ff164d8947e81bbffab36d0b00000050000000 C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\DeviceCenter.dll,-2000#immutable1 = "View and manage devices, printers, and print jobs" C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202020202 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\Shell\{D674391B-52D9-4E07-834E-67C98610F39D}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000050000001800000030f125b7ef471a10a5f102608c9eebac0a00000040010000904f1e8459ff164d8947e81bbffab36d02000000c0000000904f1e8459ff164d8947e81bbffab36d0b0000005000000030f125b7ef471a10a5f102608c9eebac0c00000050000000537def0c64fad111a2030000f81fedee0800000080000000 C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-10#immutable1 = "Ease of Access Center" C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\NavBar = 000000000000000000000000000000008b000000870000003153505305d5cdd59c2e1b10939708002b2cf9ae6b0000005a000000007b00360044003800420042003300440033002d0039004400380037002d0034004100390031002d0041004200350036002d003400460033003000430046004600450046004500390046007d005f0057006900640074006800000013000000cc0000000000000000000000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\System32\rvlkl.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Windows\System32\rvlkl.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1" C:\Windows\System32\rvlkl.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4312#immutable1 = "Internet Options" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\4\0\0\NodeSlot = "11" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\Shell\{D674391B-52D9-4E07-834E-67C98610F39D}\GroupView = "0" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\Shell\{D674391B-52D9-4E07-834E-67C98610F39D}\GroupByKey:PID = "0" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Windows\System32\rvlkl.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\IconSize = "48" C:\Windows\explorer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\DRAGDROPHANDLERS\7-ZIP C:\Users\Admin\AppData\Local\Temp\7z22E0D6CC\Uninst.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\MRUListEx = ffffffff C:\Windows\System32\rvlkl.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\3 C:\Windows\System32\rvlkl.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Windows\System32\rvlkl.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656} C:\Windows\System32\rvlkl.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\rvl_auto_file\shell\edit\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1" C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-1#immutable1 = "Power Options" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3001#immutable1 = "Sync files between your computer and network folders" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\Shell\{D674391B-52D9-4E07-834E-67C98610F39D}\Rev = "0" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\NodeSlot = "13" C:\Windows\System32\rvlkl.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4" C:\Windows\System32\rvlkl.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0" C:\Windows\System32\rvlkl.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202020202020202020202 C:\Windows\System32\rvlkl.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-52#immutable1 = "Set the date, time, and time zone for your computer." C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9 C:\Windows\explorer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{23170F69-40C1-278A-1000-000100020000} C:\Users\Admin\AppData\Local\Temp\7z22E0D6CC\Uninst.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{23170F69-40C1-278A-1000-000100020000} C:\Users\Admin\AppData\Local\Temp\7z22E0D6CC\Uninst.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2 C:\Windows\System32\rvlkl.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\Shell C:\Windows\System32\rvlkl.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fvecpl.dll,-2#immutable1 = "Protect your PC using BitLocker Drive Encryption." C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16" C:\Windows\System32\rvlkl.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 5c00000001000000040000000008000019000000010000001000000045ed9bbc5e43d3b9ecd63c060db78e5c03000000010000001400000002faf3e291435468607857694df5e45b688518687e0000000100000008000000000063f58926d7011d000000010000001000000006f9583c00a763c23fb9e065a3366d55140000000100000014000000adbd987a34b426f7fac42654ef03bde024cb541a620000000100000020000000687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff20b00000001000000260000005300650063007400690067006f0020002800410064006400540072007500730074002900000053000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b0400000001000000100000001d3554048578b03f42424dbf20730a3f20000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604 C:\Program Files\FileViewPro\FileViewPro.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868 C:\Program Files\FileViewPro\FileViewPro.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 0f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b00000001000000260000005300650063007400690067006f00200028004100640064005400720075007300740029000000620000000100000020000000687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff2140000000100000014000000adbd987a34b426f7fac42654ef03bde024cb541a1d000000010000001000000006f9583c00a763c23fb9e065a3366d557e0000000100000008000000000063f58926d70103000000010000001400000002faf3e291435468607857694df5e45b6885186820000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604 C:\Program Files\FileViewPro\FileViewPro.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 19000000010000001000000045ed9bbc5e43d3b9ecd63c060db78e5c03000000010000001400000002faf3e291435468607857694df5e45b688518687e0000000100000008000000000063f58926d7011d000000010000001000000006f9583c00a763c23fb9e065a3366d55140000000100000014000000adbd987a34b426f7fac42654ef03bde024cb541a620000000100000020000000687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff20b00000001000000260000005300650063007400690067006f0020002800410064006400540072007500730074002900000053000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b20000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604 C:\Program Files\FileViewPro\FileViewPro.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 0400000001000000100000001d3554048578b03f42424dbf20730a3f0f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b00000001000000260000005300650063007400690067006f00200028004100640064005400720075007300740029000000620000000100000020000000687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff2140000000100000014000000adbd987a34b426f7fac42654ef03bde024cb541a1d000000010000001000000006f9583c00a763c23fb9e065a3366d557e0000000100000008000000000063f58926d70103000000010000001400000002faf3e291435468607857694df5e45b6885186819000000010000001000000045ed9bbc5e43d3b9ecd63c060db78e5c20000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604 C:\Program Files\FileViewPro\FileViewPro.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\ProgramData\rvlkl:cfg C:\Users\Admin\AppData\Local\Temp\rkfree_setup\rkfree_setup64.exe N/A
File opened for modification C:\ProgramData\rvlkl:uninst C:\Users\Admin\AppData\Local\Temp\rkfree_setup\rkfree_setup64.exe N/A
File opened for modification C:\ProgramData\rkfree:cfg C:\Users\Admin\AppData\Local\Temp\rkfree_setup\rkfree_setup64.exe N/A
File opened for modification C:\ProgramData\rvlkl:uninst C:\Users\Admin\AppData\Local\Temp\rkfree_setup\rkfree_setup64.exe N/A
File opened for modification C:\ProgramData\rvlkl:cfg C:\Users\Admin\AppData\Local\Temp\rkfree_setup\rkfree_setup64.exe N/A
File opened for modification C:\ProgramData\rkfree:uninst C:\Users\Admin\AppData\Local\Temp\rkfree_setup\rkfree_setup64.exe N/A
File opened for modification C:\ProgramData\rkfree:uninst C:\Users\Admin\AppData\Local\Temp\rkfree_setup\rkfree_setup64.exe N/A
File opened for modification C:\ProgramData\rvlkl:cfg C:\Users\Admin\AppData\Local\Temp\rkfree_setup\rkfree_setup64.exe N/A
File opened for modification C:\ProgramData\rkfree:cfg C:\Users\Admin\AppData\Local\Temp\rkfree_setup\rkfree_setup64.exe N/A
File opened for modification C:\ProgramData\rkfree:uninst C:\Users\Admin\AppData\Local\Temp\rkfree_setup\rkfree_setup64.exe N/A
File opened for modification C:\ProgramData\rvlkl:uninst C:\Users\Admin\AppData\Local\Temp\rkfree_setup\rkfree_setup64.exe N/A
File opened for modification C:\ProgramData\rkfree:cfg C:\Users\Admin\AppData\Local\Temp\rkfree_setup\rkfree_setup64.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\Winword.exe N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\Winword.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: 35 N/A C:\Windows\system32\svchost.exe N/A
Token: 33 N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeBackupPrivilege N/A C:\Program Files (x86)\WinThruster\WTNotifications.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\rkfree_setup_301_password_123.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rkfree_setup\rkfree_setup64.exe N/A
N/A N/A C:\Windows\system32\rvlkl.exe N/A
N/A N/A C:\Windows\system32\rvlkl.exe N/A
N/A N/A C:\Windows\system32\rvlkl.exe N/A
N/A N/A C:\Windows\system32\rvlkl.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\System32\rvlkl.exe N/A
N/A N/A C:\Windows\System32\rvlkl.exe N/A
N/A N/A C:\Windows\System32\rvlkl.exe N/A
N/A N/A C:\Windows\System32\rvlkl.exe N/A
N/A N/A C:\Windows\System32\rvlkl.exe N/A
N/A N/A C:\Windows\System32\rvlkl.exe N/A
N/A N/A C:\Windows\System32\rvlkl.exe N/A
N/A N/A C:\Windows\System32\rvlkl.exe N/A
N/A N/A C:\Windows\System32\rvlkl.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4252 wrote to memory of 3440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4252 wrote to memory of 3440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4252 wrote to memory of 4632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4252 wrote to memory of 4632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4252 wrote to memory of 4632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4252 wrote to memory of 4632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4252 wrote to memory of 4632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4252 wrote to memory of 4632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4252 wrote to memory of 4632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4252 wrote to memory of 4632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4252 wrote to memory of 4632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4252 wrote to memory of 4632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4252 wrote to memory of 4632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4252 wrote to memory of 4632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4252 wrote to memory of 4632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4252 wrote to memory of 4632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4252 wrote to memory of 4632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4252 wrote to memory of 4632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4252 wrote to memory of 4632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4252 wrote to memory of 4632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4252 wrote to memory of 4632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4252 wrote to memory of 4632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4252 wrote to memory of 4632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4252 wrote to memory of 4632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4252 wrote to memory of 4632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4252 wrote to memory of 4632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4252 wrote to memory of 4632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4252 wrote to memory of 4632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4252 wrote to memory of 4632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4252 wrote to memory of 4632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4252 wrote to memory of 4632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4252 wrote to memory of 4632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4252 wrote to memory of 4632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4252 wrote to memory of 4632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4252 wrote to memory of 4632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4252 wrote to memory of 4632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4252 wrote to memory of 4632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4252 wrote to memory of 4632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4252 wrote to memory of 4632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4252 wrote to memory of 4632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4252 wrote to memory of 4632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4252 wrote to memory of 4632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4252 wrote to memory of 980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4252 wrote to memory of 980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4252 wrote to memory of 2136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4252 wrote to memory of 2136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4252 wrote to memory of 2136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4252 wrote to memory of 2136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4252 wrote to memory of 2136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4252 wrote to memory of 2136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4252 wrote to memory of 2136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4252 wrote to memory of 2136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4252 wrote to memory of 2136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4252 wrote to memory of 2136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4252 wrote to memory of 2136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4252 wrote to memory of 2136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4252 wrote to memory of 2136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4252 wrote to memory of 2136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4252 wrote to memory of 2136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4252 wrote to memory of 2136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4252 wrote to memory of 2136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4252 wrote to memory of 2136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4252 wrote to memory of 2136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4252 wrote to memory of 2136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.logixoft.com/es-es/index

