Analysis Overview
Threat Level: Known bad
The file https://www.logixoft.com/es-es/index was found to be: Known bad.
Malicious Activity Summary
Registers COM server for autorun
Downloads MZ/PE file
Executes dropped EXE
Drops file in Drivers directory
Loads dropped DLL
Reads user/profile data of web browsers
Checks computer location settings
Checks installed software on the system
Adds Run key to start application
Enumerates connected drives
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
Enumerates physical storage devices
Suspicious behavior: AddClipboardFormatListener
Suspicious use of SetWindowsHookEx
Modifies system certificate store
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Creates scheduled task(s)
Enumerates system info in registry
Checks processor information in registry
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Modifies registry class
NTFS ADS
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Checks SCSI registry key(s)
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2022-09-12 17:31
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2022-09-12 17:31
Reported
2022-09-12 18:06
Platform
win10v2004-20220812-en
Max time kernel
2099s
Max time network
2103s
Command Line
Signatures
Downloads MZ/PE file
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\drivers\rvlkl.sys | C:\Users\Admin\AppData\Local\Temp\rkfree_setup\rkfree_setup64.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\drivers\rvlkl.sys | C:\Users\Admin\AppData\Local\Temp\rkfree_setup\rkfree_setup64.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\drivers\rvlkl.sys | C:\Users\Admin\AppData\Local\Temp\rkfree_setup\rkfree_setup64.exe | N/A |
Executes dropped EXE
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 | C:\Users\Admin\AppData\Local\Temp\7z22E0D6CC\Uninst.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\rkfree_setup\rkfree_setup64.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\rkfree_setup\rkfree_setup64.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\Setup_FileViewPro_2022.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\WinThruster\WinThruster.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation | C:\Program Files\FileViewPro\FileViewPro.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Windows\CurrentVersion\Run | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Windows\CurrentVersion\Run | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Windows\CurrentVersion\Run | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Checks installed software on the system
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\rvlkl.exe | C:\Users\Admin\AppData\Local\Temp\rkfree_setup\rkfree_setup64.exe | N/A |
| File opened for modification | C:\Windows\system32\rvlkl.exe | C:\Users\Admin\AppData\Local\Temp\rkfree_setup\rkfree_setup64.exe | N/A |
| File opened for modification | C:\Windows\system32\rvlkl.dll | C:\Users\Admin\AppData\Local\Temp\rkfree_setup\rkfree_setup64.exe | N/A |
| File created | C:\Windows\system32\rvlkl.exe | C:\Users\Admin\AppData\Local\Temp\rkfree_setup\rkfree_setup64.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\FileViewPro\is-P0U7Q.tmp | C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp | N/A |
| File created | C:\Program Files\FileViewPro\Raw\is-APM1H.tmp | C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp | N/A |
| File created | C:\Program Files\FileViewPro\Langs\is-2UN8R.tmp | C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp | N/A |
| File created | C:\Program Files\FileViewPro\Langs\is-10VL5.tmp | C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\WinThruster\sqlite3.dll | C:\Users\Admin\AppData\Local\Temp\is-8LOT8.tmp\Setup_WinThruster_2020.tmp | N/A |
| File opened for modification | C:\Program Files\FileViewPro\DevExpress.Snap.v18.1.Core.dll | C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp | N/A |
| File created | C:\Program Files\FileViewPro\is-HO7G1.tmp | C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp | N/A |
| File created | C:\Program Files\FileViewPro\is-EP3CI.tmp | C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp | N/A |
| File created | C:\Program Files\FileViewPro\is-8VJIK.tmp | C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp | N/A |
| File created | C:\Program Files\FileViewPro\Langs\is-MTJLA.tmp | C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp | N/A |
| File created | C:\Program Files\FileViewPro\is-UVHTO.tmp | C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp | N/A |
| File created | C:\Program Files (x86)\WinThruster\is-LICRV.tmp | C:\Users\Admin\AppData\Local\Temp\is-8LOT8.tmp\Setup_WinThruster_2020.tmp | N/A |
| File created | C:\Program Files (x86)\WinThruster\is-MOKCL.tmp | C:\Users\Admin\AppData\Local\Temp\is-8LOT8.tmp\Setup_WinThruster_2020.tmp | N/A |
| File created | C:\Program Files\FileViewPro\is-6PIUN.tmp | C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp | N/A |
| File created | C:\Program Files\FileViewPro\Resources\Editor\monaco\min\vs\basic-languages\src\is-6HBBG.tmp | C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp | N/A |
| File created | C:\Program Files\FileViewPro\Resources\Editor\monaco\min\vs\basic-languages\src\is-7JIF6.tmp | C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp | N/A |
| File opened for modification | C:\Program Files\FileViewPro\7z\7z.dll | C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp | N/A |
| File opened for modification | C:\Program Files\FileViewPro\DevExpress.Spreadsheet.v18.1.Core.dll | C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp | N/A |
| File created | C:\Program Files\FileViewPro\Resources\Editor\monaco\min\vs\basic-languages\src\is-R355E.tmp | C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp | N/A |
| File created | C:\Program Files\FileViewPro\Resources\Editor\monaco\min\vs\basic-languages\src\is-9G6VA.tmp | C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp | N/A |
| File created | C:\Program Files\FileViewPro\is-240MB.tmp | C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp | N/A |
| File opened for modification | C:\Program Files\FileViewPro\SolvuSoft.Resources.dll | C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp | N/A |
| File opened for modification | C:\Program Files\FileViewPro\PaintDotNet.dll | C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp | N/A |
| File created | C:\Program Files\FileViewPro\Resources\Editor\monaco\min\vs\basic-languages\src\is-S77CL.tmp | C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp | N/A |
| File created | C:\Program Files\FileViewPro\Langs\is-PL42J.tmp | C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp | N/A |
| File opened for modification | C:\Program Files\FileViewPro\Vlc.DotNet.Forms.dll | C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp | N/A |
| File created | C:\Program Files\FileViewPro\unins000.msg | C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp | N/A |
| File created | C:\Program Files\FileViewPro\is-17NR1.tmp | C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp | N/A |
| File created | C:\Program Files\FileViewPro\is-GEPC9.tmp | C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp | N/A |
| File created | C:\Program Files\FileViewPro\is-H10AH.tmp | C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp | N/A |
| File created | C:\Program Files (x86)\WinThruster\is-AP6LP.tmp | C:\Users\Admin\AppData\Local\Temp\is-8LOT8.tmp\Setup_WinThruster_2020.tmp | N/A |
| File created | C:\Program Files (x86)\WinThruster\is-09VB8.tmp | C:\Users\Admin\AppData\Local\Temp\is-8LOT8.tmp\Setup_WinThruster_2020.tmp | N/A |
| File opened for modification | C:\Program Files\FileViewPro\DevExpress.XtraTreeList.v18.1.dll | C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp | N/A |
| File opened for modification | C:\Program Files\FileViewPro\SDL.dll | C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp | N/A |
| File opened for modification | C:\Program Files\FileViewPro\DevExpress.XtraBars.v18.1.dll | C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp | N/A |
| File opened for modification | C:\Program Files\FileViewPro\SocialExplorer.FastDBF.dll | C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp | N/A |
| File opened for modification | C:\Program Files\FileViewPro\O2S.Components.PDFView4NET.dll | C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp | N/A |
| File created | C:\Program Files\FileViewPro\is-B3PAD.tmp | C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp | N/A |
| File created | C:\Program Files\FileViewPro\is-NR86G.tmp | C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp | N/A |
| File created | C:\Program Files\FileViewPro\is-HJ9L5.tmp | C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp | N/A |
| File created | C:\Program Files\FileViewPro\Resources\Editor\monaco\min\vs\editor\is-KJRHU.tmp | C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp | N/A |
| File created | C:\Program Files\FileViewPro\Langs\is-450FE.tmp | C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3064_2091734735\ChromeRecovery.exe | C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe | N/A |
| File created | C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3064_2091734735\manifest.json | C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\FileViewPro\SolvuSoft.Localization.dll | C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp | N/A |
| File opened for modification | C:\Program Files\FileViewPro\DevExpress.XtraRichEdit.v18.1.dll | C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp | N/A |
| File opened for modification | C:\Program Files\FileViewPro\unins000.dat | C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp | N/A |
| File created | C:\Program Files\FileViewPro\Langs\is-0ITED.tmp | C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp | N/A |
| File created | C:\Program Files\FileViewPro\Langs\is-Q1HEG.tmp | C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp | N/A |
| File created | C:\Program Files\FileViewPro\is-R2N9B.tmp | C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp | N/A |
| File created | C:\Program Files\FileViewPro\is-ITJAM.tmp | C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp | N/A |
| File created | C:\Program Files\FileViewPro\is-GQJIS.tmp | C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp | N/A |
| File created | C:\Program Files\FileViewPro\Resources\Editor\monaco\min\vs\basic-languages\src\is-2MV3H.tmp | C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp | N/A |
| File created | C:\Program Files\FileViewPro\Langs\is-6O5D6.tmp | C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp | N/A |
| File opened for modification | C:\Program Files\FileViewPro\SevenZipSharp.dll | C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp | N/A |
| File created | C:\Program Files\FileViewPro\is-JPVKM.tmp | C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp | N/A |
| File created | C:\Program Files\FileViewPro\is-LL4SV.tmp | C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp | N/A |
| File created | C:\Program Files\FileViewPro\Resources\Editor\monaco\min\vs\editor\is-CJG3T.tmp | C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp | N/A |
| File created | C:\Program Files\FileViewPro\Langs\is-L1N1C.tmp | C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp | N/A |
| File opened for modification | C:\Program Files\FileViewPro\ImageView.dll | C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp | N/A |
| File opened for modification | C:\Program Files\FileViewPro\Vlc.DotNet.Core.dll | C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp | N/A |
| File created | C:\Program Files\FileViewPro\Resources\Editor\monaco\min\vs\language\typescript\lib\is-H3E2E.tmp | C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp | N/A |
