Malware Analysis Report

2024-10-18 21:40

Sample ID 240612-npg6bsshne
Target fg2.th
SHA256 2363609a04549c29326c9e97b8d90a4483b800d3af84e87c23e56be260207271
Tags
persistence ransomware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

2363609a04549c29326c9e97b8d90a4483b800d3af84e87c23e56be260207271

Threat Level: Known bad

The file fg2.th was found to be: Known bad.

Malicious Activity Summary

persistence ransomware

Modifies WinLogon for persistence

Modifies AppInit DLL entries

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Checks computer location settings

Drops startup file

Drops desktop.ini file(s)

Adds Run key to start application

Sets desktop wallpaper using registry

Drops file in Windows directory

Drops file in Program Files directory

Enumerates physical storage devices

Creates scheduled task(s)

Uses Task Scheduler COM API

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Modifies data under HKEY_USERS

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Modifies Control Panel

Opens file in notepad (likely ransom note)

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-12 11:34

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 11:34

Reported

2024-06-12 11:41

Platform

win10v2004-20240611-en

Max time kernel

406s

Max time network

407s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\fg2.th

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\\Windows\\System32\\userinit.exe,C:\\Program Files\\Visual c++2020.exe" C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe N/A

Downloads MZ/PE file

Modifies AppInit DLL entries

persistence

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\RNQ auto.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\Rnq\svhost.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe C:\Users\Admin\Downloads\Rnq\svhost.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\System32\NOTEPAD.EXE N/A
N/A N/A C:\Windows\system32\wbem\WmiApSrv.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\System32\NOTEPAD.EXE N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\AUDIODG.EXE N/A
N/A N/A N/A N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\magiskhid = "C:\\Users\\Admin\\Downloads\\Rnq\\magiskhid.exe" C:\Windows\system32\reg.exe N/A

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Users\Admin\Desktop\desktop.ini C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tmp4A0B.tmp.jpg" C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Visual c++2020.exe C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe N/A
File opened for modification C:\Program Files\Visual c++2020.exe C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\setuperr.log C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe N/A
File opened for modification C:\Windows\system.ini C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe N/A
File opened for modification C:\Windows\WMSysPr9.prx C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe N/A
File opened for modification C:\Windows\Professional.xml C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe N/A
File opened for modification C:\Windows\PFRO.log C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe N/A
File opened for modification C:\Windows\win.ini C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe N/A
File created C:\Windows\Рыгалка.exe C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe N/A
File opened for modification C:\Windows\lsasetup.log C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe N/A
File opened for modification C:\Windows\bootstat.dat C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe N/A
File opened for modification C:\Windows\WindowsShell.Manifest C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe N/A
File opened for modification C:\Windows\WindowsUpdate.log C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe N/A
File created C:\Windows\xdwd.dll C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe N/A
File opened for modification C:\Windows\mib.bin C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe N/A
File opened for modification C:\Windows\setupact.log C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe N/A
File opened for modification C:\Windows\DtcInstall.log C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe N/A