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xe4,0xdc,0xd8,0xe0,0x108,0x7ffbc9af4f50,0x7ffbc9af4f60,0x7ffbc9af4f70

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1620,13689491189311659695,16012076741974893650,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1628 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1620,13689491189311659695,16012076741974893650,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=2020 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1620,13689491189311659695,16012076741974893650,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2344 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,13689491189311659695,16012076741974893650,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3040 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,13689491189311659695,16012076741974893650,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3016 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1620,13689491189311659695,16012076741974893650,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4428 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,13689491189311659695,16012076741974893650,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4400 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1620,13689491189311659695,16012076741974893650,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4900 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1620,13689491189311659695,16012076741974893650,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4892 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,13689491189311659695,16012076741974893650,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1620,13689491189311659695,16012076741974893650,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5684 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,13689491189311659695,16012076741974893650,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5980 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1620,13689491189311659695,16012076741974893650,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6040 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1620,13689491189311659695,16012076741974893650,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5104 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,13689491189311659695,16012076741974893650,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5108 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,13689491189311659695,16012076741974893650,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1620,13689491189311659695,16012076741974893650,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6376 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,13689491189311659695,16012076741974893650,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6508 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1620,13689491189311659695,16012076741974893650,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5980 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1620,13689491189311659695,16012076741974893650,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6856 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1620,13689491189311659695,16012076741974893650,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6516 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1620,13689491189311659695,16012076741974893650,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6572 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1620,13689491189311659695,16012076741974893650,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=888 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Desktop\rkfree_setup_301_password_123.exe

"C:\Users\Admin\Desktop\rkfree_setup_301_password_123.exe"

C:\Users\Admin\AppData\Local\Temp\rkfree_setup\rkfree_setup64.exe

"C:\Users\Admin\AppData\Local\Temp\rkfree_setup\rkfree_setup64.exe"

C:\Windows\system32\rvlkl.exe

"C:\Windows\system32\rvlkl.exe" -install -lang 9

C:\Windows\system32\rvlkl.exe

"C:\Windows\system32\rvlkl.exe"

C:\Windows\System32\rvlkl.exe

"C:\Windows\System32\rvlkl.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffbc9e546f8,0x7ffbc9e54708,0x7ffbc9e54718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,3261205192403001195,12279858920928943292,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,3261205192403001195,12279858920928943292,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2488 /prefetch:3

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,3261205192403001195,12279858920928943292,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3264 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3261205192403001195,12279858920928943292,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3748 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3261205192403001195,12279858920928943292,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3261205192403001195,12279858920928943292,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4224 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2148,3261205192403001195,12279858920928943292,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5608 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2148,3261205192403001195,12279858920928943292,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5536 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,3261205192403001195,12279858920928943292,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6292 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff678045460,0x7ff678045470,0x7ff678045480

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,3261205192403001195,12279858920928943292,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6292 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3261205192403001195,12279858920928943292,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3261205192403001195,12279858920928943292,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffbc9af4f50,0x7ffbc9af4f60,0x7ffbc9af4f70

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1644 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1936 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2748 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2732 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2504 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3844 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4476 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4624 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4764 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4940 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4672 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4948 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4444 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2484 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2452 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4600 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5440 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x51c 0x518

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3872 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3032 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8

C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=836 /prefetch:8

C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3064_2091734735\ChromeRecovery.exe

"C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3064_2091734735\ChromeRecovery.exe" --appguid={8A69D345-D564-463c-AFF1-A69D9E530F96} --browser-version=89.0.4389.114 --sessionid={23310a36-c9a9-40b3-a013-adfa7f370c5a} --system

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1144 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4016 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3028 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3848 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3660 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1708 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4896 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1604 /prefetch:8

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1168 /prefetch:8

C:\Program Files\7-Zip\Uninstall.exe

"C:\Program Files\7-Zip\Uninstall.exe"

C:\Users\Admin\AppData\Local\Temp\7z22E0D6CC\Uninst.exe

C:\Users\Admin\AppData\Local\Temp\7z22E0D6CC\Uninst.exe /N /D="C:\Program Files\7-Zip\"

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\OptionalFeatures.exe

"C:\Windows\system32\OptionalFeatures.exe"

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /7

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5316 /prefetch:8

C:\Windows\System32\rvlkl.exe

"C:\Windows\System32\rvlkl.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3244 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Documents\XZIOFAVD_Admin_2022-09-12.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbc9e546f8,0x7ffbc9e54708,0x7ffbc9e54718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,8283392994653195263,13215385062881877507,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,8283392994653195263,13215385062881877507,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,8283392994653195263,13215385062881877507,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,8283392994653195263,13215385062881877507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,8283392994653195263,13215385062881877507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2044,8283392994653195263,13215385062881877507,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3800 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,8283392994653195263,13215385062881877507,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3808 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,8283392994653195263,13215385062881877507,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3808 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,8283392994653195263,13215385062881877507,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,8283392994653195263,13215385062881877507,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.logixoft.com/faq

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7ffbc9e546f8,0x7ffbc9e54708,0x7ffbc9e54718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,8283392994653195263,13215385062881877507,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2592 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,8283392994653195263,13215385062881877507,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,8283392994653195263,13215385062881877507,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6152 /prefetch:1

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.165.21\MicrosoftEdgeUpdateBroker.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.165.21\MicrosoftEdgeUpdateBroker.exe" -Embedding

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /broker

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.165.21\MicrosoftEdgeUpdateOnDemand.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.165.21\MicrosoftEdgeUpdateOnDemand.exe" -Embedding

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ondemand

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.165.21\MicrosoftEdgeUpdateBroker.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.165.21\MicrosoftEdgeUpdateBroker.exe" -Embedding

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /broker

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2044,8283392994653195263,13215385062881877507,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5692 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.165.21\MicrosoftEdgeUpdateOnDemand.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.165.21\MicrosoftEdgeUpdateOnDemand.exe" -Embedding

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ondemand

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2044,8283392994653195263,13215385062881877507,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3560 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2044,8283392994653195263,13215385062881877507,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5684 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2044,8283392994653195263,13215385062881877507,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6344 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,8283392994653195263,13215385062881877507,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4276 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2044,8283392994653195263,13215385062881877507,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6336 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4580 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2044,8283392994653195263,13215385062881877507,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6244 /prefetch:8

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\ProgramData\rvlkl\data\39E34271C99315ED0556E3760DF7F73E\XZIOFAVD_Admin_2022-09-12.rvl

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2044,8283392994653195263,13215385062881877507,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1588 /prefetch:8

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\Microsoft Office\root\Office16\Winword.exe

"C:\Program Files\Microsoft Office\root\Office16\Winword.exe" /n "C:\ProgramData\rvlkl\data\39E34271C99315ED0556E3760DF7F73E\XZIOFAVD_Admin_2022-09-12.rvl"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2044,8283392994653195263,13215385062881877507,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1320 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4628 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4596 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3088 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4032 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3820 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6208 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2044,8283392994653195263,13215385062881877507,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4872 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2380 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1592 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2772 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6424 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4712 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1596 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6604 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=924 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2384 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6456 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.logixoft.com/faq

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbc9e546f8,0x7ffbc9e54708,0x7ffbc9e54718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,8283392994653195263,13215385062881877507,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,8283392994653195263,13215385062881877507,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6364 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3152 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6720 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7148 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6528 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x51c 0x518

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2748 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6464 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5996 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6320 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7200 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7204 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7228 /prefetch:8

C:\Users\Admin\Downloads\muveeReveal11_11.0.0.26213_2915.exe

"C:\Users\Admin\Downloads\muveeReveal11_11.0.0.26213_2915.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6340 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.muvee.com/en/support/styles/gpudriver?gl_version=1.1.0&gl_vendor=Microsoft%20Corporation&gl_renderer=GDI%20Generic&w=00000031&osversion=602&vram=2047&l=1033&dxdiag_disp_man=(Standard%20display%20types)&dxdiag_disp_drvversion=6.02.19041.0868&dxdiag_disp_desc=Microsoft%20Basic%20Display%20Adapter&spmajorver=0&ram=4095&numcpu=2&pagefile=4095&b=0&h=0xd8b12292&gpuid=ROOT%5CBasicDisplay

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffbc9e546f8,0x7ffbc9e54708,0x7ffbc9e54718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,8283392994653195263,13215385062881877507,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,8283392994653195263,13215385062881877507,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3780 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,8283392994653195263,13215385062881877507,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3024 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4480 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6788 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6452 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6992 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6452 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4604 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5880 /prefetch:8