| File created | C:\Program Files\FileViewPro\Resources\Editor\monaco\min\vs\basic-languages\src\is-FQRI5.tmp | C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp | N/A |
| File created | C:\Program Files\FileViewPro\is-OK458.tmp | C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr | C:\Windows\system32\vssvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000007c4a2b5d7b48cb040000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800007c4a2b5d0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3f000000ffffffff0000000007000100006809007c4a2b5d000000000000d0120000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000007c4a2b5d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000007c4a2b5d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Microsoft Office\root\Office16\Winword.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Users\Admin\Downloads\muveeReveal11_11.0.0.26213_2915.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Microsoft Office\root\Office16\Winword.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Microsoft Office\root\Office16\Winword.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\CentralProcessor\0 | C:\Users\Admin\Downloads\muveeReveal11_11.0.0.26213_2915.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\Downloads\muveeReveal11_11.0.0.26213_2915.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\WinThruster\WinThruster.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files (x86)\WinThruster\WinThruster.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\BIOS | C:\Users\Admin\Downloads\muveeReveal11_11.0.0.26213_2915.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\Downloads\muveeReveal11_11.0.0.26213_2915.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Microsoft Office\root\Office16\Winword.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\Downloads\muveeReveal11_11.0.0.26213_2915.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVersion | C:\Users\Admin\Downloads\muveeReveal11_11.0.0.26213_2915.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Microsoft Office\root\Office16\Winword.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Microsoft Office\root\Office16\Winword.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" | C:\Windows\explorer.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings | C:\Windows\system32\taskmgr.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\4 = 14001f706806ee260aa0d7449371beb064c986830000 | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\Shell\{D674391B-52D9-4E07-834E-67C98610F39D}\FFlags = "18874433" | C:\Windows\explorer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\CONTEXTMENUHANDLERS\7-ZIP | C:\Users\Admin\AppData\Local\Temp\7z22E0D6CC\Uninst.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0400000000000000030000000200000001000000ffffffff | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\Shell\{D674391B-52D9-4E07-834E-67C98610F39D}\IconSize = "16" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\Shell\{D674391B-52D9-4E07-834E-67C98610F39D}\IconSize = "16" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\netcenter.dll,-2#immutable1 = "Check network status, change network settings and set preferences for sharing files and printers." | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\4\MRUListEx = ffffffff | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\Shell\{D674391B-52D9-4E07-834E-67C98610F39D} | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\Shell\{D674391B-52D9-4E07-834E-67C98610F39D}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\Vault.dll,-1#immutable1 = "Credential Manager" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Windows\System32\rvlkl.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\Mode = "1" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\4\0\0 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Windows\System32\rvlkl.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\Shell\SniffedFolderType = "Documents" | C:\Windows\System32\rvlkl.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1" | C:\Windows\System32\rvlkl.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13 | C:\Windows\System32\rvlkl.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202 | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12122#immutable1 = "Windows Defender Firewall" | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-7#immutable1 = "Change advanced color management settings for displays, scanners, and printers." | C:\Windows\explorer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 | C:\Users\Admin\AppData\Local\Temp\7z22E0D6CC\Uninst.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 | C:\Users\Admin\AppData\Local\Temp\7z22E0D6CC\Uninst.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\Shell\{D674391B-52D9-4E07-834E-67C98610F39D}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000050000001800000030f125b7ef471a10a5f102608c9eebac0a00000040010000904f1e8459ff164d8947e81bbffab36d1200000080000000537def0c64fad111a2030000f81fedee0800000080000000904f1e8459ff164d8947e81bbffab36d02000000c0000000904f1e8459ff164d8947e81bbffab36d0b00000050000000 | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\DeviceCenter.dll,-2000#immutable1 = "View and manage devices, printers, and print jobs" | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202020202 | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\Shell\{D674391B-52D9-4E07-834E-67C98610F39D}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000050000001800000030f125b7ef471a10a5f102608c9eebac0a00000040010000904f1e8459ff164d8947e81bbffab36d02000000c0000000904f1e8459ff164d8947e81bbffab36d0b0000005000000030f125b7ef471a10a5f102608c9eebac0c00000050000000537def0c64fad111a2030000f81fedee0800000080000000 | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-10#immutable1 = "Ease of Access Center" | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\NavBar = 000000000000000000000000000000008b000000870000003153505305d5cdd59c2e1b10939708002b2cf9ae6b0000005a000000007b00360044003800420042003300440033002d0039004400380037002d0034004100390031002d0041004200350036002d003400460033003000430046004600450046004500390046007d005f0057006900640074006800000013000000cc0000000000000000000000 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Windows\System32\rvlkl.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Windows\System32\rvlkl.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1" | C:\Windows\System32\rvlkl.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4312#immutable1 = "Internet Options" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\4\0\0\NodeSlot = "11" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\Shell\{D674391B-52D9-4E07-834E-67C98610F39D}\GroupView = "0" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\Shell\{D674391B-52D9-4E07-834E-67C98610F39D}\GroupByKey:PID = "0" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Windows\System32\rvlkl.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\IconSize = "48" | C:\Windows\explorer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\DRAGDROPHANDLERS\7-ZIP | C:\Users\Admin\AppData\Local\Temp\7z22E0D6CC\Uninst.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\MRUListEx = ffffffff | C:\Windows\System32\rvlkl.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\3 | C:\Windows\System32\rvlkl.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Windows\System32\rvlkl.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656} | C:\Windows\System32\rvlkl.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\rvl_auto_file\shell\edit\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-1#immutable1 = "Power Options" | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3001#immutable1 = "Sync files between your computer and network folders" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\Shell\{D674391B-52D9-4E07-834E-67C98610F39D}\Rev = "0" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\NodeSlot = "13" | C:\Windows\System32\rvlkl.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4" | C:\Windows\System32\rvlkl.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0" | C:\Windows\System32\rvlkl.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202020202020202020202 | C:\Windows\System32\rvlkl.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-52#immutable1 = "Set the date, time, and time zone for your computer." | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9 | C:\Windows\explorer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{23170F69-40C1-278A-1000-000100020000} | C:\Users\Admin\AppData\Local\Temp\7z22E0D6CC\Uninst.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{23170F69-40C1-278A-1000-000100020000} | C:\Users\Admin\AppData\Local\Temp\7z22E0D6CC\Uninst.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2 | C:\Windows\System32\rvlkl.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\Shell | C:\Windows\System32\rvlkl.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fvecpl.dll,-2#immutable1 = "Protect your PC using BitLocker Drive Encryption." | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16" | C:\Windows\System32\rvlkl.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 5c00000001000000040000000008000019000000010000001000000045ed9bbc5e43d3b9ecd63c060db78e5c03000000010000001400000002faf3e291435468607857694df5e45b688518687e0000000100000008000000000063f58926d7011d000000010000001000000006f9583c00a763c23fb9e065a3366d55140000000100000014000000adbd987a34b426f7fac42654ef03bde024cb541a620000000100000020000000687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff20b00000001000000260000005300650063007400690067006f0020002800410064006400540072007500730074002900000053000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b0400000001000000100000001d3554048578b03f42424dbf20730a3f20000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604 | C:\Program Files\FileViewPro\FileViewPro.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868 | C:\Program Files\FileViewPro\FileViewPro.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 0f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b00000001000000260000005300650063007400690067006f00200028004100640064005400720075007300740029000000620000000100000020000000687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff2140000000100000014000000adbd987a34b426f7fac42654ef03bde024cb541a1d000000010000001000000006f9583c00a763c23fb9e065a3366d557e0000000100000008000000000063f58926d70103000000010000001400000002faf3e291435468607857694df5e45b6885186820000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604 | C:\Program Files\FileViewPro\FileViewPro.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 19000000010000001000000045ed9bbc5e43d3b9ecd63c060db78e5c03000000010000001400000002faf3e291435468607857694df5e45b688518687e0000000100000008000000000063f58926d7011d000000010000001000000006f9583c00a763c23fb9e065a3366d55140000000100000014000000adbd987a34b426f7fac42654ef03bde024cb541a620000000100000020000000687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff20b00000001000000260000005300650063007400690067006f0020002800410064006400540072007500730074002900000053000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b20000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604 | C:\Program Files\FileViewPro\FileViewPro.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 0400000001000000100000001d3554048578b03f42424dbf20730a3f0f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b00000001000000260000005300650063007400690067006f00200028004100640064005400720075007300740029000000620000000100000020000000687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff2140000000100000014000000adbd987a34b426f7fac42654ef03bde024cb541a1d000000010000001000000006f9583c00a763c23fb9e065a3366d557e0000000100000008000000000063f58926d70103000000010000001400000002faf3e291435468607857694df5e45b6885186819000000010000001000000045ed9bbc5e43d3b9ecd63c060db78e5c20000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604 | C:\Program Files\FileViewPro\FileViewPro.exe | N/A |