Enumerates physical storage devices

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Control Panel

evasion
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\Desktop\WallpaperStyle = "2" C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\Desktop\TileWallpaper = "0" C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia\Audio Compression Manager C:\Windows\Рыгалка.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia\Audio Compression Manager\MSACM C:\Windows\Рыгалка.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia\Audio Compression Manager\Priority v4.00 C:\Windows\Рыгалка.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia\Audio Compression Manager\ C:\Windows\Рыгалка.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia\Audio Compression Manager\ C:\Windows\Рыгалка.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia\Audio Compression Manager\Priority v4.00 C:\Windows\Рыгалка.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia\Audio Compression Manager\MSACM C:\Windows\Рыгалка.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software C:\Windows\Рыгалка.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia\Audio Compression Manager\MSACM C:\Windows\Рыгалка.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia\Audio Compression Manager\MSACM C:\Windows\Рыгалка.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia\Audio Compression Manager\Priority v4.00 C:\Windows\Рыгалка.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia\Audio Compression Manager\ C:\Windows\Рыгалка.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia\Audio Compression Manager\Priority v4.00 C:\Windows\Рыгалка.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia\Audio Compression Manager\ C:\Windows\Рыгалка.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia\Audio Compression Manager\Priority v4.00 C:\Windows\Рыгалка.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia\Audio Compression Manager\ C:\Windows\Рыгалка.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia C:\Windows\Рыгалка.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia\Audio Compression Manager\ C:\Windows\Рыгалка.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft C:\Windows\Рыгалка.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia\Audio Compression Manager\MSACM C:\Windows\Рыгалка.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia\Audio Compression Manager\Priority v4.00 C:\Windows\Рыгалка.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia\Audio Compression Manager\MSACM C:\Windows\Рыгалка.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings C:\Users\Admin\Downloads\Rnq\svhost.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\NOTEPAD.EXE N/A
N/A N/A C:\Windows\System32\NOTEPAD.EXE N/A
N/A N/A C:\Windows\System32\NOTEPAD.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe N/A
N/A N/A C:\Windows\System32\NOTEPAD.EXE N/A
N/A N/A C:\Windows\System32\NOTEPAD.EXE N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3616 wrote to memory of 1788 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3616 wrote to memory of 1788 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3616 wrote to memory of 2368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3616 wrote to memory of 2368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3616 wrote to memory of 2368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3616 wrote to memory of 2368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3616 wrote to memory of 2368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3616 wrote to memory of 2368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3616 wrote to memory of 2368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3616 wrote to memory of 2368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3616 wrote to memory of 2368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3616 wrote to memory of 2368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3616 wrote to memory of 2368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3616 wrote to memory of 2368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3616 wrote to memory of 2368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3616 wrote to memory of 2368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3616 wrote to memory of 2368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3616 wrote to memory of 2368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3616 wrote to memory of 2368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3616 wrote to memory of 2368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3616 wrote to memory of 2368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3616 wrote to memory of 2368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3616 wrote to memory of 2368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3616 wrote to memory of 2368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3616 wrote to memory of 2368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3616 wrote to memory of 2368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3616 wrote to memory of 2368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3616 wrote to memory of 2368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3616 wrote to memory of 2368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3616 wrote to memory of 2368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3616 wrote to memory of 2368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3616 wrote to memory of 2368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3616 wrote to memory of 2368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3616 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3616 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3616 wrote to memory of 1888 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3616 wrote to memory of 1888 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3616 wrote to memory of 1888 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3616 wrote to memory of 1888 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3616 wrote to memory of 1888 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3616 wrote to memory of 1888 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3616 wrote to memory of 1888 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3616 wrote to memory of 1888 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3616 wrote to memory of 1888 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3616 wrote to memory of 1888 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3616 wrote to memory of 1888 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3616 wrote to memory of 1888 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3616 wrote to memory of 1888 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3616 wrote to memory of 1888 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3616 wrote to memory of 1888 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3616 wrote to memory of 1888 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3616 wrote to memory of 1888 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3616 wrote to memory of 1888 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3616 wrote to memory of 1888 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3616 wrote to memory of 1888 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3616 wrote to memory of 1888 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3616 wrote to memory of 1888 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3616 wrote to memory of 1888 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3616 wrote to memory of 1888 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3616 wrote to memory of 1888 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3616 wrote to memory of 1888 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3616 wrote to memory of 1888 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3616 wrote to memory of 1888 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3616 wrote to memory of 1888 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\fg2.th