C:\Users\Admin\Downloads\Setup_FileViewPro_2022.exe

"C:\Users\Admin\Downloads\Setup_FileViewPro_2022.exe"

C:\Users\Admin\Downloads\Setup_FileViewPro_2022.exe

"C:\Users\Admin\Downloads\Setup_FileViewPro_2022.exe"

C:\Users\Admin\AppData\Local\Temp\{B95C4501-C4E8-4CF3-9F39-F77272AB7F81}\Setup_WinThruster_2020.exe

"C:\Users\Admin\AppData\Local\Temp\{B95C4501-C4E8-4CF3-9F39-F77272AB7F81}\Setup_WinThruster_2020.exe" /verysilent /LANG es /scan

C:\Users\Admin\AppData\Local\Temp\is-8LOT8.tmp\Setup_WinThruster_2020.tmp

"C:\Users\Admin\AppData\Local\Temp\is-8LOT8.tmp\Setup_WinThruster_2020.tmp" /SL5="$E0328,4683560,721408,C:\Users\Admin\AppData\Local\Temp\{B95C4501-C4E8-4CF3-9F39-F77272AB7F81}\Setup_WinThruster_2020.exe" /verysilent /LANG es /scan

C:\Program Files (x86)\WinThruster\WTNotifications.exe

"C:\Program Files (x86)\WinThruster\WTNotifications.exe"

C:\Program Files (x86)\WinThruster\WinThruster.exe

"C:\Program Files (x86)\WinThruster\WinThruster.exe"

C:\Users\Admin\AppData\Local\Temp\{767C6E88-C7EC-4F1B-9500-7AC3006B0B85}\FileViewPro-S-1.9.8.19.exe

"C:\Users\Admin\AppData\Local\Temp\{767C6E88-C7EC-4F1B-9500-7AC3006B0B85}\FileViewPro-S-1.9.8.19.exe" /verysilent /norestart /LANG es

C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp

"C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp" /SL5="$905B6,60311066,131584,C:\Users\Admin\AppData\Local\Temp\{767C6E88-C7EC-4F1B-9500-7AC3006B0B85}\FileViewPro-S-1.9.8.19.exe" /verysilent /norestart /LANG es

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.solvusoft.com/en/winthruster/install/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffbc9e546f8,0x7ffbc9e54708,0x7ffbc9e54718

C:\Windows\SysWOW64\schtasks.exe

"C:\Windows\System32\schtasks.exe" /Create /TN "WinThruster automatic scan and notifications" /TR "\"C:\Program Files (x86)\WinThruster\WTNotifications.exe\"" /SC ONLOGON /RL HIGHEST /F

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,17701038311684724372,9637089388757913827,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,17701038311684724372,9637089388757913827,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,17701038311684724372,9637089388757913827,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17701038311684724372,9637089388757913827,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17701038311684724372,9637089388757913827,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17701038311684724372,9637089388757913827,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3872 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2136,17701038311684724372,9637089388757913827,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5380 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,17701038311684724372,9637089388757913827,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5752 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,17701038311684724372,9637089388757913827,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5752 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.solvusoft.com/es/fileviewpro/install/?utm_source=fileviewpro&utm_campaign=version_1.9.8.19_06042019&utm_medium=bundle-winthruster

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffbc9e546f8,0x7ffbc9e54708,0x7ffbc9e54718

C:\Program Files\FileViewPro\FileViewPro.exe

"C:\Program Files\FileViewPro\FileViewPro.exe" /restartWithNoAdminRights lang=sp

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17701038311684724372,9637089388757913827,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17701038311684724372,9637089388757913827,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17701038311684724372,9637089388757913827,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17701038311684724372,9637089388757913827,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17701038311684724372,9637089388757913827,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1

C:\Windows\SysWOW64\explorer.exe

"C:\Windows\System32\explorer.exe" C:\Program Files\FileViewPro\FileViewPro.exe

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Program Files\FileViewPro\FileViewPro.exe

"C:\Program Files\FileViewPro\FileViewPro.exe"

C:\Users\Admin\Desktop\rkfree_setup_301_password_123.exe

"C:\Users\Admin\Desktop\rkfree_setup_301_password_123.exe"

C:\Users\Admin\AppData\Local\Temp\rkfree_setup\rkfree_setup64.exe

"C:\Users\Admin\AppData\Local\Temp\rkfree_setup\rkfree_setup64.exe"

C:\Users\Admin\Desktop\rkfree_setup_301_password_123.exe

"C:\Users\Admin\Desktop\rkfree_setup_301_password_123.exe"

C:\Users\Admin\AppData\Local\Temp\rkfree_setup\rkfree_setup64.exe

"C:\Users\Admin\AppData\Local\Temp\rkfree_setup\rkfree_setup64.exe"

C:\Windows\system32\rvlkl.exe

"C:\Windows\system32\rvlkl.exe" -install -lang 9

C:\Windows\system32\rvlkl.exe

"C:\Windows\system32\rvlkl.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbc9af4f50,0x7ffbc9af4f60,0x7ffbc9af4f70

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1608,14907485170383102316,16029158567624251584,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1624 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1608,14907485170383102316,16029158567624251584,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=2000 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1608,14907485170383102316,16029158567624251584,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2396 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,14907485170383102316,16029158567624251584,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3024 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,14907485170383102316,16029158567624251584,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2900 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,14907485170383102316,16029158567624251584,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1608,14907485170383102316,16029158567624251584,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4528 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1608,14907485170383102316,16029158567624251584,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4728 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1608,14907485170383102316,16029158567624251584,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4700 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1608,14907485170383102316,16029158567624251584,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4664 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1608,14907485170383102316,16029158567624251584,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,14907485170383102316,16029158567624251584,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,14907485170383102316,16029158567624251584,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3076 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,14907485170383102316,16029158567624251584,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3040 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1608,14907485170383102316,16029158567624251584,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4560 /prefetch:8

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Revealer Keylogger Free_3.01_Crack.txt

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1608,14907485170383102316,16029158567624251584,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4788 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,14907485170383102316,16029158567624251584,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3848 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,14907485170383102316,16029158567624251584,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1608,14907485170383102316,16029158567624251584,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5672 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1608,14907485170383102316,16029158567624251584,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5792 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,14907485170383102316,16029158567624251584,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1608,14907485170383102316,16029158567624251584,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3244 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1608,14907485170383102316,16029158567624251584,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3320 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1608,14907485170383102316,16029158567624251584,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4544 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=patch.mojom.FilePatcher --field-trial-handle=1608,14907485170383102316,16029158567624251584,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3320 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=patch.mojom.FilePatcher --field-trial-handle=1608,14907485170383102316,16029158567624251584,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4884 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=patch.mojom.FilePatcher --field-trial-handle=1608,14907485170383102316,16029158567624251584,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6104 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,14907485170383102316,16029158567624251584,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2376 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1608,14907485170383102316,16029158567624251584,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6128 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1608,14907485170383102316,16029158567624251584,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5816 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1608,14907485170383102316,16029158567624251584,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5768 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1608,14907485170383102316,16029158567624251584,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5696 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1608,14907485170383102316,16029158567624251584,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5816 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1608,14907485170383102316,16029158567624251584,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5640 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1608,14907485170383102316,16029158567624251584,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5992 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1608,14907485170383102316,16029158567624251584,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=888 /prefetch:8