NTFS ADS
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\root\Office16\Winword.exe | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\root\Office16\Winword.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\rvlkl.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\system32\OptionalFeatures.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\System32\rvlkl.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Program Files\FileViewPro\FileViewPro.exe | N/A |
| N/A | N/A | C:\Windows\system32\rvlkl.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeMachineAccountPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePermanentPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeSyncAgentPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeEnableDelegationPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\srtasks.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\srtasks.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\srtasks.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\srtasks.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\srtasks.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\srtasks.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\srtasks.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\srtasks.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: 35 | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeBackupPrivilege | N/A | C:\Program Files (x86)\WinThruster\WTNotifications.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.logixoft.com/es-es/index
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xe4,0xdc,0xd8,0xe0,0x108,0x7ffbc9af4f50,0x7ffbc9af4f60,0x7ffbc9af4f70
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1620,13689491189311659695,16012076741974893650,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1628 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1620,13689491189311659695,16012076741974893650,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=2020 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1620,13689491189311659695,16012076741974893650,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2344 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,13689491189311659695,16012076741974893650,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3040 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,13689491189311659695,16012076741974893650,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3016 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1620,13689491189311659695,16012076741974893650,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4428 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,13689491189311659695,16012076741974893650,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4400 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1620,13689491189311659695,16012076741974893650,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4900 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1620,13689491189311659695,16012076741974893650,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4892 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,13689491189311659695,16012076741974893650,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1620,13689491189311659695,16012076741974893650,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5684 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,13689491189311659695,16012076741974893650,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5980 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1620,13689491189311659695,16012076741974893650,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6040 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1620,13689491189311659695,16012076741974893650,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5104 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,13689491189311659695,16012076741974893650,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5108 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,13689491189311659695,16012076741974893650,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1620,13689491189311659695,16012076741974893650,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6376 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,13689491189311659695,16012076741974893650,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6508 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1620,13689491189311659695,16012076741974893650,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5980 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1620,13689491189311659695,16012076741974893650,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6856 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1620,13689491189311659695,16012076741974893650,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6516 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1620,13689491189311659695,16012076741974893650,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6572 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1620,13689491189311659695,16012076741974893650,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=888 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Desktop\rkfree_setup_301_password_123.exe
"C:\Users\Admin\Desktop\rkfree_setup_301_password_123.exe"
C:\Users\Admin\AppData\Local\Temp\rkfree_setup\rkfree_setup64.exe
"C:\Users\Admin\AppData\Local\Temp\rkfree_setup\rkfree_setup64.exe"
C:\Windows\system32\rvlkl.exe
"C:\Windows\system32\rvlkl.exe" -install -lang 9
C:\Windows\system32\rvlkl.exe
"C:\Windows\system32\rvlkl.exe"
C:\Windows\System32\rvlkl.exe
"C:\Windows\System32\rvlkl.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffbc9e546f8,0x7ffbc9e54708,0x7ffbc9e54718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,3261205192403001195,12279858920928943292,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,3261205192403001195,12279858920928943292,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2488 /prefetch:3
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,3261205192403001195,12279858920928943292,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3264 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3261205192403001195,12279858920928943292,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3748 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3261205192403001195,12279858920928943292,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3261205192403001195,12279858920928943292,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2148,3261205192403001195,12279858920928943292,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5608 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2148,3261205192403001195,12279858920928943292,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5536 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,3261205192403001195,12279858920928943292,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6292 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff678045460,0x7ff678045470,0x7ff678045480
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,3261205192403001195,12279858920928943292,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6292 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3261205192403001195,12279858920928943292,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3261205192403001195,12279858920928943292,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffbc9af4f50,0x7ffbc9af4f60,0x7ffbc9af4f70
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1644 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1936 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2748 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2732 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2504 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3844 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4476 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4624 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4764 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4940 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4672 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4948 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4444 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2484 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2452 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4600 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5440 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x51c 0x518
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3872 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3032 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=836 /prefetch:8
C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3064_2091734735\ChromeRecovery.exe
"C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3064_2091734735\ChromeRecovery.exe" --appguid={8A69D345-D564-463c-AFF1-A69D9E530F96} --browser-version=89.0.4389.114 --sessionid={23310a36-c9a9-40b3-a013-adfa7f370c5a} --system
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1144 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4016 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3028 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3848 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3660 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1708 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4896 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1604 /prefetch:8
C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1168 /prefetch:8
C:\Program Files\7-Zip\Uninstall.exe
"C:\Program Files\7-Zip\Uninstall.exe"
C:\Users\Admin\AppData\Local\Temp\7z22E0D6CC\Uninst.exe
C:\Users\Admin\AppData\Local\Temp\7z22E0D6CC\Uninst.exe /N /D="C:\Program Files\7-Zip\"
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\OptionalFeatures.exe
"C:\Windows\system32\OptionalFeatures.exe"
C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5316 /prefetch:8
C:\Windows\System32\rvlkl.exe
"C:\Windows\System32\rvlkl.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3244 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Documents\XZIOFAVD_Admin_2022-09-12.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbc9e546f8,0x7ffbc9e54708,0x7ffbc9e54718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,8283392994653195263,13215385062881877507,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,8283392994653195263,13215385062881877507,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,8283392994653195263,13215385062881877507,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,8283392994653195263,13215385062881877507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,8283392994653195263,13215385062881877507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2044,8283392994653195263,13215385062881877507,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3800 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,8283392994653195263,13215385062881877507,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3808 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,8283392994653195263,13215385062881877507,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3808 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,8283392994653195263,13215385062881877507,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,8283392994653195263,13215385062881877507,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.logixoft.com/faq
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7ffbc9e546f8,0x7ffbc9e54708,0x7ffbc9e54718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,8283392994653195263,13215385062881877507,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2592 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,8283392994653195263,13215385062881877507,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,8283392994653195263,13215385062881877507,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6152 /prefetch:1