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcccf6ab58,0x7ffcccf6ab68,0x7ffcccf6ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1788 --field-trial-handle=1924,i,16133020028262964803,7879353880462447009,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2000 --field-trial-handle=1924,i,16133020028262964803,7879353880462447009,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2260 --field-trial-handle=1924,i,16133020028262964803,7879353880462447009,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2908 --field-trial-handle=1924,i,16133020028262964803,7879353880462447009,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2916 --field-trial-handle=1924,i,16133020028262964803,7879353880462447009,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4392 --field-trial-handle=1924,i,16133020028262964803,7879353880462447009,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4576 --field-trial-handle=1924,i,16133020028262964803,7879353880462447009,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4692 --field-trial-handle=1924,i,16133020028262964803,7879353880462447009,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4724 --field-trial-handle=1924,i,16133020028262964803,7879353880462447009,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4732 --field-trial-handle=1924,i,16133020028262964803,7879353880462447009,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4656 --field-trial-handle=1924,i,16133020028262964803,7879353880462447009,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4304 --field-trial-handle=1924,i,16133020028262964803,7879353880462447009,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3456 --field-trial-handle=1924,i,16133020028262964803,7879353880462447009,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2924 --field-trial-handle=1924,i,16133020028262964803,7879353880462447009,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4892 --field-trial-handle=1924,i,16133020028262964803,7879353880462447009,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2484 --field-trial-handle=1924,i,16133020028262964803,7879353880462447009,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2640 --field-trial-handle=1924,i,16133020028262964803,7879353880462447009,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5024 --field-trial-handle=1924,i,16133020028262964803,7879353880462447009,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5128 --field-trial-handle=1924,i,16133020028262964803,7879353880462447009,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2568 --field-trial-handle=1924,i,16133020028262964803,7879353880462447009,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5352 --field-trial-handle=1924,i,16133020028262964803,7879353880462447009,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5328 --field-trial-handle=1924,i,16133020028262964803,7879353880462447009,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4136 --field-trial-handle=1924,i,16133020028262964803,7879353880462447009,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4824 --field-trial-handle=1924,i,16133020028262964803,7879353880462447009,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5500 --field-trial-handle=1924,i,16133020028262964803,7879353880462447009,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5572 --field-trial-handle=1924,i,16133020028262964803,7879353880462447009,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2668 --field-trial-handle=1924,i,16133020028262964803,7879353880462447009,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\RNQ auto.exe

"C:\Users\Admin\Downloads\RNQ auto.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4412 --field-trial-handle=1924,i,16133020028262964803,7879353880462447009,131072 /prefetch:2

C:\Users\Admin\Downloads\Rnq\svhost.exe

"C:\Users\Admin\Downloads\Rnq\svhost.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Rnq\hid.bat" "

C:\Windows\system32\reg.exe

REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /V "magiskhid" /t REG_SZ /F /D "C:\Users\Admin\Downloads\Rnq\magiskhid.exe"

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe

"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe"

C:\Windows\SysWOW64\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\hide.txt

C:\Windows\SYSTEM32\CMD.exe

"CMD" /C SchTaSKs /CrEAte /F /sc OnLoGoN /rl HighEst /tn "conhost" /tr "C:\Program Files\Visual c++2020.exe" & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /CrEAte /F /sc OnLoGoN /rl HighEst /tn "conhost" /tr "C:\Program Files\Visual c++2020.exe"

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo 5 /tn "dllhost" /tr "C:\Users\Admin\UserNit.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo 5 /tn "dllhost" /tr "C:\Users\Admin\UserNit.exe" /RL HIGHEST

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Windows\System32\NOTEPAD.EXE

"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\ewar.bat

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Windows\System32\NOTEPAD.EXE

"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\ewar.bat

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcccf6ab58,0x7ffcccf6ab68,0x7ffcccf6ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1680 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2240 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3084 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3092 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3612 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4520 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:8

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4652 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:8

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4672 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4784 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:8

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4284 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4840 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x524 0x504

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3476 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3196 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5096 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5220 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5572 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5708 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5260 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6116 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6032 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6292 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6468 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6492 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6680 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=5456 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=7132 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=6360 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6416 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=6616 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=5112 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=4996 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=2584 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=7928 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=7300 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=8172 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=7696 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=8140 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=7732 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=4860 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=7808 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=7680 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7952 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=4992 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=5992 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=8776 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=8820 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=8748 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=8624 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=6496 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=5720 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=8120 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=5696 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=7116 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=8888 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=4996 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=2748 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=8136 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=8408 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=8468 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Windows\Рыгалка.exe

C:\Windows\Рыгалка.exe /WithTokenOf:TrustedInstaller.exe

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Windows\Рыгалка.exe

C:\Windows\Рыгалка.exe /WithTokenOf:TrustedInstaller.exe

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Windows\Рыгалка.exe

C:\Windows\Рыгалка.exe /WithTokenOf:TrustedInstaller.exe

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Windows\Рыгалка.exe

C:\Windows\Рыгалка.exe /WithTokenOf:TrustedInstaller.exe

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Windows\Рыгалка.exe

C:\Windows\Рыгалка.exe /WithTokenOf:TrustedInstaller.exe

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Windows\Рыгалка.exe

C:\Windows\Рыгалка.exe /WithTokenOf:TrustedInstaller.exe

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcccf6ab58,0x7ffcccf6ab68,0x7ffcccf6ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1672 --field-trial-handle=2316,i,15174596051270661363,15287532431028550212,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1764 --field-trial-handle=2316,i,15174596051270661363,15287532431028550212,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1968 --field-trial-handle=2316,i,15174596051270661363,15287532431028550212,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2864 --field-trial-handle=2316,i,15174596051270661363,15287532431028550212,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2872 --field-trial-handle=2316,i,15174596051270661363,15287532431028550212,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4300 --field-trial-handle=2316,i,15174596051270661363,15287532431028550212,131072 /prefetch:1