Network

Country Destination Domain Proto
US 93.184.220.29:80 tcp
US 93.184.220.29:80 tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 www.logixoft.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 clients2.google.com udp
NL 172.217.168.238:443 clients2.google.com tcp
NL 142.251.36.45:443 accounts.google.com tcp
FR 87.98.255.2:443 www.logixoft.com tcp
FR 87.98.255.2:443 www.logixoft.com tcp
US 8.8.8.8:53 edgedl.me.gvt1.com udp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 96.16.53.134:80 apps.identrust.com tcp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 translate.googleapis.com udp
NL 172.217.168.194:443 googleads.g.doubleclick.net tcp
NL 142.251.36.38:443 static.doubleclick.net tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
NL 172.217.168.194:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
NL 172.217.168.202:443 jnn-pa.googleapis.com tcp
NL 172.217.168.202:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.251.36.54:443 i.ytimg.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google udp
US 74.120.9.94:443 tcp
US 151.101.65.26:443 polyfill.io tcp
NL 172.255.6.177:443 tcp
NL 172.255.6.177:443 tcp
NL 172.255.6.177:443 tcp
NL 172.255.6.177:443 tcp
NL 172.255.6.177:443 tcp
NL 172.255.6.177:443 tcp
US 104.27.194.88:443 tcp
US 104.27.194.88:443 tcp
US 8.8.8.8:53 trust.quovadisglobal.com udp
DE 52.219.75.174:80 trust.quovadisglobal.com tcp
NL 104.126.126.182:443 cdn.safecharge.com tcp
CH 45.131.244.8:443 tcp
US 74.120.8.226:443 tcp
US 216.239.32.36:443 region1.google-analytics.com udp
US 74.120.10.117:443 tcp
US 74.120.10.117:443 tcp
NL 104.126.126.182:443 sdkmon.safecharge.com tcp
NL 104.126.126.182:443 tcp
NL 104.126.126.182:443 tcp
NL 104.126.126.182:443 tcp
NL 104.126.126.182:443 tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google udp
IE 13.69.239.73:443 tcp
US 8.8.8.8:443 dns.google udp
US 13.107.21.200:443 tcp
US 8.8.8.8:53 nav.smartscreen.microsoft.com udp
NL 20.86.249.62:443 nav.smartscreen.microsoft.com tcp
US 8.8.8.8:53 smartscreen-prod.microsoft.com udp
NL 20.73.130.64:443 smartscreen-prod.microsoft.com tcp
NL 20.73.130.64:443 smartscreen-prod.microsoft.com tcp
NL 20.73.130.64:443 smartscreen-prod.microsoft.com tcp
US 8.8.8.8:53 ntp.msn.com udp
US 204.79.197.200:443 www.bing.com tcp
US 8.8.8.8:53 assets.msn.com udp
FR 2.17.34.95:443 assets.msn.com tcp
FR 2.17.34.95:443 assets.msn.com tcp
FR 2.17.34.95:443 assets.msn.com tcp
FR 2.17.34.95:443 assets.msn.com tcp
FR 2.17.34.95:443 assets.msn.com tcp
US 8.8.8.8:53 img-s-msn-com.akamaized.net udp
US 8.8.8.8:53 c.bing.com udp
US 204.79.197.200:443 c.bing.com tcp
FR 2.22.22.128:443 img-s-msn-com.akamaized.net tcp
US 8.8.8.8:53 c.msn.com udp
US 8.8.8.8:53 sb.scorecardresearch.com udp
IE 20.234.93.27:443 c.msn.com tcp
BE 13.225.239.90:443 sb.scorecardresearch.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google udp
US 20.42.65.85:443 tcp
US 13.107.21.200:443 c.bing.com tcp
US 204.79.197.239:443 tcp
NL 104.109.143.4:443 deff.nelreports.net tcp
US 8.8.8.8:443 dns.google udp
US 204.79.197.239:443 tcp
FR 2.18.229.214:443 tcp
US 204.79.197.219:443 tcp
US 204.79.197.200:443 c.bing.com tcp
US 204.79.197.219:443 tcp
US 204.79.197.200:443 c.bing.com tcp
US 20.42.65.85:443 tcp
US 204.79.197.200:443 c.bing.com tcp
US 104.19.132.78:443 tcp
US 104.19.132.78:443 udp
US 151.101.1.44:443 images.archive-digger.com tcp
US 104.18.41.98:443 privacyportal.onetrust.com tcp
US 8.8.8.8:53 nav.smartscreen.microsoft.com udp
NL 20.86.249.62:443 nav.smartscreen.microsoft.com tcp
US 52.171.136.200:443 tcp
US 8.8.8.8:53 clients2.google.com udp
NL 172.217.168.238:443 clients2.google.com udp
NL 142.251.36.45:443 accounts.google.com udp
US 8.8.8.8:53 apis.google.com udp
NL 216.58.214.14:443 apis.google.com tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google udp
US 8.8.8.8:443 dns.google tcp
NL 142.250.179.163:443 update.googleapis.com tcp
NL 142.251.39.97:443 lh5.googleusercontent.com tcp
NL 142.251.39.97:443 udp
NL 216.58.214.14:443 apis.google.com tcp
NL 216.58.214.14:443 apis.google.com udp
NL 142.251.36.54:443 i.ytimg.com udp
NL 74.125.8.232:443 r3---sn-5hnednsz.googlevideo.com tcp
NL 74.125.8.232:443 r3---sn-5hnednsz.googlevideo.com tcp
NL 74.125.8.233:443 udp
NL 142.251.36.45:443 accounts.google.com udp
NL 216.58.208.106:443 content-autofill.googleapis.com tcp
NL 216.58.208.106:443 udp
NL 142.250.179.138:443 udp
NL 142.250.179.138:443 tcp
NL 142.251.36.1:443 yt3.ggpht.com udp
NL 172.217.168.238:443 clients2.google.com tcp
US 8.8.8.8:443 dns.google udp
NL 142.250.179.163:443 update.googleapis.com tcp
NL 142.251.36.35:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 edgedl.me.gvt1.com udp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
NL 142.251.36.35:443 udp
CA 34.95.44.106:443 e2c20.gcp.gvt2.com tcp
IN 172.217.166.163:443 beacons2.gvt2.com tcp
IN 172.217.166.163:443 tcp
NL 172.217.168.227:443 beacons.gvt2.com tcp
IN 172.217.166.163:443 udp
NL 142.250.179.163:443 udp
US 8.8.8.8:443 dns.google udp
NL 142.250.179.170:443 safebrowsing.googleapis.com tcp
NL 142.251.36.45:443 accounts.google.com udp
NL 142.251.36.35:443 udp
NL 142.250.179.170:443 udp
NL 142.250.179.163:443 udp
US 13.107.21.200:443 c.bing.com tcp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
NL 142.250.179.163:443 udp
US 8.8.8.8:53 spo-ring.msedge.net udp
US 13.107.136.254:443 spo-ring.msedge.net tcp
US 204.79.197.200:443 www.bing.com tcp
US 8.8.8.8:53 cxcs.microsoft.net udp
NL 23.0.87.20:443 cxcs.microsoft.net tcp
US 8.8.8.8:53 teams-ring.msedge.net udp
US 52.113.196.254:443 teams-ring.msedge.net tcp
US 8.8.8.8:53 fp-vs-nocache.azureedge.net udp
US 72.21.81.200:443 fp-vs-nocache.azureedge.net tcp
US 8.8.8.8:53 m.qualifytring.com udp
US 13.107.53.254:443 m.qualifytring.com tcp
US 13.107.21.200:443 www.bing.com tcp
US 204.79.197.200:443 www.bing.com tcp
US 8.8.8.8:53 static-ecst.licdn.com udp
US 152.199.24.163:443 static-ecst.licdn.com tcp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
NL 142.250.179.163:443 udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google udp
NL 142.251.36.45:443 accounts.google.com udp
US 13.107.21.200:443 www.bing.com tcp
US 8.8.8.8:53 s-ring.msedge.net udp
US 13.107.3.254:443 s-ring.msedge.net tcp
US 13.107.136.254:443 spo-ring.msedge.net tcp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
US 8.8.4.4:443 dns.google udp
NL 142.250.179.163:443 udp
US 13.107.21.200:443 www.bing.com tcp
US 8.8.8.8:53 afdxtest.z01.azurefd.net udp
US 13.107.246.67:443 afdxtest.z01.azurefd.net tcp
US 8.8.8.8:53 fp-afd-nocache.azureedge.net udp
US 13.107.246.67:443 fp-afd-nocache.azureedge.net tcp
US 8.8.8.8:53 rum18.perf.linkedin.com udp
US 13.107.43.14:443 rum18.perf.linkedin.com tcp
US 8.8.8.8:53 a-ring-fallback.msedge.net udp
US 131.253.33.254:443 a-ring-fallback.msedge.net tcp
US 72.21.81.200:443 fp-vs-nocache.azureedge.net tcp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google udp
NL 142.250.179.163:443 udp
US 8.8.8.8:443 dns.google udp
NL 142.251.36.35:443 udp
US 216.58.199.131:443 udp
US 204.79.197.200:443 www.bing.com tcp
US 8.8.8.8:53 nav.smartscreen.microsoft.com udp
IE 20.67.219.150:443 nav.smartscreen.microsoft.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 204.79.197.239:443 edge.microsoft.com tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google udp
US 8.8.8.8:443 dns.google tcp
NL 23.73.0.135:443 assets.msn.com tcp
NL 23.73.0.135:443 assets.msn.com tcp
IE 20.234.93.27:443 c.msn.com tcp
FR 2.22.22.154:443 tcp
US 204.79.197.200:443 www.bing.com tcp
US 108.138.36.30:443 tcp
NL 23.51.68.110:443 tcp
NL 104.109.143.22:443 deff.nelreports.net tcp
US 13.107.21.200:443 www.bing.com tcp
US 13.107.246.67:443 fp-afd-nocache.azureedge.net tcp
US 8.8.8.8:53 dual-s-ring.msedge.net udp
US 52.123.128.254:443 dual-s-ring.msedge.net tcp
FR 87.98.255.2:443 www.logixoft.com tcp
FR 87.98.255.2:443 www.logixoft.com tcp
US 8.8.8.8:53 nav.smartscreen.microsoft.com udp
IE 20.82.250.189:443 nav.smartscreen.microsoft.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com udp
US 8.8.8.8:443 dns.google udp
US 204.79.197.239:443 edge.microsoft.com tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.253.135.120:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 204.79.197.239:443 edge.microsoft.com tcp
US 216.239.32.36:443 region1.google-analytics.com udp
NL 20.50.1.16:443 tcp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
NL 142.250.179.163:443 udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google udp
US 204.79.197.239:443 edge.microsoft.com tcp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:443 dns.google udp
NL 142.251.39.97:443 udp
US 8.8.8.8:443 dns.google udp
NL 142.250.179.170:443 udp
FR 87.98.254.161:443 tcp
FR 87.98.254.161:443 tcp
US 8.8.8.8:53 crt.sectigo.com udp
GB 91.199.212.52:80 crt.sectigo.com tcp
FR 87.98.254.161:443 tcp
FR 87.98.254.161:443 tcp
FR 87.98.254.161:443 tcp
FR 87.98.254.161:443 tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
NL 104.80.228.119:443 s7.addthis.com tcp
NL 104.80.225.152:443 z.moatads.com tcp
NL 104.80.228.119:443 s7.addthis.com tcp
NL 142.250.179.138:443 udp
NL 172.217.168.194:443 googleads.g.doubleclick.net udp
NL 172.217.168.194:443 googleads.g.doubleclick.net tcp
NL 142.251.39.98:443 partner.googleadservices.com tcp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.251.36.1:443 yt3.ggpht.com udp
NL 142.250.179.194:443 www.googletagservices.com tcp
NL 172.217.168.194:443 googleads.g.doubleclick.net udp
NL 142.250.179.194:443 udp
FR 87.98.254.161:443 tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
FR 87.98.254.161:443 tcp
FR 87.98.254.161:443 tcp
FR 87.98.254.161:443 tcp
NL 142.251.39.98:443 udp
NL 104.126.124.21:443 tags.bluekai.com tcp
NL 46.228.164.13:443 d.turn.com tcp
IE 52.30.247.235:443 tcp
US 52.223.40.198:443 tcp
NL 185.29.134.244:443 tcp
NL 142.251.36.34:443 tcp
NL 185.89.210.20:443 tcp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
US 8.8.8.8:53 edgedl.me.gvt1.com udp
NL 142.251.36.34:443 udp
US 35.186.253.211:443 tcp
NL 198.47.127.19:443 tcp
NL 213.19.162.90:443 tcp
US 104.18.18.126:443 ssum-sec.casalemedia.com tcp
IE 52.48.82.83:443 tcp
DE 91.228.74.168:443 tcp
FR 87.98.254.161:443 tcp
FR 87.98.254.161:443 tcp
NL 142.250.179.170:443 udp
IE 212.82.100.182:443 tcp
US 207.198.113.203:443 tcp
US 3.220.248.112:443 tcp
US 35.244.174.68:443 id.rlcdn.com tcp
US 35.190.90.30:443 odr.mookie1.com tcp
GB 18.132.100.23:443 tcp
IE 52.213.169.200:443 tcp
US 35.244.159.8:443 us-u.openx.net tcp
US 104.18.18.126:443 dsum-sec.casalemedia.com tcp
NL 213.19.162.90:443 tcp
FR 87.98.254.161:443 tcp
US 8.8.8.8:443 dns.google udp
NL 142.250.179.163:443 udp
SG 52.220.104.98:80 tcp
SG 52.220.104.98:80 www.muvee.com tcp
SG 52.220.104.98:443 tcp
SG 52.220.104.98:443 tcp
US 172.67.36.56:443 www.shopperapproved.com tcp
SG 52.220.104.98:443 tcp
SG 52.220.104.98:443 tcp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com tcp