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.165.21\MicrosoftEdgeUpdateBroker.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.165.21\MicrosoftEdgeUpdateBroker.exe" -Embedding
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /broker
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.165.21\MicrosoftEdgeUpdateOnDemand.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.165.21\MicrosoftEdgeUpdateOnDemand.exe" -Embedding
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ondemand
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.165.21\MicrosoftEdgeUpdateBroker.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.165.21\MicrosoftEdgeUpdateBroker.exe" -Embedding
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /broker
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2044,8283392994653195263,13215385062881877507,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5692 /prefetch:8
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.165.21\MicrosoftEdgeUpdateOnDemand.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.165.21\MicrosoftEdgeUpdateOnDemand.exe" -Embedding
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ondemand
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2044,8283392994653195263,13215385062881877507,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3560 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2044,8283392994653195263,13215385062881877507,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5684 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2044,8283392994653195263,13215385062881877507,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6344 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,8283392994653195263,13215385062881877507,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4276 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2044,8283392994653195263,13215385062881877507,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6336 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4580 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2044,8283392994653195263,13215385062881877507,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6244 /prefetch:8
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\ProgramData\rvlkl\data\39E34271C99315ED0556E3760DF7F73E\XZIOFAVD_Admin_2022-09-12.rvl
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2044,8283392994653195263,13215385062881877507,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1588 /prefetch:8
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Microsoft Office\root\Office16\Winword.exe
"C:\Program Files\Microsoft Office\root\Office16\Winword.exe" /n "C:\ProgramData\rvlkl\data\39E34271C99315ED0556E3760DF7F73E\XZIOFAVD_Admin_2022-09-12.rvl"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2044,8283392994653195263,13215385062881877507,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1320 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4628 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4596 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3088 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4032 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3820 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6208 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2044,8283392994653195263,13215385062881877507,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4872 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2380 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1592 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2772 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6424 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4712 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1596 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6604 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=924 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2384 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6456 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.logixoft.com/faq
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbc9e546f8,0x7ffbc9e54708,0x7ffbc9e54718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,8283392994653195263,13215385062881877507,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,8283392994653195263,13215385062881877507,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6364 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3152 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6720 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7148 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6528 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x51c 0x518
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2748 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6464 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5996 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6320 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7200 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7204 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7228 /prefetch:8
C:\Users\Admin\Downloads\muveeReveal11_11.0.0.26213_2915.exe
"C:\Users\Admin\Downloads\muveeReveal11_11.0.0.26213_2915.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6340 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.muvee.com/en/support/styles/gpudriver?gl_version=1.1.0&gl_vendor=Microsoft%20Corporation&gl_renderer=GDI%20Generic&w=00000031&osversion=602&vram=2047&l=1033&dxdiag_disp_man=(Standard%20display%20types)&dxdiag_disp_drvversion=6.02.19041.0868&dxdiag_disp_desc=Microsoft%20Basic%20Display%20Adapter&spmajorver=0&ram=4095&numcpu=2&pagefile=4095&b=0&h=0xd8b12292&gpuid=ROOT%5CBasicDisplay
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffbc9e546f8,0x7ffbc9e54708,0x7ffbc9e54718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,8283392994653195263,13215385062881877507,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,8283392994653195263,13215385062881877507,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3780 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,8283392994653195263,13215385062881877507,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3024 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4480 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6788 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6452 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6992 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6452 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4604 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1560,10621648701282114176,68607592636733699,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5880 /prefetch:8
C:\Users\Admin\Downloads\Setup_FileViewPro_2022.exe
"C:\Users\Admin\Downloads\Setup_FileViewPro_2022.exe"
C:\Users\Admin\Downloads\Setup_FileViewPro_2022.exe
"C:\Users\Admin\Downloads\Setup_FileViewPro_2022.exe"
C:\Users\Admin\AppData\Local\Temp\{B95C4501-C4E8-4CF3-9F39-F77272AB7F81}\Setup_WinThruster_2020.exe
"C:\Users\Admin\AppData\Local\Temp\{B95C4501-C4E8-4CF3-9F39-F77272AB7F81}\Setup_WinThruster_2020.exe" /verysilent /LANG es /scan
C:\Users\Admin\AppData\Local\Temp\is-8LOT8.tmp\Setup_WinThruster_2020.tmp
"C:\Users\Admin\AppData\Local\Temp\is-8LOT8.tmp\Setup_WinThruster_2020.tmp" /SL5="$E0328,4683560,721408,C:\Users\Admin\AppData\Local\Temp\{B95C4501-C4E8-4CF3-9F39-F77272AB7F81}\Setup_WinThruster_2020.exe" /verysilent /LANG es /scan
C:\Program Files (x86)\WinThruster\WTNotifications.exe
"C:\Program Files (x86)\WinThruster\WTNotifications.exe"
C:\Program Files (x86)\WinThruster\WinThruster.exe
"C:\Program Files (x86)\WinThruster\WinThruster.exe"
C:\Users\Admin\AppData\Local\Temp\{767C6E88-C7EC-4F1B-9500-7AC3006B0B85}\FileViewPro-S-1.9.8.19.exe
"C:\Users\Admin\AppData\Local\Temp\{767C6E88-C7EC-4F1B-9500-7AC3006B0B85}\FileViewPro-S-1.9.8.19.exe" /verysilent /norestart /LANG es
C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp
"C:\Users\Admin\AppData\Local\Temp\is-5DEFO.tmp\FileViewPro-S-1.9.8.19.tmp" /SL5="$905B6,60311066,131584,C:\Users\Admin\AppData\Local\Temp\{767C6E88-C7EC-4F1B-9500-7AC3006B0B85}\FileViewPro-S-1.9.8.19.exe" /verysilent /norestart /LANG es
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.solvusoft.com/en/winthruster/install/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffbc9e546f8,0x7ffbc9e54708,0x7ffbc9e54718
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Create /TN "WinThruster automatic scan and notifications" /TR "\"C:\Program Files (x86)\WinThruster\WTNotifications.exe\"" /SC ONLOGON /RL HIGHEST /F
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,17701038311684724372,9637089388757913827,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,17701038311684724372,9637089388757913827,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,17701038311684724372,9637089388757913827,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17701038311684724372,9637089388757913827,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17701038311684724372,9637089388757913827,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17701038311684724372,9637089388757913827,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3872 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2136,17701038311684724372,9637089388757913827,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5380 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,17701038311684724372,9637089388757913827,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5752 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,17701038311684724372,9637089388757913827,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5752 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.solvusoft.com/es/fileviewpro/install/?utm_source=fileviewpro&utm_campaign=version_1.9.8.19_06042019&utm_medium=bundle-winthruster
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffbc9e546f8,0x7ffbc9e54708,0x7ffbc9e54718
C:\Program Files\FileViewPro\FileViewPro.exe
"C:\Program Files\FileViewPro\FileViewPro.exe" /restartWithNoAdminRights lang=sp
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17701038311684724372,9637089388757913827,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17701038311684724372,9637089388757913827,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17701038311684724372,9637089388757913827,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17701038311684724372,9637089388757913827,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17701038311684724372,9637089388757913827,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
C:\Windows\SysWOW64\explorer.exe
"C:\Windows\System32\explorer.exe" C:\Program Files\FileViewPro\FileViewPro.exe
C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
C:\Program Files\FileViewPro\FileViewPro.exe
"C:\Program Files\FileViewPro\FileViewPro.exe"
C:\Users\Admin\Desktop\rkfree_setup_301_password_123.exe
"C:\Users\Admin\Desktop\rkfree_setup_301_password_123.exe"
C:\Users\Admin\AppData\Local\Temp\rkfree_setup\rkfree_setup64.exe
"C:\Users\Admin\AppData\Local\Temp\rkfree_setup\rkfree_setup64.exe"
C:\Users\Admin\Desktop\rkfree_setup_301_password_123.exe
"C:\Users\Admin\Desktop\rkfree_setup_301_password_123.exe"
C:\Users\Admin\AppData\Local\Temp\rkfree_setup\rkfree_setup64.exe
"C:\Users\Admin\AppData\Local\Temp\rkfree_setup\rkfree_setup64.exe"
C:\Windows\system32\rvlkl.exe
"C:\Windows\system32\rvlkl.exe" -install -lang 9
C:\Windows\system32\rvlkl.exe
"C:\Windows\system32\rvlkl.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbc9af4f50,0x7ffbc9af4f60,0x7ffbc9af4f70