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4500 --field-trial-handle=2316,i,15174596051270661363,15287532431028550212,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3488 --field-trial-handle=2316,i,15174596051270661363,15287532431028550212,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4680 --field-trial-handle=2316,i,15174596051270661363,15287532431028550212,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4648 --field-trial-handle=2316,i,15174596051270661363,15287532431028550212,131072 /prefetch:8

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4552 --field-trial-handle=2316,i,15174596051270661363,15287532431028550212,131072 /prefetch:1

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4188 --field-trial-handle=2316,i,15174596051270661363,15287532431028550212,131072 /prefetch:8

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5020 --field-trial-handle=2316,i,15174596051270661363,15287532431028550212,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4852 --field-trial-handle=2316,i,15174596051270661363,15287532431028550212,131072 /prefetch:8

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5008 --field-trial-handle=2316,i,15174596051270661363,15287532431028550212,131072 /prefetch:8

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3260 --field-trial-handle=2316,i,15174596051270661363,15287532431028550212,131072 /prefetch:1

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5020 --field-trial-handle=2316,i,15174596051270661363,15287532431028550212,131072 /prefetch:1

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4116 --field-trial-handle=2316,i,15174596051270661363,15287532431028550212,131072 /prefetch:8

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5268 --field-trial-handle=2316,i,15174596051270661363,15287532431028550212,131072 /prefetch:1

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5304 --field-trial-handle=2316,i,15174596051270661363,15287532431028550212,131072 /prefetch:1