SG 52.220.104.98:443 tcp
SG 52.220.104.98:443 tcp
US 142.250.102.157:443 stats.g.doubleclick.net tcp
US 23.20.225.30:443 tcp
US 34.96.102.137:443 udp
US 142.250.102.157:443 udp
NL 142.251.36.3:443 www.google.nl tcp
NL 142.251.36.3:443 udp
US 108.138.36.26:443 widget.intercom.io tcp
US 18.66.192.68:443 js.intercomcdn.com tcp
US 75.2.88.188:443 tcp
FR 87.98.254.161:443 tcp
IE 54.171.98.27:443 tcp
US 8.8.8.8:53 px.surveywall-api.survata.com udp
IE 54.154.133.179:443 tcp
US 52.45.250.225:443 tcp
FR 87.98.254.161:443 tcp
US 151.101.2.132:443 pt.ispot.tv tcp
FR 87.98.255.2:443 www.logixoft.com tcp
US 8.8.8.8:443 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 104.17.24.14:443 cdnjs.cloudflare.com udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 204.79.197.239:443 edge.microsoft.com tcp
NL 20.50.1.16:443 tcp
US 8.8.8.8:443 dns.google udp
NL 216.58.214.3:443 google.nl tcp
NL 172.217.168.238:443 clients2.google.com udp
DE 35.207.191.46:443 e2c42.gcp.gvt2.com tcp
US 142.250.102.94:443 udp
NL 142.251.39.97:443 udp
US 188.114.96.6:443 abrirarchivos.info tcp
US 188.114.96.6:443 tcp
RU 88.212.201.198:443 tcp
RU 88.212.201.198:443 tcp
US 188.114.97.0:443 fileinfo.com tcp
US 188.114.97.0:443 tcp
NL 172.217.168.194:443 googleads.g.doubleclick.net udp
NL 172.217.168.194:443 googleads.g.doubleclick.net udp
NL 142.251.39.98:443 udp
NL 142.251.36.1:443 yt3.ggpht.com udp
NL 142.250.179.194:443 udp
NL 142.251.36.34:443 udp
US 52.223.40.198:443 tcp
US 199.232.194.154:443 download.cnet.com tcp
US 199.232.194.154:443 tcp
US 151.101.66.154:443 at.adtech.redventures.io tcp
US 104.16.149.64:443 cdn.cookielaw.org tcp
NL 216.58.208.98:443 securepubads.g.doubleclick.net tcp
NL 104.109.248.155:443 tcp
US 151.101.1.194:443 tcp
US 151.101.66.154:443 at.adtech.redventures.io tcp
US 104.16.149.64:443 cdn.cookielaw.org tcp
NL 216.58.208.98:443 udp
NL 216.58.208.98:443 udp
NL 142.250.179.138:443 udp
US 8.8.8.8:443 dns.google udp
US 172.64.146.158:443 geolocation.onetrust.com tcp
NL 142.250.179.170:443 udp
NL 104.80.225.152:443 z.moatads.com tcp
NL 142.250.179.170:443 imasdk.googleapis.com tcp
NL 104.109.248.155:443 tcp
US 34.120.195.249:443 o348491.ingest.sentry.io tcp
GB 18.132.187.107:443 tcp
US 104.196.113.33:443 tcp
NL 65.9.78.68:443 c.amazon-adsystem.com tcp
NL 104.80.224.240:443 tcp
NL 104.85.4.223:443 tcp
US 18.66.192.28:443 cdn.cohesionapps.com tcp
NL 185.89.210.212:443 tcp
NL 213.19.162.51:443 tcp
NL 213.19.162.51:443 tcp
DE 3.123.238.41:443 tcp
NL 178.250.2.131:443 bidder.criteo.com tcp
GB 185.64.190.77:443 tcp
US 8.8.8.8:53 prebid.media.net udp
US 104.18.18.126:443 htlb.casalemedia.com tcp
US 34.107.148.139:443 prebid.media.net tcp
US 8.8.8.8:53 c2shb.ssp.yahoo.com udp
DE 35.157.246.167:443 c2shb.ssp.yahoo.com tcp
DE 35.157.246.167:443 c2shb.ssp.yahoo.com tcp
DE 35.157.246.167:443 c2shb.ssp.yahoo.com tcp
US 8.8.8.8:53 grid.bidswitch.net udp
US 35.211.165.199:443 grid.bidswitch.net tcp
US 108.138.36.30:443 tcp
US 52.21.118.85:443 tcp
US 34.120.133.55:443 api.rlcdn.com tcp
US 3.220.58.99:443 tcp
IE 52.17.87.40:443 tcp
US 54.205.231.87:443 tcp
US 54.205.231.87:443 tcp
US 54.83.51.197:443 tcp
NL 65.9.78.68:443 c.amazon-adsystem.com tcp
IE 52.30.136.252:443 tcp
IE 52.17.180.229:443 tcp
FR 15.236.176.210:443 saa.cnet.com tcp
US 104.18.19.126:443 as-sec.casalemedia.com tcp
NL 184.29.204.223:443 www.everestjs.net tcp
NL 178.250.2.130:443 static.criteo.net tcp
NL 104.109.248.155:443 tcp
NL 178.250.2.130:443 static.criteo.net tcp
US 18.66.192.21:443 cdn-gl.imrworldwide.com tcp
NL 142.250.179.193:443 a2d1acc44676e4aa9cfcec417ba148c3.safeframe.googlesyndication.com tcp
FR 178.250.0.189:443 ssp-sync.criteo.com tcp
US 54.205.231.87:443 tcp
US 172.64.146.158:443 privacyportal.onetrust.com tcp
US 35.244.224.207:443 tcp
US 35.244.224.207:443 tcp
US 104.244.42.67:443 analytics.twitter.com tcp
US 34.111.234.236:443 ml314.com tcp
IE 52.18.161.218:443 tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 15.197.179.228:443 de2-bid.adsrvr.org tcp
DE 3.125.90.97:443 tcp
GB 87.248.116.11:443 tcp
US 108.138.36.5:443 choices.truste.com tcp
US 8.8.8.8:53 cdn.doubleverify.com udp
DE 52.57.96.36:443 tcp
NL 104.123.45.213:443 cdn.doubleverify.com tcp
DE 213.254.244.109:443 rtb0.doubleverify.com tcp
DE 213.254.244.26:443 rtbc-frc.doubleverify.com tcp
NL 185.89.210.212:443 tcp
US 35.211.165.199:443 grid.bidswitch.net tcp
US 18.66.192.118:443 choices.trustarc.com tcp
US 18.66.192.118:443 tcp
US 18.66.192.118:443 tcp
US 8.8.8.8:443 dns.google tcp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
US 8.8.8.8:443 dns.google udp
NL 172.217.168.238:443 clients2.google.com udp
NL 216.58.214.3:443 udp
NL 142.250.179.163:443 udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google udp
SG 52.220.104.98:80 www.muvee.com tcp
SG 52.220.104.98:80 tcp
US 8.8.8.8:53 nav.smartscreen.microsoft.com udp
NL 20.73.130.64:443 nav.smartscreen.microsoft.com tcp
SG 52.220.104.98:443 tcp
NL 20.73.130.64:443 nav.smartscreen.microsoft.com tcp
NL 20.73.130.64:443 nav.smartscreen.microsoft.com tcp
NL 20.73.130.64:443 nav.smartscreen.microsoft.com tcp
SG 52.220.104.98:443 tcp
US 104.22.24.135:443 www.shopperapproved.com tcp
SG 52.220.104.98:443 tcp
SG 52.220.104.98:443 tcp
SG 52.220.104.98:443 tcp
SG 52.220.104.98:443 tcp
US 104.22.24.135:443 udp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com tcp
US 142.250.102.157:443 stats.g.doubleclick.net tcp
US 34.227.128.18:443 tcp
US 34.96.102.137:443 udp
NL 216.58.208.98:443 googleads.g.doubleclick.net tcp
US 142.250.102.157:443 udp
NL 142.251.36.3:443 tcp
NL 142.251.36.3:443 www.google.nl tcp
US 108.138.36.26:443 widget.intercom.io tcp
US 18.66.192.129:443 js.intercomcdn.com tcp
US 99.83.219.81:443 tcp
US 34.237.73.95:443 tcp
US 18.66.192.129:443 js.intercomcdn.com tcp
US 18.66.192.113:443 static.intercomassets.com tcp
US 216.239.32.36:443 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
NL 172.217.168.194:443 googleads.g.doubleclick.net tcp
NL 172.217.168.194:443 googleads.g.doubleclick.net udp
US 8.8.4.4:443 dns.google udp
US 8.8.8.8:53 www.fileviewpro.com udp
US 34.203.154.38:443 www.fileviewpro.com tcp
US 34.203.154.38:443 www.fileviewpro.com tcp
NL 142.250.179.200:443 ssl.google-analytics.com tcp
NL 142.250.179.200:443 udp
US 142.250.102.157:443 tcp
US 142.250.102.157:443 udp
NL 104.74.232.236:443 www.solvusoft.com tcp
NL 142.250.179.138:443 ajax.googleapis.com tcp
US 108.138.36.58:443 cdn.ywxi.net tcp
ZA 104.212.67.142:443 tcp
US 52.218.234.56:443 tcp
US 52.218.234.56:443 tcp
US 44.240.9.253:443 tcp
NL 216.58.214.14:443 apis.google.com tcp
NL 216.58.214.14:443 apis.google.com udp
NL 142.251.36.3:443 tcp
NL 142.251.36.3:443 udp
US 20.120.124.64:443 tcp
US 20.120.124.64:443 tcp
IE 20.234.93.27:443 c.msn.com tcp
US 204.79.197.200:443 www.bing.com tcp
NL 216.58.208.100:80 www.google.com tcp
US 8.8.8.8:53 www.solvusoft.com udp
NL 104.74.232.236:80 www.solvusoft.com tcp
NL 216.58.208.100:80 www.google.com tcp
NL 104.74.232.236:443 www.solvusoft.com tcp
NL 216.58.208.100:80 www.google.com tcp
US 8.8.4.4:443 dns.google udp
US 8.8.8.8:53 stats.smartpctools.com udp
US 8.8.8.8:53 www.solvusoft.com udp
NL 104.74.232.236:443 www.solvusoft.com tcp
US 204.79.197.200:443 www.bing.com tcp
US 8.8.8.8:53 nav.smartscreen.microsoft.com udp
NL 20.86.249.62:443 nav.smartscreen.microsoft.com tcp
NL 20.86.249.62:443 nav.smartscreen.microsoft.com tcp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 images.scanalert.com udp
US 8.8.8.8:53 cdn.ywxi.net udp
US 108.138.36.107:443 cdn.ywxi.net tcp
US 8.8.8.8:53 s3-us-west-2.amazonaws.com udp
US 8.8.8.8:53 www.clarity.ms udp
US 52.218.246.176:443 s3-us-west-2.amazonaws.com tcp
US 52.218.246.176:443 s3-us-west-2.amazonaws.com tcp
US 40.90.65.2:443 www.clarity.ms tcp
US 8.8.8.8:53 www.googlecommerce.com udp
NL 142.251.36.14:443 www.googlecommerce.com tcp
US 8.8.8.8:53 www.trustedsite.com udp
US 44.241.90.245:443 www.trustedsite.com tcp
NL 216.58.214.14:443 apis.google.com tcp
NL 216.58.214.14:443 apis.google.com udp
US 8.8.8.8:53 m.clarity.ms udp
US 20.120.124.64:443 m.clarity.ms tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 204.79.197.239:443 edge.microsoft.com tcp
US 8.8.8.8:53 api.cognitive.microsofttranslator.com udp
NL 20.50.1.16:443 api.cognitive.microsofttranslator.com tcp
US 8.8.4.4:443 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
IE 20.234.93.27:443 c.msn.com tcp
US 204.79.197.200:443 www.bing.com tcp
US 142.250.102.154:443 udp
US 142.250.102.154:443 tcp
NL 142.251.36.3:443 udp
US 8.8.4.4:443 dns.google udp
US 204.79.197.239:443 edge.microsoft.com tcp
NL 142.251.36.14:443 www.googlecommerce.com tcp
US 172.217.2.195:443 udp
NL 104.74.232.236:80 www.solvusoft.com tcp
NL 104.74.232.236:80 www.solvusoft.com tcp
US 8.8.8.8:53 nav.smartscreen.microsoft.com udp
IE 20.67.219.150:443 nav.smartscreen.microsoft.com tcp
IE 20.67.219.150:443 nav.smartscreen.microsoft.com tcp
US 52.218.185.216:443 tcp
US 52.218.185.216:443 tcp
NL 23.73.0.135:443 assets.msn.com tcp
NL 23.73.0.135:443 assets.msn.com tcp
US 108.138.36.7:443 tcp
US 204.79.197.200:443 www.bing.com tcp
FR 2.22.22.186:443 tcp
IE 20.234.93.27:443 c.msn.com tcp
NL 142.251.36.14:443 www.googlecommerce.com udp
FR 2.22.22.186:443 tcp
FR 23.217.248.131:443 tcp
US 20.120.124.64:443 m.clarity.ms tcp
US 8.8.8.8:53 www.solvusoft.com udp
NL 104.74.232.236:80 www.solvusoft.com tcp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 172.217.168.238:443 clients2.google.com udp
NL 142.251.36.45:443 accounts.google.com udp
NL 142.251.36.45:443 accounts.google.com tcp
NL 172.217.168.238:443 clients2.google.com tcp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
NL 142.251.39.97:443 lh4.googleusercontent.com udp
NL 142.251.39.97:443 lh4.googleusercontent.com udp
NL 142.251.39.97:443 lh4.googleusercontent.com udp
NL 142.251.39.97:443 lh4.googleusercontent.com tcp
US 8.8.4.4:443 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
NL 142.250.179.163:443 udp
NL 142.251.36.14:443 www.googlecommerce.com udp
NL 142.251.36.14:443 www.googlecommerce.com tcp
NL 142.251.36.14:443 www.googlecommerce.com udp
US 8.8.4.4:443 dns.google udp
NL 142.250.179.170:443 safebrowsing.googleapis.com tcp
US 188.114.96.0:443 tcp
US 188.114.96.0:443 downloadfreecracks.com tcp
NL 142.251.36.42:443 udp
NL 142.251.36.42:443 tcp
US 142.250.102.157:443 udp
US 142.250.102.157:443 tcp
US 8.8.4.4:443 dns.google udp
US 188.114.97.3:80 free3pc.site tcp
US 188.114.97.3:80 tcp
US 188.114.97.3:443 free3pc.site tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google udp
NL 142.251.36.14:443 www.googlecommerce.com tcp
US 8.8.4.4:443 dns.google udp
NL 142.250.179.163:443 update.googleapis.com tcp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
NL 142.250.179.163:443 udp
US 188.114.97.3:80 tcp
US 8.8.4.4:443 dns.google udp
NL 142.251.36.14:443 www.googlecommerce.com udp
US 8.8.4.4:443 dns.google udp
US 8.8.4.4:443 dns.google udp