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1608,14907485170383102316,16029158567624251584,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1624 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1608,14907485170383102316,16029158567624251584,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=2000 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1608,14907485170383102316,16029158567624251584,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2396 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,14907485170383102316,16029158567624251584,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3024 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,14907485170383102316,16029158567624251584,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2900 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,14907485170383102316,16029158567624251584,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1608,14907485170383102316,16029158567624251584,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4528 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1608,14907485170383102316,16029158567624251584,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4728 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1608,14907485170383102316,16029158567624251584,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4700 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1608,14907485170383102316,16029158567624251584,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4664 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1608,14907485170383102316,16029158567624251584,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,14907485170383102316,16029158567624251584,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,14907485170383102316,16029158567624251584,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3076 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,14907485170383102316,16029158567624251584,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3040 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1608,14907485170383102316,16029158567624251584,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4560 /prefetch:8
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Revealer Keylogger Free_3.01_Crack.txt
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1608,14907485170383102316,16029158567624251584,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4788 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,14907485170383102316,16029158567624251584,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3848 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,14907485170383102316,16029158567624251584,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1608,14907485170383102316,16029158567624251584,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5672 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1608,14907485170383102316,16029158567624251584,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5792 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,14907485170383102316,16029158567624251584,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1608,14907485170383102316,16029158567624251584,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3244 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1608,14907485170383102316,16029158567624251584,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3320 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1608,14907485170383102316,16029158567624251584,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4544 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=patch.mojom.FilePatcher --field-trial-handle=1608,14907485170383102316,16029158567624251584,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3320 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=patch.mojom.FilePatcher --field-trial-handle=1608,14907485170383102316,16029158567624251584,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4884 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=patch.mojom.FilePatcher --field-trial-handle=1608,14907485170383102316,16029158567624251584,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6104 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,14907485170383102316,16029158567624251584,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2376 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1608,14907485170383102316,16029158567624251584,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6128 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1608,14907485170383102316,16029158567624251584,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5816 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1608,14907485170383102316,16029158567624251584,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5768 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1608,14907485170383102316,16029158567624251584,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5696 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1608,14907485170383102316,16029158567624251584,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5816 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1608,14907485170383102316,16029158567624251584,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5640 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1608,14907485170383102316,16029158567624251584,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5992 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1608,14907485170383102316,16029158567624251584,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=888 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 93.184.220.29:80 | tcp | |
| US | 93.184.220.29:80 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | www.logixoft.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| NL | 172.217.168.238:443 | clients2.google.com | tcp |
| NL | 142.251.36.45:443 | accounts.google.com | tcp |
| FR | 87.98.255.2:443 | www.logixoft.com | tcp |
| FR | 87.98.255.2:443 | www.logixoft.com | tcp |
| US | 8.8.8.8:53 | edgedl.me.gvt1.com | udp |
| US | 34.104.35.123:80 | edgedl.me.gvt1.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 96.16.53.134:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| NL | 172.217.168.194:443 | googleads.g.doubleclick.net | tcp |
| NL | 142.251.36.38:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| NL | 172.217.168.194:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| NL | 172.217.168.202:443 | jnn-pa.googleapis.com | tcp |
| NL | 172.217.168.202:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| NL | 142.251.36.1:443 | yt3.ggpht.com | tcp |
| NL | 142.251.36.54:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 74.120.9.94:443 | tcp | |
| US | 151.101.65.26:443 | polyfill.io | tcp |
| NL | 172.255.6.177:443 | tcp | |
| NL | 172.255.6.177:443 | tcp | |
| NL | 172.255.6.177:443 | tcp | |
| NL | 172.255.6.177:443 | tcp | |
| NL | 172.255.6.177:443 | tcp | |
| NL | 172.255.6.177:443 | tcp | |
| US | 104.27.194.88:443 | tcp | |
| US | 104.27.194.88:443 | tcp | |
| US | 8.8.8.8:53 | trust.quovadisglobal.com | udp |
| DE | 52.219.75.174:80 | trust.quovadisglobal.com | tcp |
| NL | 104.126.126.182:443 | cdn.safecharge.com | tcp |
| CH | 45.131.244.8:443 | tcp | |
| US | 74.120.8.226:443 | tcp | |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 74.120.10.117:443 | tcp | |
| US | 74.120.10.117:443 | tcp | |
| NL | 104.126.126.182:443 | sdkmon.safecharge.com | tcp |
| NL | 104.126.126.182:443 | tcp | |
| NL | 104.126.126.182:443 | tcp | |
| NL | 104.126.126.182:443 | tcp | |
| NL | 104.126.126.182:443 | tcp | |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| IE | 13.69.239.73:443 | tcp | |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 13.107.21.200:443 | tcp | |
| US | 8.8.8.8:53 | nav.smartscreen.microsoft.com | udp |
| NL | 20.86.249.62:443 | nav.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | smartscreen-prod.microsoft.com | udp |
| NL | 20.73.130.64:443 | smartscreen-prod.microsoft.com | tcp |
| NL | 20.73.130.64:443 | smartscreen-prod.microsoft.com | tcp |
| NL | 20.73.130.64:443 | smartscreen-prod.microsoft.com | tcp |
| US | 8.8.8.8:53 | ntp.msn.com | udp |
| US | 204.79.197.200:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | assets.msn.com | udp |
| FR | 2.17.34.95:443 | assets.msn.com | tcp |
| FR | 2.17.34.95:443 | assets.msn.com | tcp |
| FR | 2.17.34.95:443 | assets.msn.com | tcp |
| FR | 2.17.34.95:443 | assets.msn.com | tcp |
| FR | 2.17.34.95:443 | assets.msn.com | tcp |
| US | 8.8.8.8:53 | img-s-msn-com.akamaized.net | udp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 204.79.197.200:443 | c.bing.com | tcp |
| FR | 2.22.22.128:443 | img-s-msn-com.akamaized.net | tcp |
| US | 8.8.8.8:53 | c.msn.com | udp |
| US | 8.8.8.8:53 | sb.scorecardresearch.com | udp |
| IE | 20.234.93.27:443 | c.msn.com | tcp |
| BE | 13.225.239.90:443 | sb.scorecardresearch.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 20.42.65.85:443 | tcp | |
| US | 13.107.21.200:443 | c.bing.com | tcp |
| US | 204.79.197.239:443 | tcp | |
| NL | 104.109.143.4:443 | deff.nelreports.net | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 204.79.197.239:443 | tcp | |
| FR | 2.18.229.214:443 | tcp | |
| US | 204.79.197.219:443 | tcp | |
| US | 204.79.197.200:443 | c.bing.com | tcp |
| US | 204.79.197.219:443 | tcp | |
| US | 204.79.197.200:443 | c.bing.com | tcp |
| US | 20.42.65.85:443 | tcp | |
| US | 204.79.197.200:443 | c.bing.com | tcp |
| US | 104.19.132.78:443 | tcp | |
| US | 104.19.132.78:443 | udp | |
| US | 151.101.1.44:443 | images.archive-digger.com | tcp |
| US | 104.18.41.98:443 | privacyportal.onetrust.com | tcp |
| US | 8.8.8.8:53 | nav.smartscreen.microsoft.com | udp |
| NL | 20.86.249.62:443 | nav.smartscreen.microsoft.com | tcp |
| US | 52.171.136.200:443 | tcp | |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| NL | 172.217.168.238:443 | clients2.google.com | udp |
| NL | 142.251.36.45:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| NL | 216.58.214.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| NL | 142.250.179.163:443 | update.googleapis.com | tcp |
| NL | 142.251.39.97:443 | lh5.googleusercontent.com | tcp |
| NL | 142.251.39.97:443 | udp | |
| NL | 216.58.214.14:443 | apis.google.com | tcp |
| NL | 216.58.214.14:443 | apis.google.com | udp |
| NL | 142.251.36.54:443 | i.ytimg.com | udp |
| NL | 74.125.8.232:443 | r3---sn-5hnednsz.googlevideo.com | tcp |
| NL | 74.125.8.232:443 | r3---sn-5hnednsz.googlevideo.com | tcp |
| NL | 74.125.8.233:443 | udp | |
| NL | 142.251.36.45:443 | accounts.google.com | udp |
| NL | 216.58.208.106:443 | content-autofill.googleapis.com | tcp |
| NL | 216.58.208.106:443 | udp | |
| NL | 142.250.179.138:443 | udp | |
| NL | 142.250.179.138:443 | tcp | |
| NL | 142.251.36.1:443 | yt3.ggpht.com | udp |
| NL | 172.217.168.238:443 | clients2.google.com | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| NL | 142.250.179.163:443 | update.googleapis.com | tcp |
| NL | 142.251.36.35:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | edgedl.me.gvt1.com | udp |
| US | 34.104.35.123:80 | edgedl.me.gvt1.com | tcp |
| NL | 142.251.36.35:443 | udp | |
| CA | 34.95.44.106:443 | e2c20.gcp.gvt2.com | tcp |
| IN | 172.217.166.163:443 | beacons2.gvt2.com | tcp |
| IN | 172.217.166.163:443 | tcp | |
| NL | 172.217.168.227:443 | beacons.gvt2.com | tcp |
| IN | 172.217.166.163:443 | udp | |
| NL | 142.250.179.163:443 | udp | |
| US | 8.8.8.8:443 | dns.google | udp |
| NL | 142.250.179.170:443 | safebrowsing.googleapis.com | tcp |
| NL | 142.251.36.45:443 | accounts.google.com | udp |
| NL | 142.251.36.35:443 | udp | |
| NL | 142.250.179.170:443 | udp | |
| NL | 142.250.179.163:443 | udp | |
| US | 13.107.21.200:443 | c.bing.com | tcp |
| US | 34.104.35.123:80 | edgedl.me.gvt1.com | tcp |
| NL | 142.250.179.163:443 | udp | |