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Users\Admin\UserNit.exe

C:\Users\Admin\UserNit.exe

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

C:\Windows\SYSTEM32\CMD.exe

"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit

C:\Windows\system32\schtasks.exe

SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST

Network

Country Destination Domain Proto
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 42.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.169.46:443 play.google.com udp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.187.206:443 clients2.google.com udp
GB 142.250.187.206:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 consent.google.com udp
GB 142.250.187.238:443 consent.google.com tcp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 oxy.name udp
US 104.21.70.24:443 oxy.name tcp
US 104.21.70.24:443 oxy.name tcp
US 8.8.8.8:53 oxy.st udp
RU 185.178.208.137:443 oxy.st tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 contextual.media.net udp
US 142.250.69.3:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 www.google.com udp
US 23.200.188.27:443 contextual.media.net tcp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 ads.themoneytizer.com udp
US 8.8.8.8:53 smatr.net udp
US 8.8.8.8:53 cdn.adlook.me udp
US 8.8.8.8:53 lg3.media.net udp
NL 88.208.46.222:443 smatr.net tcp
US 172.67.43.178:443 ads.themoneytizer.com tcp
US 172.67.43.178:443 ads.themoneytizer.com tcp
US 23.220.112.27:443 lg3.media.net tcp
US 8.8.8.8:53 yastatic.net udp
RU 193.17.93.93:443 cdn.adlook.me tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
US 8.8.8.8:53 cdn.themoneytizer.fr udp
US 8.8.8.8:53 ced.sascdn.com udp
US 8.8.8.8:53 tag.leadplace.fr udp
US 8.8.8.8:53 gum.criteo.com udp
US 8.8.8.8:53 onetag-sys.com udp
GB 142.250.187.206:443 clients2.google.com udp
US 8.8.8.8:53 137.208.178.185.in-addr.arpa udp
US 8.8.8.8:53 24.70.21.104.in-addr.arpa udp
US 8.8.8.8:53 secure.quantserve.com udp
US 8.8.8.8:53 adtrack.adleadevent.com udp
US 8.8.8.8:53 p.cpx.to udp
US 8.8.8.8:53 ogffa.net udp
US 8.8.8.8:53 counter.yadro.ru udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 27.188.200.23.in-addr.arpa udp
US 8.8.8.8:53 3.69.250.142.in-addr.arpa udp
US 8.8.8.8:53 222.46.208.88.in-addr.arpa udp
US 8.8.8.8:53 178.43.67.172.in-addr.arpa udp
US 8.8.8.8:53 27.112.220.23.in-addr.arpa udp
US 188.114.97.2:443 cdn.themoneytizer.fr tcp
FR 145.239.192.166:443 tag.leadplace.fr tcp
DE 51.89.9.252:443 onetag-sys.com tcp
BE 2.17.107.178:443 ced.sascdn.com tcp
US 8.8.8.8:53 system-notify.app udp
NL 178.250.1.11:443 gum.criteo.com tcp
NL 88.208.46.222:443 ogffa.net tcp
RU 88.212.202.52:443 counter.yadro.ru tcp
IE 99.80.69.9:443 adtrack.adleadevent.com tcp
DE 91.228.74.244:443 secure.quantserve.com tcp
IE 3.255.45.104:443 p.cpx.to tcp
GB 142.250.187.206:443 clients2.google.com tcp
DE 157.90.33.121:443 system-notify.app tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.200.10:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 ads.adlook.me udp
RU 78.140.242.36:443 ads.adlook.me tcp
US 8.8.8.8:53 rules.quantcount.com udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 8.8.8.8:53 match.adsrvr.org udp
NL 185.89.210.46:443 ib.adnxs.com tcp
US 52.223.40.198:443 match.adsrvr.org tcp
RU 78.140.242.36:443 ads.adlook.me tcp
US 104.22.53.86:443 cdn.id5-sync.com tcp
FR 18.244.28.120:443 rules.quantcount.com tcp
US 8.8.8.8:53 uidsync.net udp
DE 23.88.8.123:443 uidsync.net tcp
US 8.8.8.8:53 pixel.quantserve.com udp
US 8.8.8.8:53 s.cpx.to udp
IE 63.34.77.99:443 s.cpx.to tcp
DE 23.88.8.123:443 uidsync.net tcp
US 8.8.8.8:53 93.93.17.193.in-addr.arpa udp
US 8.8.8.8:53 215.131.154.178.in-addr.arpa udp
US 8.8.8.8:53 2.97.114.188.in-addr.arpa udp
US 8.8.8.8:53 166.192.239.145.in-addr.arpa udp
US 8.8.8.8:53 178.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 252.9.89.51.in-addr.arpa udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 9.69.80.99.in-addr.arpa udp