Files

\??\pipe\crashpad_4252_MUAWFHRPOEYAUSVX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Caches

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/4164-134-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\rkfree_setup\rkfree_setup64.exe

MD5 521f2a5c686f718e3ca2dca5f4af2b49
SHA1 0d26e7d1541dff2e922b18c3ed5556f9f05e85d5
SHA256 7444dc7f026376291df6bc0ba8a1ef4a97b22b7efa1ff446e8b7ee83814f0533
SHA512 44fc79ad4c8ffe2197aeb3ea28fcd15412f707108e8b8b576b35fe38f9e8626f23b3983a9713ea161a4397c25d0329d1b0113417706500ee565e029dd3b31bd7

C:\Users\Admin\AppData\Local\Temp\rkfree_setup\rkfree_setup64.exe

MD5 521f2a5c686f718e3ca2dca5f4af2b49
SHA1 0d26e7d1541dff2e922b18c3ed5556f9f05e85d5
SHA256 7444dc7f026376291df6bc0ba8a1ef4a97b22b7efa1ff446e8b7ee83814f0533
SHA512 44fc79ad4c8ffe2197aeb3ea28fcd15412f707108e8b8b576b35fe38f9e8626f23b3983a9713ea161a4397c25d0329d1b0113417706500ee565e029dd3b31bd7

memory/4424-137-0x0000000000000000-mapping.dmp

C:\Windows\system32\rvlkl.exe

MD5 a96ec3a8236736c4153d8cc16c53dca3
SHA1 a2465dcf8ed6de45f8d67839c5105d08d94b9d7e
SHA256 2c4147281974ce872b59bc994c378561af209da70875b60d8d213e563e605b87
SHA512 39dafd41230958bd4fdeede772fee60297fc0f369e1c5f41bdad6854ea6a210a10d36a67a15ab6270d67f2bb1978b4de135edbe4d4779f9fcc51ff691b141270