| US | 8.8.8.8:53 | spo-ring.msedge.net | udp |
| US | 13.107.136.254:443 | spo-ring.msedge.net | tcp |
| US | 204.79.197.200:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | cxcs.microsoft.net | udp |
| NL | 23.0.87.20:443 | cxcs.microsoft.net | tcp |
| US | 8.8.8.8:53 | teams-ring.msedge.net | udp |
| US | 52.113.196.254:443 | teams-ring.msedge.net | tcp |
| US | 8.8.8.8:53 | fp-vs-nocache.azureedge.net | udp |
| US | 72.21.81.200:443 | fp-vs-nocache.azureedge.net | tcp |
| US | 8.8.8.8:53 | m.qualifytring.com | udp |
| US | 13.107.53.254:443 | m.qualifytring.com | tcp |
| US | 13.107.21.200:443 | www.bing.com | tcp |
| US | 204.79.197.200:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | static-ecst.licdn.com | udp |
| US | 152.199.24.163:443 | static-ecst.licdn.com | tcp |
| US | 34.104.35.123:80 | edgedl.me.gvt1.com | tcp |
| NL | 142.250.179.163:443 | udp | |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | udp |
| NL | 142.251.36.45:443 | accounts.google.com | udp |
| US | 13.107.21.200:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | s-ring.msedge.net | udp |
| US | 13.107.3.254:443 | s-ring.msedge.net | tcp |
| US | 13.107.136.254:443 | spo-ring.msedge.net | tcp |
| US | 34.104.35.123:80 | edgedl.me.gvt1.com | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| NL | 142.250.179.163:443 | udp | |
| US | 13.107.21.200:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | afdxtest.z01.azurefd.net | udp |
| US | 13.107.246.67:443 | afdxtest.z01.azurefd.net | tcp |
| US | 8.8.8.8:53 | fp-afd-nocache.azureedge.net | udp |
| US | 13.107.246.67:443 | fp-afd-nocache.azureedge.net | tcp |
| US | 8.8.8.8:53 | rum18.perf.linkedin.com | udp |
| US | 13.107.43.14:443 | rum18.perf.linkedin.com | tcp |
| US | 8.8.8.8:53 | a-ring-fallback.msedge.net | udp |
| US | 131.253.33.254:443 | a-ring-fallback.msedge.net | tcp |
| US | 72.21.81.200:443 | fp-vs-nocache.azureedge.net | tcp |
| US | 34.104.35.123:80 | edgedl.me.gvt1.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | udp |
| NL | 142.250.179.163:443 | udp | |
| US | 8.8.8.8:443 | dns.google | udp |
| NL | 142.251.36.35:443 | udp | |
| US | 216.58.199.131:443 | udp | |
| US | 204.79.197.200:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | nav.smartscreen.microsoft.com | udp |
| IE | 20.67.219.150:443 | nav.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 204.79.197.239:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| NL | 23.73.0.135:443 | assets.msn.com | tcp |
| NL | 23.73.0.135:443 | assets.msn.com | tcp |
| IE | 20.234.93.27:443 | c.msn.com | tcp |
| FR | 2.22.22.154:443 | tcp | |
| US | 204.79.197.200:443 | www.bing.com | tcp |
| US | 108.138.36.30:443 | tcp | |
| NL | 23.51.68.110:443 | tcp | |
| NL | 104.109.143.22:443 | deff.nelreports.net | tcp |
| US | 13.107.21.200:443 | www.bing.com | tcp |
| US | 13.107.246.67:443 | fp-afd-nocache.azureedge.net | tcp |
| US | 8.8.8.8:53 | dual-s-ring.msedge.net | udp |
| US | 52.123.128.254:443 | dual-s-ring.msedge.net | tcp |
| FR | 87.98.255.2:443 | www.logixoft.com | tcp |
| FR | 87.98.255.2:443 | www.logixoft.com | tcp |
| US | 8.8.8.8:53 | nav.smartscreen.microsoft.com | udp |
| IE | 20.82.250.189:443 | nav.smartscreen.microsoft.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 204.79.197.239:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 8.253.135.120:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 204.79.197.239:443 | edge.microsoft.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| NL | 20.50.1.16:443 | tcp | |
| US | 34.104.35.123:80 | edgedl.me.gvt1.com | tcp |
| NL | 142.250.179.163:443 | udp | |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 204.79.197.239:443 | edge.microsoft.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:443 | dns.google | udp |
| NL | 142.251.39.97:443 | udp | |
| US | 8.8.8.8:443 | dns.google | udp |
| NL | 142.250.179.170:443 | udp | |
| FR | 87.98.254.161:443 | tcp | |
| FR | 87.98.254.161:443 | tcp | |
| US | 8.8.8.8:53 | crt.sectigo.com | udp |
| GB | 91.199.212.52:80 | crt.sectigo.com | tcp |
| FR | 87.98.254.161:443 | tcp | |
| FR | 87.98.254.161:443 | tcp | |
| FR | 87.98.254.161:443 | tcp | |
| FR | 87.98.254.161:443 | tcp | |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| NL | 104.80.228.119:443 | s7.addthis.com | tcp |
| NL | 104.80.225.152:443 | z.moatads.com | tcp |
| NL | 104.80.228.119:443 | s7.addthis.com | tcp |
| NL | 142.250.179.138:443 | udp | |
| NL | 172.217.168.194:443 | googleads.g.doubleclick.net | udp |
| NL | 172.217.168.194:443 | googleads.g.doubleclick.net | tcp |
| NL | 142.251.39.98:443 | partner.googleadservices.com | tcp |
| NL | 142.251.36.1:443 | yt3.ggpht.com | tcp |
| NL | 142.251.36.1:443 | yt3.ggpht.com | tcp |
| NL | 142.251.36.1:443 | yt3.ggpht.com | udp |
| NL | 142.250.179.194:443 | www.googletagservices.com | tcp |
| NL | 172.217.168.194:443 | googleads.g.doubleclick.net | udp |
| NL | 142.250.179.194:443 | udp | |
| FR | 87.98.254.161:443 | tcp | |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| FR | 87.98.254.161:443 | tcp | |
| FR | 87.98.254.161:443 | tcp | |
| FR | 87.98.254.161:443 | tcp | |
| NL | 142.251.39.98:443 | udp | |
| NL | 104.126.124.21:443 | tags.bluekai.com | tcp |
| NL | 46.228.164.13:443 | d.turn.com | tcp |
| IE | 52.30.247.235:443 | tcp | |
| US | 52.223.40.198:443 | tcp | |
| NL | 185.29.134.244:443 | tcp | |
| NL | 142.251.36.34:443 | tcp | |
| NL | 185.89.210.20:443 | tcp | |
| US | 34.104.35.123:80 | edgedl.me.gvt1.com | tcp |
| US | 8.8.8.8:53 | edgedl.me.gvt1.com | udp |
| NL | 142.251.36.34:443 | udp | |
| US | 35.186.253.211:443 | tcp | |
| NL | 198.47.127.19:443 | tcp | |
| NL | 213.19.162.90:443 | tcp | |
| US | 104.18.18.126:443 | ssum-sec.casalemedia.com | tcp |
| IE | 52.48.82.83:443 | tcp | |
| DE | 91.228.74.168:443 | tcp | |
| FR | 87.98.254.161:443 | tcp | |
| FR | 87.98.254.161:443 | tcp | |
| NL | 142.250.179.170:443 | udp | |
| IE | 212.82.100.182:443 | tcp | |
| US | 207.198.113.203:443 | tcp | |
| US | 3.220.248.112:443 | tcp | |
| US | 35.244.174.68:443 | id.rlcdn.com | tcp |
| US | 35.190.90.30:443 | odr.mookie1.com | tcp |
| GB | 18.132.100.23:443 | tcp | |
| IE | 52.213.169.200:443 | tcp | |
| US | 35.244.159.8:443 | us-u.openx.net | tcp |
| US | 104.18.18.126:443 | dsum-sec.casalemedia.com | tcp |
| NL | 213.19.162.90:443 | tcp | |
| FR | 87.98.254.161:443 | tcp | |
| US | 8.8.8.8:443 | dns.google | udp |
| NL | 142.250.179.163:443 | udp | |
| SG | 52.220.104.98:80 | tcp | |
| SG | 52.220.104.98:80 | www.muvee.com | tcp |
| SG | 52.220.104.98:443 | tcp | |
| SG | 52.220.104.98:443 | tcp | |
| US | 172.67.36.56:443 | www.shopperapproved.com | tcp |
| SG | 52.220.104.98:443 | tcp | |
| SG | 52.220.104.98:443 | tcp | |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | tcp |
| SG | 52.220.104.98:443 | tcp | |
| SG | 52.220.104.98:443 | tcp | |
| US | 142.250.102.157:443 | stats.g.doubleclick.net | tcp |
| US | 23.20.225.30:443 | tcp | |
| US | 34.96.102.137:443 | udp | |
| US | 142.250.102.157:443 | udp | |
| NL | 142.251.36.3:443 | www.google.nl | tcp |
| NL | 142.251.36.3:443 | udp | |
| US | 108.138.36.26:443 | widget.intercom.io | tcp |
| US | 18.66.192.68:443 | js.intercomcdn.com | tcp |
| US | 75.2.88.188:443 | tcp | |
| FR | 87.98.254.161:443 | tcp | |
| IE | 54.171.98.27:443 | tcp | |
| US | 8.8.8.8:53 | px.surveywall-api.survata.com | udp |
| IE | 54.154.133.179:443 | tcp | |
| US | 52.45.250.225:443 | tcp | |
| FR | 87.98.254.161:443 | tcp | |
| US | 151.101.2.132:443 | pt.ispot.tv | tcp |
| FR | 87.98.255.2:443 | www.logixoft.com | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 204.79.197.239:443 | edge.microsoft.com | tcp |
| NL | 20.50.1.16:443 | tcp | |
| US | 8.8.8.8:443 | dns.google | udp |
| NL | 216.58.214.3:443 | google.nl | tcp |
| NL | 172.217.168.238:443 | clients2.google.com | udp |
| DE | 35.207.191.46:443 | e2c42.gcp.gvt2.com | tcp |
| US | 142.250.102.94:443 | udp | |
| NL | 142.251.39.97:443 | udp | |
| US | 188.114.96.6:443 | abrirarchivos.info | tcp |
| US | 188.114.96.6:443 | tcp | |
| RU | 88.212.201.198:443 | tcp | |
| RU | 88.212.201.198:443 | tcp | |
| US | 188.114.97.0:443 | fileinfo.com | tcp |
| US | 188.114.97.0:443 | tcp | |
| NL | 172.217.168.194:443 | googleads.g.doubleclick.net | udp |
| NL | 172.217.168.194:443 | googleads.g.doubleclick.net | udp |
| NL | 142.251.39.98:443 | udp | |
| NL | 142.251.36.1:443 | yt3.ggpht.com | udp |
| NL | 142.250.179.194:443 | udp | |
| NL | 142.251.36.34:443 | udp | |
| US | 52.223.40.198:443 | tcp | |
| US | 199.232.194.154:443 | download.cnet.com | tcp |
| US | 199.232.194.154:443 | tcp | |
| US | 151.101.66.154:443 | at.adtech.redventures.io | tcp |
| US | 104.16.149.64:443 | cdn.cookielaw.org | tcp |
| NL | 216.58.208.98:443 | securepubads.g.doubleclick.net | tcp |
| NL | 104.109.248.155:443 | tcp | |
| US | 151.101.1.194:443 | tcp | |
| US | 151.101.66.154:443 | at.adtech.redventures.io | tcp |
| US | 104.16.149.64:443 | cdn.cookielaw.org | tcp |
| NL | 216.58.208.98:443 | udp | |
| NL | 216.58.208.98:443 | udp | |
| NL | 142.250.179.138:443 | udp | |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 172.64.146.158:443 | geolocation.onetrust.com | tcp |
| NL | 142.250.179.170:443 | udp | |
| NL | 104.80.225.152:443 | z.moatads.com | tcp |
| NL | 142.250.179.170:443 | imasdk.googleapis.com | tcp |
| NL | 104.109.248.155:443 | tcp | |
| US | 34.120.195.249:443 | o348491.ingest.sentry.io | tcp |
| GB | 18.132.187.107:443 | tcp | |
| US | 104.196.113.33:443 | tcp | |
| NL | 65.9.78.68:443 | c.amazon-adsystem.com | tcp |
| NL | 104.80.224.240:443 | tcp | |
| NL | 104.85.4.223:443 | tcp | |
| US | 18.66.192.28:443 | cdn.cohesionapps.com | tcp |
| NL | 185.89.210.212:443 | tcp | |
| NL | 213.19.162.51:443 | tcp | |
| NL | 213.19.162.51:443 | tcp | |
| DE | 3.123.238.41:443 | tcp | |
| NL | 178.250.2.131:443 | bidder.criteo.com | tcp |
| GB | 185.64.190.77:443 | tcp | |
| US | 8.8.8.8:53 | prebid.media.net | udp |
| US | 104.18.18.126:443 | htlb.casalemedia.com | tcp |
| US | 34.107.148.139:443 | prebid.media.net | tcp |
| US | 8.8.8.8:53 | c2shb.ssp.yahoo.com | udp |
| DE | 35.157.246.167:443 | c2shb.ssp.yahoo.com | tcp |
| DE | 35.157.246.167:443 | c2shb.ssp.yahoo.com | tcp |
| DE | 35.157.246.167:443 | c2shb.ssp.yahoo.com | tcp |
| US | 8.8.8.8:53 | grid.bidswitch.net | udp |
| US | 35.211.165.199:443 | grid.bidswitch.net | tcp |
| US | 108.138.36.30:443 | tcp | |
| US | 52.21.118.85:443 | tcp | |
| US | 34.120.133.55:443 | api.rlcdn.com | tcp |
| US | 3.220.58.99:443 | tcp | |
| IE | 52.17.87.40:443 | tcp | |
| US | 54.205.231.87:443 | tcp | |
| US | 54.205.231.87:443 | tcp | |
| US | 54.83.51.197:443 | tcp | |
| NL | 65.9.78.68:443 | c.amazon-adsystem.com | tcp |
| IE | 52.30.136.252:443 | tcp | |
| IE | 52.17.180.229:443 | tcp | |
| FR | 15.236.176.210:443 | saa.cnet.com | tcp |
| US | 104.18.19.126:443 | as-sec.casalemedia.com | tcp |
| NL | 184.29.204.223:443 | www.everestjs.net | tcp |
| NL | 178.250.2.130:443 | static.criteo.net | tcp |
| NL | 104.109.248.155:443 | tcp | |
| NL | 178.250.2.130:443 | static.criteo.net | tcp |
| US | 18.66.192.21:443 | cdn-gl.imrworldwide.com | tcp |
| NL | 142.250.179.193:443 | a2d1acc44676e4aa9cfcec417ba148c3.safeframe.googlesyndication.com | tcp |
| FR | 178.250.0.189:443 | ssp-sync.criteo.com | tcp |
| US | 54.205.231.87:443 | tcp | |
| US | 172.64.146.158:443 | privacyportal.onetrust.com | tcp |
| US | 35.244.224.207:443 | tcp | |
| US | 35.244.224.207:443 | tcp | |
| US | 104.244.42.67:443 | analytics.twitter.com | tcp |
| US | 34.111.234.236:443 | ml314.com | tcp |
| IE | 52.18.161.218:443 | tcp | |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 15.197.179.228:443 | de2-bid.adsrvr.org | tcp |
| DE | 3.125.90.97:443 | tcp | |
| GB | 87.248.116.11:443 | tcp | |
| US | 108.138.36.5:443 | choices.truste.com | tcp |
| US | 8.8.8.8:53 | cdn.doubleverify.com | udp |