US 8.8.8.8:53 104.45.255.3.in-addr.arpa udp
US 8.8.8.8:53 244.74.228.91.in-addr.arpa udp
US 8.8.8.8:53 52.202.212.88.in-addr.arpa udp
US 8.8.8.8:53 121.33.90.157.in-addr.arpa udp
US 8.8.8.8:53 10.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 36.242.140.78.in-addr.arpa udp
US 8.8.8.8:53 198.40.223.52.in-addr.arpa udp
US 8.8.8.8:53 46.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 120.28.244.18.in-addr.arpa udp
US 8.8.8.8:53 86.53.22.104.in-addr.arpa udp
US 8.8.8.8:53 123.8.88.23.in-addr.arpa udp
US 8.8.8.8:53 99.77.34.63.in-addr.arpa udp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 8.8.8.8:53 id5-sync.com udp
DE 162.19.138.118:443 id5-sync.com tcp
DE 162.19.138.117:443 id5-sync.com tcp
US 8.8.8.8:53 118.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 117.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
NL 88.208.46.222:443 ogffa.net tcp
US 8.8.8.8:53 download.oxy.st udp
RU 185.178.208.137:443 download.oxy.st tcp
RU 185.178.208.137:443 download.oxy.st tcp
US 8.8.8.8:53 tmzr.themoneytizer.fr udp
US 172.67.174.127:443 tmzr.themoneytizer.fr tcp
US 8.8.8.8:53 127.174.67.172.in-addr.arpa udp
US 23.220.112.27:443 lg3.media.net udp
DE 51.89.9.252:443 onetag-sys.com udp
DE 157.90.33.121:443 uidsync.net tcp
NL 185.89.210.46:443 ib.adnxs.com tcp
DE 23.88.8.123:443 uidsync.net tcp
DE 23.88.8.123:443 uidsync.net tcp
DE 162.19.138.118:443 id5-sync.com tcp
DE 162.19.138.117:443 id5-sync.com tcp
US 8.8.8.8:53 s1.oxy.st udp
US 104.21.234.182:443 s1.oxy.st tcp
US 8.8.8.8:53 182.234.21.104.in-addr.arpa udp
US 8.8.8.8:53 lexicon.33across.com udp
NL 178.250.1.11:443 gum.criteo.com tcp
DE 162.19.138.118:443 id5-sync.com tcp
US 8.8.8.8:53 id.crwdcntrl.net udp
US 8.8.8.8:53 ww1097.smartadserver.com udp
US 35.244.193.51:443 lexicon.33across.com tcp
IE 54.72.245.162:443 id.crwdcntrl.net tcp
FR 91.134.110.129:443 ww1097.smartadserver.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
DE 162.19.138.117:443 id5-sync.com tcp
FR 91.134.110.129:443 ww1097.smartadserver.com tcp
DE 162.19.138.118:443 id5-sync.com tcp
US 8.8.8.8:53 51.193.244.35.in-addr.arpa udp
US 8.8.8.8:53 162.245.72.54.in-addr.arpa udp
US 8.8.8.8:53 129.110.134.91.in-addr.arpa udp
FR 91.134.110.129:443 ww1097.smartadserver.com tcp
FR 91.134.110.129:443 ww1097.smartadserver.com tcp
US 8.8.8.8:53 river-visible.gl.at.ply.gg udp
US 147.185.221.20:18651 river-visible.gl.at.ply.gg tcp
US 8.8.8.8:53 20.221.185.147.in-addr.arpa udp
US 147.185.221.20:18651 river-visible.gl.at.ply.gg tcp
US 147.185.221.20:18651 river-visible.gl.at.ply.gg tcp
US 147.185.221.20:18651 river-visible.gl.at.ply.gg tcp
US 147.185.221.20:18651 river-visible.gl.at.ply.gg tcp
US 147.185.221.20:18651 river-visible.gl.at.ply.gg tcp
US 147.185.221.20:18651 river-visible.gl.at.ply.gg tcp
US 8.8.8.8:53 cxcs.microsoft.net udp
NL 23.218.70.53:443 cxcs.microsoft.net tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 53.70.218.23.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 172.217.169.46:443 play.google.com udp
GB 172.217.169.46:443 play.google.com tcp
GB 142.250.187.206:443 clients2.google.com udp
GB 142.250.187.206:443 clients2.google.com tcp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 id.google.com udp
GB 216.58.204.67:443 id.google.com tcp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 2.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 en.taiwebs.com udp
US 104.21.87.138:443 en.taiwebs.com tcp
US 104.21.87.138:443 en.taiwebs.com tcp
US 8.8.8.8:53 maxcdn.bootstrapcdn.com udp
US 8.8.8.8:53 taiwebs.com udp
US 104.21.87.138:443 en.taiwebs.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 104.18.11.207:443 maxcdn.bootstrapcdn.com tcp
US 188.114.96.2:443 taiwebs.com tcp
US 188.114.96.2:443 taiwebs.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 8.8.8.8:53 services.vlitag.com udp
US 188.114.96.2:443 taiwebs.com udp
US 172.67.21.227:443 services.vlitag.com tcp