C:\Windows\System32\rvlkl.exe

MD5 a96ec3a8236736c4153d8cc16c53dca3
SHA1 a2465dcf8ed6de45f8d67839c5105d08d94b9d7e
SHA256 2c4147281974ce872b59bc994c378561af209da70875b60d8d213e563e605b87
SHA512 39dafd41230958bd4fdeede772fee60297fc0f369e1c5f41bdad6854ea6a210a10d36a67a15ab6270d67f2bb1978b4de135edbe4d4779f9fcc51ff691b141270

C:\ProgramData\rvlkl\log.css

MD5 a35bd6e012b609d94a076699c5372657
SHA1 f1ca92f37ccb1c21078d79b465a1cfe5c8e6d9c6
SHA256 6ef8cfc8307115a02e5b60af549867dc79bdf3018eb95a9417e8e6c3632eabb5
SHA512 c048a0cbac75db0f72972989503e8f1ce0cb2b84f97e1223e4050f42095faefad06802117690aeec20c10951fdb5603201ab8aa4010b507bc8d5ef7ff7d960ba

C:\Windows\System32\rvlkl.exe

MD5 a96ec3a8236736c4153d8cc16c53dca3
SHA1 a2465dcf8ed6de45f8d67839c5105d08d94b9d7e
SHA256 2c4147281974ce872b59bc994c378561af209da70875b60d8d213e563e605b87
SHA512 39dafd41230958bd4fdeede772fee60297fc0f369e1c5f41bdad6854ea6a210a10d36a67a15ab6270d67f2bb1978b4de135edbe4d4779f9fcc51ff691b141270

C:\ProgramData\rvlkl\conf

MD5 195774d34ccabbc1a46a863dfb74e071
SHA1 4b7f99e31c4a938680ae843a11119249aa946ecd
SHA256 59b32c4bcc322d3d6d9526dbf9383b36111e0077432ffed67faac94567e1f8f9
SHA512 1c1974f8dfcbe65387343aa705f0f6970ef5890b95a5fcd2161838ae986c5d2a5877e2fd8b42b1ce774214dc2f9c973ef6ab1f173064335d08692bad72d148a9

C:\Windows\System32\rvlkl.exe

MD5 a96ec3a8236736c4153d8cc16c53dca3
SHA1 a2465dcf8ed6de45f8d67839c5105d08d94b9d7e
SHA256 2c4147281974ce872b59bc994c378561af209da70875b60d8d213e563e605b87
SHA512 39dafd41230958bd4fdeede772fee60297fc0f369e1c5f41bdad6854ea6a210a10d36a67a15ab6270d67f2bb1978b4de135edbe4d4779f9fcc51ff691b141270

memory/2456-146-0x0000000000000000-mapping.dmp

memory/4616-148-0x0000000000000000-mapping.dmp

memory/4888-149-0x0000000000000000-mapping.dmp

\??\pipe\LOCAL\crashpad_4108_RCIOFTKBPJYSGNLF

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/3812-152-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 239184c5861d1a3748404e39635630e7
SHA1 35870a87c6d2fb1f1709c68cc8ab1b76e32f9103
SHA256 e55a4ebec69b7d5696ed5d534734174ffc0ff43121b5c5d1b1814bb80a30466f
SHA512 45aa93df50f8990762a0e024d004b6aea393ee96f3d1248b30f4a2c1051a81af34ab8a17da180c3e4c73dc96b1ec83e23321963335c8f44db98be50d72f1a4b5

memory/4576-155-0x0000000000000000-mapping.dmp

memory/3872-157-0x0000000000000000-mapping.dmp

memory/5108-159-0x0000000000000000-mapping.dmp

memory/3000-161-0x0000000000000000-mapping.dmp

memory/1548-163-0x0000000000000000-mapping.dmp

memory/1372-164-0x0000000000000000-mapping.dmp

memory/3352-165-0x0000000000000000-mapping.dmp

memory/4308-166-0x0000000000000000-mapping.dmp

memory/2568-168-0x0000000000000000-mapping.dmp

memory/1912-170-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 60cd6e50a74c45f9514c2ec70fe16a0d
SHA1 4d09cb4351688681c28912f89869703fc3a98c0a
SHA256 32fc80412bdafb44620e9694a7a9e1328c6067977021068d93061ee7753522d1
SHA512 cbab6f727cfedfeddd32fb9763479530530b79df262d09f319fecac9f89d9e08a5f38331f85f26930a35bf6e5bac01821b8edea4bd2b3abec5db55ff4468857e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1

MD5 0b5c7b737a1530f734646733962d316c
SHA1 57545a1d1c4b53f5cf5235a14db2c99dbbb77254
SHA256 7248d687cd23570678846998a80bba9aecbf44e05d52e661b8cff882afb3dd82
SHA512 56a428616d99acf436becc5a5c4b671f68c68d188b88ef77c86b5d365e1bada74f51fdd0f61400e0da84a0a78fc25e209bb591c4b97bb91a5fac6a3afd4370dc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account

MD5 b608d407fc15adea97c26936bc6f03f6
SHA1 953e7420801c76393902c0d6bb56148947e41571
SHA256 b281ce54125d4250a80f48fcc02a8eea53f2c35c3b726e2512c3d493da0013bf
SHA512 cc96ddf4bf90d6aaa9d86803cb2aa30cd8e9b295aee1bd5544b88aeab63dc60bb1d4641e846c9771bab51aabbfbcd984c6d3ee83b96f5b65d09c0841d464b9e4

\??\pipe\crashpad_4980_LOHAXDYQAJHPCDYR

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json

MD5 90f880064a42b29ccff51fe5425bf1a3
SHA1 6a3cae3996e9fff653a1ddf731ced32b2be2acbf
SHA256 965203d541e442c107dbc6d5b395168123d0397559774beae4e5b9abc44ef268
SHA512 d9cbfcd865356f19a57954f8fd952caf3d31b354112766c41892d1ef40bd2533682d4ec3f4da0e59a5397364f67a484b45091ba94e6c69ed18ab681403dfd3f3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13307484705803795

MD5 c0df6ec80e85ccdc7a0046d9788ccd6c
SHA1 cec5064b57362436f2016d91ae8f69ab82d61231
SHA256 82d2ae05cf2ab234eec60499a822e8046b7ed61efbadc695234d2fae763a61e9
SHA512 0cd6d3a1fd98fc22f896d656ee686ee7339cf6d765774886550197861b617ee924640c64c25877585668f46db5f6487537e37488e33447d7fe29f7241014cce9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\verified_contents.json

MD5 0834821960cb5c6e9d477aef649cb2e4
SHA1 7d25f027d7cee9e94e9cbdee1f9220c8d20a1588
SHA256 52a24fa2fb3bcb18d9d8571ae385c4a830ff98ce4c18384d40a84ea7f6ba7f69
SHA512 9aeafc3ece295678242d81d71804e370900a6d4c6a618c5a81cacd869b84346feac92189e01718a7bb5c8226e9be88b063d2ece7cb0c84f17bb1af3c5b1a3fc4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log

MD5 de92ad90be6d3364745b2f73f4c3cf73
SHA1 9158681463bd30e5af4dda4baac81f93cedbda77
SHA256 0025a3e0d3b834401b3b5f820e1991ef7e810d9a4b8b6b579e6301c94e7031a0
SHA512 9e81cefc195439439f4b23ee7696309d7bc3c08e5b444d2abde26d2f12b2d3bcfd124fb9a2d40c6389e9f787741676fad366a2e9982674e7b931028c014d8a79

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

MD5 20acc6e1d5246ab0e85c56459a7367ff
SHA1 ccddb7d45decee1169e985b36efe1f5d56c8e26d
SHA256 ab46e359311a0983f6cddbefdadf97f53deca30d3745baf7425e7e565ac99eac
SHA512 0845c6cb82d807837791fa969111409ebd923e10b4339222d6f1c20cc9028bf16024efea8d7d5e4907bb2fa2abc3231a15bd973fbc143b9d14329603e8b5349d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log

MD5 08e226884b19578d98c7e4bb35453d01
SHA1 43fc2b7fe63c423f417c8f944b16bd1d3335ae0d
SHA256 beb9e0d7f51195f0e3490678a3922a1e227a668107c017d09c94872fdb9f465f
SHA512 aa862fc6f2aa71405fc740162e4becbdca94b0716979b2e698c1c4b399b92a117705959b17b88344d40f6d772ad78709528623ddbf7f3e400224f77a9fc7110d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

MD5 639fd28f81dc29daf41207c0fb19294a
SHA1 158ea9a1318cb0905adbdd99e40b939e1bd5486c
SHA256 e26a2d4a28aee614690b93517eb1f877f8910e68d5d476c90ba32b7b36f6f842
SHA512 3c5a264299b878f7c51944d95321f7b5c7c5a03fd80027f2514c5312ec206f3e6296f200f1ac92b983c7bdfb16f264a8f6c8a43c6aa95491ee9db33ee2af4dd0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

MD5 7cfbe045cb2bcf284c0b6361b83851c9
SHA1 dff2aafb16d2fc330f31dd219bdd06886c14d545
SHA256 8ab628e291bfe9f45028e398e98ef1d545d3a0c9d2b8b86d10428946aeced776
SHA512 4b66ac79c83d234e31990627f00c7e5c4e47753dd858753e7e7dabe2c91880acfcebc2b37084d7c2da48f096c70b980982e9fc9b9eadb1f81203c0070c5fa830