| DE | 52.57.96.36:443 | tcp | |
| NL | 104.123.45.213:443 | cdn.doubleverify.com | tcp |
| DE | 213.254.244.109:443 | rtb0.doubleverify.com | tcp |
| DE | 213.254.244.26:443 | rtbc-frc.doubleverify.com | tcp |
| NL | 185.89.210.212:443 | tcp | |
| US | 35.211.165.199:443 | grid.bidswitch.net | tcp |
| US | 18.66.192.118:443 | choices.trustarc.com | tcp |
| US | 18.66.192.118:443 | tcp | |
| US | 18.66.192.118:443 | tcp | |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 34.104.35.123:80 | edgedl.me.gvt1.com | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| NL | 172.217.168.238:443 | clients2.google.com | udp |
| NL | 216.58.214.3:443 | udp | |
| NL | 142.250.179.163:443 | udp | |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | udp |
| SG | 52.220.104.98:80 | www.muvee.com | tcp |
| SG | 52.220.104.98:80 | tcp | |
| US | 8.8.8.8:53 | nav.smartscreen.microsoft.com | udp |
| NL | 20.73.130.64:443 | nav.smartscreen.microsoft.com | tcp |
| SG | 52.220.104.98:443 | tcp | |
| NL | 20.73.130.64:443 | nav.smartscreen.microsoft.com | tcp |
| NL | 20.73.130.64:443 | nav.smartscreen.microsoft.com | tcp |
| NL | 20.73.130.64:443 | nav.smartscreen.microsoft.com | tcp |
| SG | 52.220.104.98:443 | tcp | |
| US | 104.22.24.135:443 | www.shopperapproved.com | tcp |
| SG | 52.220.104.98:443 | tcp | |
| SG | 52.220.104.98:443 | tcp | |
| SG | 52.220.104.98:443 | tcp | |
| SG | 52.220.104.98:443 | tcp | |
| US | 104.22.24.135:443 | udp | |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | tcp |
| US | 142.250.102.157:443 | stats.g.doubleclick.net | tcp |
| US | 34.227.128.18:443 | tcp | |
| US | 34.96.102.137:443 | udp | |
| NL | 216.58.208.98:443 | googleads.g.doubleclick.net | tcp |
| US | 142.250.102.157:443 | udp | |
| NL | 142.251.36.3:443 | tcp | |
| NL | 142.251.36.3:443 | www.google.nl | tcp |
| US | 108.138.36.26:443 | widget.intercom.io | tcp |
| US | 18.66.192.129:443 | js.intercomcdn.com | tcp |
| US | 99.83.219.81:443 | tcp | |
| US | 34.237.73.95:443 | tcp | |
| US | 18.66.192.129:443 | js.intercomcdn.com | tcp |
| US | 18.66.192.113:443 | static.intercomassets.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| NL | 172.217.168.194:443 | googleads.g.doubleclick.net | tcp |
| NL | 172.217.168.194:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 8.8.8.8:53 | www.fileviewpro.com | udp |
| US | 34.203.154.38:443 | www.fileviewpro.com | tcp |
| US | 34.203.154.38:443 | www.fileviewpro.com | tcp |
| NL | 142.250.179.200:443 | ssl.google-analytics.com | tcp |
| NL | 142.250.179.200:443 | udp | |
| US | 142.250.102.157:443 | tcp | |
| US | 142.250.102.157:443 | udp | |
| NL | 104.74.232.236:443 | www.solvusoft.com | tcp |
| NL | 142.250.179.138:443 | ajax.googleapis.com | tcp |
| US | 108.138.36.58:443 | cdn.ywxi.net | tcp |
| ZA | 104.212.67.142:443 | tcp | |
| US | 52.218.234.56:443 | tcp | |
| US | 52.218.234.56:443 | tcp | |
| US | 44.240.9.253:443 | tcp | |
| NL | 216.58.214.14:443 | apis.google.com | tcp |
| NL | 216.58.214.14:443 | apis.google.com | udp |
| NL | 142.251.36.3:443 | tcp | |
| NL | 142.251.36.3:443 | udp | |
| US | 20.120.124.64:443 | tcp | |
| US | 20.120.124.64:443 | tcp | |
| IE | 20.234.93.27:443 | c.msn.com | tcp |
| US | 204.79.197.200:443 | www.bing.com | tcp |
| NL | 216.58.208.100:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.solvusoft.com | udp |
| NL | 104.74.232.236:80 | www.solvusoft.com | tcp |
| NL | 216.58.208.100:80 | www.google.com | tcp |
| NL | 104.74.232.236:443 | www.solvusoft.com | tcp |
| NL | 216.58.208.100:80 | www.google.com | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 8.8.8.8:53 | stats.smartpctools.com | udp |
| US | 8.8.8.8:53 | www.solvusoft.com | udp |
| NL | 104.74.232.236:443 | www.solvusoft.com | tcp |
| US | 204.79.197.200:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | nav.smartscreen.microsoft.com | udp |
| NL | 20.86.249.62:443 | nav.smartscreen.microsoft.com | tcp |
| NL | 20.86.249.62:443 | nav.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | images.scanalert.com | udp |
| US | 8.8.8.8:53 | cdn.ywxi.net | udp |
| US | 108.138.36.107:443 | cdn.ywxi.net | tcp |
| US | 8.8.8.8:53 | s3-us-west-2.amazonaws.com | udp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 52.218.246.176:443 | s3-us-west-2.amazonaws.com | tcp |
| US | 52.218.246.176:443 | s3-us-west-2.amazonaws.com | tcp |
| US | 40.90.65.2:443 | www.clarity.ms | tcp |
| US | 8.8.8.8:53 | www.googlecommerce.com | udp |
| NL | 142.251.36.14:443 | www.googlecommerce.com | tcp |
| US | 8.8.8.8:53 | www.trustedsite.com | udp |
| US | 44.241.90.245:443 | www.trustedsite.com | tcp |
| NL | 216.58.214.14:443 | apis.google.com | tcp |
| NL | 216.58.214.14:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | m.clarity.ms | udp |
| US | 20.120.124.64:443 | m.clarity.ms | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 204.79.197.239:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | api.cognitive.microsofttranslator.com | udp |
| NL | 20.50.1.16:443 | api.cognitive.microsofttranslator.com | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| IE | 20.234.93.27:443 | c.msn.com | tcp |
| US | 204.79.197.200:443 | www.bing.com | tcp |
| US | 142.250.102.154:443 | udp | |
| US | 142.250.102.154:443 | tcp | |
| NL | 142.251.36.3:443 | udp | |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 204.79.197.239:443 | edge.microsoft.com | tcp |
| NL | 142.251.36.14:443 | www.googlecommerce.com | tcp |
| US | 172.217.2.195:443 | udp | |
| NL | 104.74.232.236:80 | www.solvusoft.com | tcp |
| NL | 104.74.232.236:80 | www.solvusoft.com | tcp |
| US | 8.8.8.8:53 | nav.smartscreen.microsoft.com | udp |
| IE | 20.67.219.150:443 | nav.smartscreen.microsoft.com | tcp |
| IE | 20.67.219.150:443 | nav.smartscreen.microsoft.com | tcp |
| US | 52.218.185.216:443 | tcp | |
| US | 52.218.185.216:443 | tcp | |
| NL | 23.73.0.135:443 | assets.msn.com | tcp |
| NL | 23.73.0.135:443 | assets.msn.com | tcp |
| US | 108.138.36.7:443 | tcp | |
| US | 204.79.197.200:443 | www.bing.com | tcp |
| FR | 2.22.22.186:443 | tcp | |
| IE | 20.234.93.27:443 | c.msn.com | tcp |
| NL | 142.251.36.14:443 | www.googlecommerce.com | udp |
| FR | 2.22.22.186:443 | tcp | |
| FR | 23.217.248.131:443 | tcp | |
| US | 20.120.124.64:443 | m.clarity.ms | tcp |
| US | 8.8.8.8:53 | www.solvusoft.com | udp |
| NL | 104.74.232.236:80 | www.solvusoft.com | tcp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 172.217.168.238:443 | clients2.google.com | udp |
| NL | 142.251.36.45:443 | accounts.google.com | udp |
| NL | 142.251.36.45:443 | accounts.google.com | tcp |
| NL | 172.217.168.238:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | lh5.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh4.googleusercontent.com | udp |
| NL | 142.251.39.97:443 | lh4.googleusercontent.com | udp |
| NL | 142.251.39.97:443 | lh4.googleusercontent.com | udp |
| NL | 142.251.39.97:443 | lh4.googleusercontent.com | udp |
| NL | 142.251.39.97:443 | lh4.googleusercontent.com | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| NL | 142.250.179.163:443 | udp | |
| NL | 142.251.36.14:443 | www.googlecommerce.com | udp |
| NL | 142.251.36.14:443 | www.googlecommerce.com | tcp |
| NL | 142.251.36.14:443 | www.googlecommerce.com | udp |
| US | 8.8.4.4:443 | dns.google | udp |
| NL | 142.250.179.170:443 | safebrowsing.googleapis.com | tcp |
| US | 188.114.96.0:443 | tcp | |
| US | 188.114.96.0:443 | downloadfreecracks.com | tcp |
| NL | 142.251.36.42:443 | udp | |
| NL | 142.251.36.42:443 | tcp | |
| US | 142.250.102.157:443 | udp | |
| US | 142.250.102.157:443 | tcp | |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 188.114.97.3:80 | free3pc.site | tcp |
| US | 188.114.97.3:80 | tcp | |
| US | 188.114.97.3:443 | free3pc.site | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| NL | 142.251.36.14:443 | www.googlecommerce.com | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| NL | 142.250.179.163:443 | update.googleapis.com | tcp |
| US | 34.104.35.123:80 | edgedl.me.gvt1.com | tcp |
| NL | 142.250.179.163:443 | udp | |
| US | 188.114.97.3:80 | tcp | |
| US | 8.8.4.4:443 | dns.google | udp |
| NL | 142.251.36.14:443 | www.googlecommerce.com | udp |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | udp |
Files
\??\pipe\crashpad_4252_MUAWFHRPOEYAUSVX
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Caches
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/4164-134-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\rkfree_setup\rkfree_setup64.exe
| MD5 | 521f2a5c686f718e3ca2dca5f4af2b49 |
| SHA1 | 0d26e7d1541dff2e922b18c3ed5556f9f05e85d5 |
| SHA256 | 7444dc7f026376291df6bc0ba8a1ef4a97b22b7efa1ff446e8b7ee83814f0533 |
| SHA512 | 44fc79ad4c8ffe2197aeb3ea28fcd15412f707108e8b8b576b35fe38f9e8626f23b3983a9713ea161a4397c25d0329d1b0113417706500ee565e029dd3b31bd7 |
C:\Users\Admin\AppData\Local\Temp\rkfree_setup\rkfree_setup64.exe
| MD5 | 521f2a5c686f718e3ca2dca5f4af2b49 |
| SHA1 | 0d26e7d1541dff2e922b18c3ed5556f9f05e85d5 |
| SHA256 | 7444dc7f026376291df6bc0ba8a1ef4a97b22b7efa1ff446e8b7ee83814f0533 |
| SHA512 | 44fc79ad4c8ffe2197aeb3ea28fcd15412f707108e8b8b576b35fe38f9e8626f23b3983a9713ea161a4397c25d0329d1b0113417706500ee565e029dd3b31bd7 |
memory/4424-137-0x0000000000000000-mapping.dmp
C:\Windows\system32\rvlkl.exe
| MD5 | a96ec3a8236736c4153d8cc16c53dca3 |
| SHA1 | a2465dcf8ed6de45f8d67839c5105d08d94b9d7e |
| SHA256 | 2c4147281974ce872b59bc994c378561af209da70875b60d8d213e563e605b87 |
| SHA512 | 39dafd41230958bd4fdeede772fee60297fc0f369e1c5f41bdad6854ea6a210a10d36a67a15ab6270d67f2bb1978b4de135edbe4d4779f9fcc51ff691b141270 |
C:\Windows\System32\rvlkl.exe
| MD5 | a96ec3a8236736c4153d8cc16c53dca3 |
| SHA1 | a2465dcf8ed6de45f8d67839c5105d08d94b9d7e |
| SHA256 | 2c4147281974ce872b59bc994c378561af209da70875b60d8d213e563e605b87 |
| SHA512 | 39dafd41230958bd4fdeede772fee60297fc0f369e1c5f41bdad6854ea6a210a10d36a67a15ab6270d67f2bb1978b4de135edbe4d4779f9fcc51ff691b141270 |
C:\ProgramData\rvlkl\log.css
| MD5 | a35bd6e012b609d94a076699c5372657 |
| SHA1 | f1ca92f37ccb1c21078d79b465a1cfe5c8e6d9c6 |
| SHA256 | 6ef8cfc8307115a02e5b60af549867dc79bdf3018eb95a9417e8e6c3632eabb5 |
| SHA512 | c048a0cbac75db0f72972989503e8f1ce0cb2b84f97e1223e4050f42095faefad06802117690aeec20c10951fdb5603201ab8aa4010b507bc8d5ef7ff7d960ba |
C:\Windows\System32\rvlkl.exe
| MD5 | a96ec3a8236736c4153d8cc16c53dca3 |
| SHA1 | a2465dcf8ed6de45f8d67839c5105d08d94b9d7e |
| SHA256 | 2c4147281974ce872b59bc994c378561af209da70875b60d8d213e563e605b87 |
| SHA512 | 39dafd41230958bd4fdeede772fee60297fc0f369e1c5f41bdad6854ea6a210a10d36a67a15ab6270d67f2bb1978b4de135edbe4d4779f9fcc51ff691b141270 |
C:\ProgramData\rvlkl\conf
| MD5 | 195774d34ccabbc1a46a863dfb74e071 |
| SHA1 | 4b7f99e31c4a938680ae843a11119249aa946ecd |
| SHA256 | 59b32c4bcc322d3d6d9526dbf9383b36111e0077432ffed67faac94567e1f8f9 |
| SHA512 | 1c1974f8dfcbe65387343aa705f0f6970ef5890b95a5fcd2161838ae986c5d2a5877e2fd8b42b1ce774214dc2f9c973ef6ab1f173064335d08692bad72d148a9 |
C:\Windows\System32\rvlkl.exe
| MD5 | a96ec3a8236736c4153d8cc16c53dca3 |
| SHA1 | a2465dcf8ed6de45f8d67839c5105d08d94b9d7e |
| SHA256 | 2c4147281974ce872b59bc994c378561af209da70875b60d8d213e563e605b87 |
| SHA512 | 39dafd41230958bd4fdeede772fee60297fc0f369e1c5f41bdad6854ea6a210a10d36a67a15ab6270d67f2bb1978b4de135edbe4d4779f9fcc51ff691b141270 |
memory/2456-146-0x0000000000000000-mapping.dmp
memory/4616-148-0x0000000000000000-mapping.dmp
memory/4888-149-0x0000000000000000-mapping.dmp
\??\pipe\LOCAL\crashpad_4108_RCIOFTKBPJYSGNLF
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/3812-152-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 239184c5861d1a3748404e39635630e7 |
| SHA1 | 35870a87c6d2fb1f1709c68cc8ab1b76e32f9103 |
| SHA256 | e55a4ebec69b7d5696ed5d534734174ffc0ff43121b5c5d1b1814bb80a30466f |
| SHA512 | 45aa93df50f8990762a0e024d004b6aea393ee96f3d1248b30f4a2c1051a81af34ab8a17da180c3e4c73dc96b1ec83e23321963335c8f44db98be50d72f1a4b5 |
memory/4576-155-0x0000000000000000-mapping.dmp
memory/3872-157-0x0000000000000000-mapping.dmp
memory/5108-159-0x0000000000000000-mapping.dmp
memory/3000-161-0x0000000000000000-mapping.dmp
memory/1548-163-0x0000000000000000-mapping.dmp
memory/1372-164-0x0000000000000000-mapping.dmp
memory/3352-165-0x0000000000000000-mapping.dmp
memory/4308-166-0x0000000000000000-mapping.dmp
memory/2568-168-0x0000000000000000-mapping.dmp
memory/1912-170-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | 60cd6e50a74c45f9514c2ec70fe16a0d |
| SHA1 | 4d09cb4351688681c28912f89869703fc3a98c0a |
| SHA256 | 32fc80412bdafb44620e9694a7a9e1328c6067977021068d93061ee7753522d1 |
| SHA512 | cbab6f727cfedfeddd32fb9763479530530b79df262d09f319fecac9f89d9e08a5f38331f85f26930a35bf6e5bac01821b8edea4bd2b3abec5db55ff4468857e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1
| MD5 | 0b5c7b737a1530f734646733962d316c |
| SHA1 | 57545a1d1c4b53f5cf5235a14db2c99dbbb77254 |
| SHA256 | 7248d687cd23570678846998a80bba9aecbf44e05d52e661b8cff882afb3dd82 |
| SHA512 | 56a428616d99acf436becc5a5c4b671f68c68d188b88ef77c86b5d365e1bada74f51fdd0f61400e0da84a0a78fc25e209bb591c4b97bb91a5fac6a3afd4370dc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account
| MD5 | b608d407fc15adea97c26936bc6f03f6 |
| SHA1 | 953e7420801c76393902c0d6bb56148947e41571 |
| SHA256 | b281ce54125d4250a80f48fcc02a8eea53f2c35c3b726e2512c3d493da0013bf |
| SHA512 | cc96ddf4bf90d6aaa9d86803cb2aa30cd8e9b295aee1bd5544b88aeab63dc60bb1d4641e846c9771bab51aabbfbcd984c6d3ee83b96f5b65d09c0841d464b9e4 |
\??\pipe\crashpad_4980_LOHAXDYQAJHPCDYR
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json
| MD5 | 90f880064a42b29ccff51fe5425bf1a3 |
| SHA1 | 6a3cae3996e9fff653a1ddf731ced32b2be2acbf |
| SHA256 | 965203d541e442c107dbc6d5b395168123d0397559774beae4e5b9abc44ef268 |
| SHA512 | d9cbfcd865356f19a57954f8fd952caf3d31b354112766c41892d1ef40bd2533682d4ec3f4da0e59a5397364f67a484b45091ba94e6c69ed18ab681403dfd3f3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13307484705803795
| MD5 | c0df6ec80e85ccdc7a0046d9788ccd6c |
| SHA1 | cec5064b57362436f2016d91ae8f69ab82d61231 |
| SHA256 | 82d2ae05cf2ab234eec60499a822e8046b7ed61efbadc695234d2fae763a61e9 |
| SHA512 | 0cd6d3a1fd98fc22f896d656ee686ee7339cf6d765774886550197861b617ee924640c64c25877585668f46db5f6487537e37488e33447d7fe29f7241014cce9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\verified_contents.json
| MD5 | 0834821960cb5c6e9d477aef649cb2e4 |
| SHA1 | 7d25f027d7cee9e94e9cbdee1f9220c8d20a1588 |
| SHA256 | 52a24fa2fb3bcb18d9d8571ae385c4a830ff98ce4c18384d40a84ea7f6ba7f69 |
| SHA512 | 9aeafc3ece295678242d81d71804e370900a6d4c6a618c5a81cacd869b84346feac92189e01718a7bb5c8226e9be88b063d2ece7cb0c84f17bb1af3c5b1a3fc4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log
| MD5 | de92ad90be6d3364745b2f73f4c3cf73 |
| SHA1 | 9158681463bd30e5af4dda4baac81f93cedbda77 |
| SHA256 | 0025a3e0d3b834401b3b5f820e1991ef7e810d9a4b8b6b579e6301c94e7031a0 |
| SHA512 | 9e81cefc195439439f4b23ee7696309d7bc3c08e5b444d2abde26d2f12b2d3bcfd124fb9a2d40c6389e9f787741676fad366a2e9982674e7b931028c014d8a79 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | 20acc6e1d5246ab0e85c56459a7367ff |
| SHA1 | ccddb7d45decee1169e985b36efe1f5d56c8e26d |
| SHA256 | ab46e359311a0983f6cddbefdadf97f53deca30d3745baf7425e7e565ac99eac |
| SHA512 | 0845c6cb82d807837791fa969111409ebd923e10b4339222d6f1c20cc9028bf16024efea8d7d5e4907bb2fa2abc3231a15bd973fbc143b9d14329603e8b5349d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log
| MD5 | 08e226884b19578d98c7e4bb35453d01 |
| SHA1 | 43fc2b7fe63c423f417c8f944b16bd1d3335ae0d |
| SHA256 | beb9e0d7f51195f0e3490678a3922a1e227a668107c017d09c94872fdb9f465f |
| SHA512 | aa862fc6f2aa71405fc740162e4becbdca94b0716979b2e698c1c4b399b92a117705959b17b88344d40f6d772ad78709528623ddbf7f3e400224f77a9fc7110d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG
| MD5 | 639fd28f81dc29daf41207c0fb19294a |
| SHA1 | 158ea9a1318cb0905adbdd99e40b939e1bd5486c |
| SHA256 | e26a2d4a28aee614690b93517eb1f877f8910e68d5d476c90ba32b7b36f6f842 |
| SHA512 | 3c5a264299b878f7c51944d95321f7b5c7c5a03fd80027f2514c5312ec206f3e6296f200f1ac92b983c7bdfb16f264a8f6c8a43c6aa95491ee9db33ee2af4dd0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links
| MD5 | 7cfbe045cb2bcf284c0b6361b83851c9 |
| SHA1 | dff2aafb16d2fc330f31dd219bdd06886c14d545 |
| SHA256 | 8ab628e291bfe9f45028e398e98ef1d545d3a0c9d2b8b86d10428946aeced776 |
| SHA512 | 4b66ac79c83d234e31990627f00c7e5c4e47753dd858753e7e7dabe2c91880acfcebc2b37084d7c2da48f096c70b980982e9fc9b9eadb1f81203c0070c5fa830 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons
| MD5 | b1d8645514e146a811186727c83e69c2 |
| SHA1 | 11bd6ffa3aae6692de2706d89bfb4e04c92d0487 |
| SHA256 | 2a39131977b9af26196df76e8eb195fb2ab558317e44b372916dccfdaefec2df |
| SHA512 | 98119a4eb4b24285b7c0df09163d95397b9b6e6d0ba5ef6a8eb05a712a6eb7519d537401ac33cec2cbdcbadd18d0ea219c1530a52df759d648b75466d13c5124 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History
| MD5 | f2ac4537d82eb8bc94620037a0f1387d |
| SHA1 | 265e1441affc4815dbc326a527df6c4432f28915 |
| SHA256 | b73f1ffb239d6e003950a65d7ee8f370cea787fcb3ee16d11a95fd02ab444c69 |
| SHA512 | 4ef19857b129265f56f1bda95a9a962c654e7df835c3f5aa86dfa22eda91d8cfa0e3830f91da721d71f1b59df22a10b0fedd445c2f9b1fff0602f6f93101d62a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 87a0a691d08ba977c222a000540a7819 |
| SHA1 | c1c888b4f55d7ad92bd35ec824d8065bf71435c9 |
| SHA256 | 5097f33ceae7b28cd3b7c564b7013d6d40be1ac7119286b032b199eaee3302a2 |
| SHA512 | 3c1d31d9b89f81cede5440b9e815b1a5e83ed25d1775201515e6e10417fd938bdbf41e29d2a1f91c1d9bda3d69b6be394960f238331524d59f9b7400680bce19 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3a17bb3b227749afd6a909233e57334b |
| SHA1 | d201d52536af4c6c6d0cd790506a52fa102f2f61 |
| SHA256 | b09d91763d01853a844aa199deff8de0deec53d52f650a063e21ed2f79e095e7 |
| SHA512 | a89cdc9bf7c06becfd778efc3d73e418efe2bf1b7757450343c9c8e864735b35bb7b74df99e10f1f6ad9cce441981cd9d05a47f8c431522b16ed2eb722467288 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version
| MD5 | b63048c4e7e52c52053d25da30d9c5ab |
| SHA1 | 679a44d402f5ec24605719e06459f5a707989187 |
| SHA256 | 389caa40ea458e84bc624a9af1e0dec60fa652b2db2b81c09b1dfe22822cc3d1 |
| SHA512 | e86c58c5a25e24f21ad79ed526a90c120a09c115f4820663bd2ebbc59e7bb1c4c418267eb77645522aa20b2c1b53fba8e31690db7bae9b21e4eff3db06316359 |
memory/3068-188-0x0000000000000000-mapping.dmp
memory/3612-189-0x0000000000000000-mapping.dmp
memory/2324-190-0x0000000000000000-mapping.dmp
memory/2792-191-0x0000000000000000-mapping.dmp
memory/1180-194-0x0000000000000000-mapping.dmp
memory/1984-196-0x0000000000000000-mapping.dmp
memory/3412-197-0x0000000000000000-mapping.dmp
memory/4428-199-0x0000000000000000-mapping.dmp
memory/2308-201-0x0000000000000000-mapping.dmp
memory/1204-203-0x0000000000000000-mapping.dmp
memory/3180-205-0x0000000000000000-mapping.dmp
memory/100-206-0x0000000000000000-mapping.dmp
memory/2792-208-0x0000000000000000-mapping.dmp
memory/4176-210-0x0000000000000000-mapping.dmp
memory/2136-211-0x0000000000000000-mapping.dmp
memory/2492-212-0x0000000000000000-mapping.dmp
memory/916-214-0x0000000000000000-mapping.dmp
memory/864-216-0x0000000000000000-mapping.dmp
memory/2388-218-0x0000000000000000-mapping.dmp
memory/2996-219-0x0000000000000000-mapping.dmp
memory/4552-220-0x0000000000000000-mapping.dmp
memory/4340-221-0x0000000000000000-mapping.dmp
memory/1188-223-0x0000000000000000-mapping.dmp
memory/3684-224-0x0000000000000000-mapping.dmp
memory/4552-226-0x0000000000000000-mapping.dmp
memory/5044-228-0x0000000000000000-mapping.dmp
memory/4244-230-0x0000000000000000-mapping.dmp
memory/4672-231-0x0000000000000000-mapping.dmp
memory/2488-233-0x0000000000000000-mapping.dmp
memory/2840-235-0x0000000000000000-mapping.dmp
memory/60-236-0x0000000000000000-mapping.dmp
memory/1504-238-0x0000000000000000-mapping.dmp
memory/3952-239-0x0000000000000000-mapping.dmp
memory/3952-240-0x00007FFBA7350000-0x00007FFBA7360000-memory.dmp
memory/3952-242-0x00007FFBA7350000-0x00007FFBA7360000-memory.dmp
memory/3952-241-0x00007FFBA7350000-0x00007FFBA7360000-memory.dmp
memory/3952-243-0x00007FFBA7350000-0x00007FFBA7360000-memory.dmp
memory/3952-244-0x00007FFBA7350000-0x00007FFBA7360000-memory.dmp
memory/3952-245-0x00007FFBA4D10000-0x00007FFBA4D20000-memory.dmp
memory/3952-246-0x00007FFBA4D10000-0x00007FFBA4D20000-memory.dmp
memory/4380-248-0x0000000000000000-mapping.dmp
memory/5344-250-0x0000000000000000-mapping.dmp
memory/988-251-0x0000000000000000-mapping.dmp
memory/5440-252-0x0000000000000000-mapping.dmp
memory/220-254-0x0000000000000000-mapping.dmp
memory/1772-256-0x0000000000000000-mapping.dmp
memory/5304-257-0x0000000000000000-mapping.dmp
memory/3552-258-0x0000000000000000-mapping.dmp
memory/2792-259-0x0000000000000000-mapping.dmp
memory/668-261-0x0000000000000000-mapping.dmp
memory/5712-263-0x0000000000000000-mapping.dmp
memory/5492-265-0x0000000000000000-mapping.dmp
memory/2916-266-0x0000000000000000-mapping.dmp
memory/3180-267-0x0000000000000000-mapping.dmp
memory/5320-268-0x0000000000000000-mapping.dmp
memory/5320-269-0x0000000000400000-0x00000000004BE000-memory.dmp
memory/5320-271-0x0000000000400000-0x00000000004BE000-memory.dmp
memory/5320-272-0x0000000000400000-0x00000000004BE000-memory.dmp
memory/3768-273-0x0000000000400000-0x000000000042A000-memory.dmp
memory/3768-275-0x0000000000400000-0x000000000042A000-memory.dmp
memory/3768-284-0x0000000000400000-0x000000000042A000-memory.dmp
memory/4824-287-0x00000000001C0000-0x000000000027E000-memory.dmp
memory/4824-289-0x0000000009250000-0x00000000092EC000-memory.dmp
memory/4824-290-0x00000000098A0000-0x0000000009E44000-memory.dmp
memory/4824-291-0x0000000004CD0000-0x0000000004D62000-memory.dmp
memory/4824-292-0x0000000004C70000-0x0000000004C7A000-memory.dmp
memory/4824-293-0x0000000004F20000-0x0000000004F76000-memory.dmp
memory/4824-294-0x0000000005E00000-0x0000000006A72000-memory.dmp
memory/4824-295-0x0000000008050000-0x00000000086B2000-memory.dmp
memory/4824-296-0x0000000005370000-0x0000000005390000-memory.dmp
memory/4824-297-0x0000000005700000-0x0000000005750000-memory.dmp
memory/4824-298-0x0000000007170000-0x00000000071FA000-memory.dmp
memory/4824-299-0x00000000072D0000-0x000000000739E000-memory.dmp
memory/4824-300-0x0000000007150000-0x000000000716C000-memory.dmp
memory/4824-301-0x0000000007C90000-0x0000000007CBE000-memory.dmp
memory/4824-302-0x0000000007D00000-0x0000000007D38000-memory.dmp
memory/3224-303-0x0000000007380000-0x00000000073DE000-memory.dmp
memory/3224-304-0x0000000007AE0000-0x0000000008104000-memory.dmp
memory/3224-305-0x000000000A3B0000-0x000000000A9B4000-memory.dmp
memory/3224-306-0x0000000007500000-0x0000000007520000-memory.dmp
memory/3952-309-0x00007FFBA7350000-0x00007FFBA7360000-memory.dmp
memory/3952-310-0x00007FFBA7350000-0x00007FFBA7360000-memory.dmp
memory/3952-311-0x00007FFBA7350000-0x00007FFBA7360000-memory.dmp
memory/3952-312-0x00007FFBA7350000-0x00007FFBA7360000-memory.dmp
memory/3224-313-0x0000000009010000-0x000000000909C000-memory.dmp
memory/3224-314-0x00000000092E0000-0x00000000092F6000-memory.dmp
memory/3224-315-0x000000000FEF0000-0x000000000FF58000-memory.dmp
memory/3224-316-0x000000000FEC0000-0x000000000FEE4000-memory.dmp
memory/3224-317-0x0000000011200000-0x00000000113F8000-memory.dmp
memory/3224-318-0x0000000011140000-0x000000001115A000-memory.dmp
memory/3224-319-0x00000000111E0000-0x00000000111FA000-memory.dmp
memory/3224-320-0x000000000BE00000-0x000000000BE22000-memory.dmp
memory/3224-321-0x000000000C100000-0x000000000C14A000-memory.dmp
memory/3224-322-0x000000000D500000-0x000000000D550000-memory.dmp
memory/3224-323-0x000000000D7F0000-0x000000000D84A000-memory.dmp
memory/3224-324-0x0000000012A70000-0x00000000130D4000-memory.dmp
memory/3224-325-0x00000000059F0000-0x0000000005A06000-memory.dmp