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons

MD5 b1d8645514e146a811186727c83e69c2
SHA1 11bd6ffa3aae6692de2706d89bfb4e04c92d0487
SHA256 2a39131977b9af26196df76e8eb195fb2ab558317e44b372916dccfdaefec2df
SHA512 98119a4eb4b24285b7c0df09163d95397b9b6e6d0ba5ef6a8eb05a712a6eb7519d537401ac33cec2cbdcbadd18d0ea219c1530a52df759d648b75466d13c5124

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

MD5 f2ac4537d82eb8bc94620037a0f1387d
SHA1 265e1441affc4815dbc326a527df6c4432f28915
SHA256 b73f1ffb239d6e003950a65d7ee8f370cea787fcb3ee16d11a95fd02ab444c69
SHA512 4ef19857b129265f56f1bda95a9a962c654e7df835c3f5aa86dfa22eda91d8cfa0e3830f91da721d71f1b59df22a10b0fedd445c2f9b1fff0602f6f93101d62a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 87a0a691d08ba977c222a000540a7819
SHA1 c1c888b4f55d7ad92bd35ec824d8065bf71435c9
SHA256 5097f33ceae7b28cd3b7c564b7013d6d40be1ac7119286b032b199eaee3302a2
SHA512 3c1d31d9b89f81cede5440b9e815b1a5e83ed25d1775201515e6e10417fd938bdbf41e29d2a1f91c1d9bda3d69b6be394960f238331524d59f9b7400680bce19

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3a17bb3b227749afd6a909233e57334b
SHA1 d201d52536af4c6c6d0cd790506a52fa102f2f61
SHA256 b09d91763d01853a844aa199deff8de0deec53d52f650a063e21ed2f79e095e7
SHA512 a89cdc9bf7c06becfd778efc3d73e418efe2bf1b7757450343c9c8e864735b35bb7b74df99e10f1f6ad9cce441981cd9d05a47f8c431522b16ed2eb722467288

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

MD5 b63048c4e7e52c52053d25da30d9c5ab
SHA1 679a44d402f5ec24605719e06459f5a707989187
SHA256 389caa40ea458e84bc624a9af1e0dec60fa652b2db2b81c09b1dfe22822cc3d1
SHA512 e86c58c5a25e24f21ad79ed526a90c120a09c115f4820663bd2ebbc59e7bb1c4c418267eb77645522aa20b2c1b53fba8e31690db7bae9b21e4eff3db06316359

memory/3068-188-0x0000000000000000-mapping.dmp

memory/3612-189-0x0000000000000000-mapping.dmp

memory/2324-190-0x0000000000000000-mapping.dmp

memory/2792-191-0x0000000000000000-mapping.dmp

memory/1180-194-0x0000000000000000-mapping.dmp

memory/1984-196-0x0000000000000000-mapping.dmp

memory/3412-197-0x0000000000000000-mapping.dmp

memory/4428-199-0x0000000000000000-mapping.dmp

memory/2308-201-0x0000000000000000-mapping.dmp

memory/1204-203-0x0000000000000000-mapping.dmp

memory/3180-205-0x0000000000000000-mapping.dmp

memory/100-206-0x0000000000000000-mapping.dmp

memory/2792-208-0x0000000000000000-mapping.dmp

memory/4176-210-0x0000000000000000-mapping.dmp

memory/2136-211-0x0000000000000000-mapping.dmp

memory/2492-212-0x0000000000000000-mapping.dmp

memory/916-214-0x0000000000000000-mapping.dmp

memory/864-216-0x0000000000000000-mapping.dmp

memory/2388-218-0x0000000000000000-mapping.dmp

memory/2996-219-0x0000000000000000-mapping.dmp

memory/4552-220-0x0000000000000000-mapping.dmp

memory/4340-221-0x0000000000000000-mapping.dmp

memory/1188-223-0x0000000000000000-mapping.dmp

memory/3684-224-0x0000000000000000-mapping.dmp

memory/4552-226-0x0000000000000000-mapping.dmp

memory/5044-228-0x0000000000000000-mapping.dmp

memory/4244-230-0x0000000000000000-mapping.dmp

memory/4672-231-0x0000000000000000-mapping.dmp

memory/2488-233-0x0000000000000000-mapping.dmp

memory/2840-235-0x0000000000000000-mapping.dmp

memory/60-236-0x0000000000000000-mapping.dmp

memory/1504-238-0x0000000000000000-mapping.dmp

memory/3952-239-0x0000000000000000-mapping.dmp

memory/3952-240-0x00007FFBA7350000-0x00007FFBA7360000-memory.dmp

memory/3952-242-0x00007FFBA7350000-0x00007FFBA7360000-memory.dmp

memory/3952-241-0x00007FFBA7350000-0x00007FFBA7360000-memory.dmp

memory/3952-243-0x00007FFBA7350000-0x00007FFBA7360000-memory.dmp

memory/3952-244-0x00007FFBA7350000-0x00007FFBA7360000-memory.dmp

memory/3952-245-0x00007FFBA4D10000-0x00007FFBA4D20000-memory.dmp

memory/3952-246-0x00007FFBA4D10000-0x00007FFBA4D20000-memory.dmp

memory/4380-248-0x0000000000000000-mapping.dmp

memory/5344-250-0x0000000000000000-mapping.dmp

memory/988-251-0x0000000000000000-mapping.dmp

memory/5440-252-0x0000000000000000-mapping.dmp

memory/220-254-0x0000000000000000-mapping.dmp

memory/1772-256-0x0000000000000000-mapping.dmp

memory/5304-257-0x0000000000000000-mapping.dmp

memory/3552-258-0x0000000000000000-mapping.dmp

memory/2792-259-0x0000000000000000-mapping.dmp

memory/668-261-0x0000000000000000-mapping.dmp

memory/5712-263-0x0000000000000000-mapping.dmp

memory/5492-265-0x0000000000000000-mapping.dmp

memory/2916-266-0x0000000000000000-mapping.dmp

memory/3180-267-0x0000000000000000-mapping.dmp

memory/5320-268-0x0000000000000000-mapping.dmp

memory/5320-269-0x0000000000400000-0x00000000004BE000-memory.dmp

memory/5320-271-0x0000000000400000-0x00000000004BE000-memory.dmp

memory/5320-272-0x0000000000400000-0x00000000004BE000-memory.dmp

memory/3768-273-0x0000000000400000-0x000000000042A000-memory.dmp

memory/3768-275-0x0000000000400000-0x000000000042A000-memory.dmp

memory/3768-284-0x0000000000400000-0x000000000042A000-memory.dmp

memory/4824-287-0x00000000001C0000-0x000000000027E000-memory.dmp

memory/4824-289-0x0000000009250000-0x00000000092EC000-memory.dmp

memory/4824-290-0x00000000098A0000-0x0000000009E44000-memory.dmp

memory/4824-291-0x0000000004CD0000-0x0000000004D62000-memory.dmp

memory/4824-292-0x0000000004C70000-0x0000000004C7A000-memory.dmp

memory/4824-293-0x0000000004F20000-0x0000000004F76000-memory.dmp

memory/4824-294-0x0000000005E00000-0x0000000006A72000-memory.dmp

memory/4824-295-0x0000000008050000-0x00000000086B2000-memory.dmp

memory/4824-296-0x0000000005370000-0x0000000005390000-memory.dmp

memory/4824-297-0x0000000005700000-0x0000000005750000-memory.dmp

memory/4824-298-0x0000000007170000-0x00000000071FA000-memory.dmp

memory/4824-299-0x00000000072D0000-0x000000000739E000-memory.dmp

memory/4824-300-0x0000000007150000-0x000000000716C000-memory.dmp

memory/4824-301-0x0000000007C90000-0x0000000007CBE000-memory.dmp

memory/4824-302-0x0000000007D00000-0x0000000007D38000-memory.dmp

memory/3224-303-0x0000000007380000-0x00000000073DE000-memory.dmp

memory/3224-304-0x0000000007AE0000-0x0000000008104000-memory.dmp

memory/3224-305-0x000000000A3B0000-0x000000000A9B4000-memory.dmp

memory/3224-306-0x0000000007500000-0x0000000007520000-memory.dmp

memory/3952-309-0x00007FFBA7350000-0x00007FFBA7360000-memory.dmp

memory/3952-310-0x00007FFBA7350000-0x00007FFBA7360000-memory.dmp

memory/3952-311-0x00007FFBA7350000-0x00007FFBA7360000-memory.dmp

memory/3952-312-0x00007FFBA7350000-0x00007FFBA7360000-memory.dmp

memory/3224-313-0x0000000009010000-0x000000000909C000-memory.dmp

memory/3224-314-0x00000000092E0000-0x00000000092F6000-memory.dmp

memory/3224-315-0x000000000FEF0000-0x000000000FF58000-memory.dmp

memory/3224-316-0x000000000FEC0000-0x000000000FEE4000-memory.dmp

memory/3224-317-0x0000000011200000-0x00000000113F8000-memory.dmp

memory/3224-318-0x0000000011140000-0x000000001115A000-memory.dmp

memory/3224-319-0x00000000111E0000-0x00000000111FA000-memory.dmp

memory/3224-320-0x000000000BE00000-0x000000000BE22000-memory.dmp

memory/3224-321-0x000000000C100000-0x000000000C14A000-memory.dmp

memory/3224-322-0x000000000D500000-0x000000000D550000-memory.dmp

memory/3224-323-0x000000000D7F0000-0x000000000D84A000-memory.dmp

memory/3224-324-0x0000000012A70000-0x00000000130D4000-memory.dmp

memory/3224-325-0x00000000059F0000-0x0000000005A06000-memory.dmp