US 8.8.8.8:53 138.87.21.104.in-addr.arpa udp
US 8.8.8.8:53 207.11.18.104.in-addr.arpa udp
US 8.8.8.8:53 2.96.114.188.in-addr.arpa udp
US 8.8.8.8:53 14.24.17.104.in-addr.arpa udp
GB 142.250.200.10:443 content-autofill.googleapis.com udp
US 104.18.11.207:443 maxcdn.bootstrapcdn.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
US 172.67.21.227:443 services.vlitag.com udp
US 8.8.8.8:53 cmp.inmobi.com udp
US 8.8.8.8:53 s3.vlitag.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 imasdk.googleapis.com udp
FR 52.222.149.104:443 cmp.inmobi.com tcp
GB 142.250.200.10:443 imasdk.googleapis.com tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 227.21.67.172.in-addr.arpa udp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 226.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 104.149.222.52.in-addr.arpa udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
FR 52.222.149.104:443 cmp.inmobi.com tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 px.vliplatform.com udp
US 104.22.58.199:443 s3.vlitag.com udp
DE 141.101.120.11:443 px.vliplatform.com tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 172.67.21.227:443 s3.vlitag.com udp
US 8.8.8.8:53 api.cmp.inmobi.com udp
DE 18.157.128.118:443 api.cmp.inmobi.com tcp
US 8.8.8.8:53 prebid.a-mo.net udp
US 8.8.8.8:53 prebid-eu.creativecdn.com udp
US 8.8.8.8:53 bidder.criteo.com udp
US 8.8.8.8:53 useast.quantumdex.io udp
US 8.8.8.8:53 script.4dex.io udp
DE 141.101.120.11:443 px.vliplatform.com udp
NL 145.40.97.66:443 prebid.a-mo.net tcp
NL 145.40.97.66:443 prebid.a-mo.net tcp
US 8.8.8.8:53 pbjs.e-planning.net udp
NL 145.40.97.66:443 prebid.a-mo.net tcp
NL 145.40.97.66:443 prebid.a-mo.net tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
NL 185.184.8.90:443 prebid-eu.creativecdn.com tcp
NL 185.184.8.90:443 prebid-eu.creativecdn.com tcp
NL 185.184.8.90:443 prebid-eu.creativecdn.com tcp
NL 185.184.8.90:443 prebid-eu.creativecdn.com tcp
US 172.67.42.201:443 useast.quantumdex.io tcp
US 172.67.42.201:443 useast.quantumdex.io tcp
US 172.67.42.201:443 useast.quantumdex.io tcp
US 172.67.42.201:443 useast.quantumdex.io tcp
US 104.26.8.169:443 script.4dex.io tcp
NL 193.3.178.4:443 pbjs.e-planning.net tcp
NL 193.3.178.4:443 pbjs.e-planning.net tcp
NL 193.3.178.4:443 pbjs.e-planning.net tcp
US 104.26.8.169:443 script.4dex.io tcp
US 8.8.8.8:53 cadmus.script.ac udp
US 104.18.22.145:443 cadmus.script.ac tcp
US 8.8.8.8:53 199.58.22.104.in-addr.arpa udp
US 8.8.8.8:53 11.120.101.141.in-addr.arpa udp
US 8.8.8.8:53 229.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 118.128.157.18.in-addr.arpa udp
US 8.8.8.8:53 66.97.40.145.in-addr.arpa udp
US 8.8.8.8:53 8.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 90.8.184.185.in-addr.arpa udp
US 8.8.8.8:53 201.42.67.172.in-addr.arpa udp
US 8.8.8.8:53 169.8.26.104.in-addr.arpa udp
US 8.8.8.8:53 4.178.3.193.in-addr.arpa udp
US 8.8.8.8:53 145.22.18.104.in-addr.arpa udp
US 172.67.42.201:443 useast.quantumdex.io udp
US 8.8.8.8:53 dsp.vlitag.com udp
US 8.8.8.8:53 adsystem.pocpoc.io udp
US 8.8.8.8:53 px.pocpoc.io udp
US 172.67.75.64:443 px.pocpoc.io tcp
US 172.67.75.64:443 px.pocpoc.io tcp
US 172.67.75.64:443 px.pocpoc.io tcp
US 172.67.75.64:443 px.pocpoc.io tcp
US 172.67.75.64:443 px.pocpoc.io tcp
US 172.67.75.64:443 px.pocpoc.io tcp
US 104.26.14.167:443 px.pocpoc.io tcp
US 104.26.14.167:443 px.pocpoc.io tcp
US 104.26.14.167:443 px.pocpoc.io tcp
US 104.26.14.167:443 px.pocpoc.io tcp
US 104.26.14.167:443 px.pocpoc.io tcp
US 104.26.14.167:443 px.pocpoc.io tcp
US 8.8.8.8:53 static.vliplatform.com udp
US 8.8.8.8:53 odb.outbrain.com udp
FR 199.232.170.132:443 odb.outbrain.com tcp
FR 199.232.170.132:443 odb.outbrain.com tcp
FR 199.232.170.132:443 odb.outbrain.com tcp
FR 199.232.170.132:443 odb.outbrain.com tcp
FR 199.232.170.132:443 odb.outbrain.com tcp
FR 199.232.170.132:443 odb.outbrain.com tcp
FR 199.232.170.132:443 odb.outbrain.com tcp
US 8.8.8.8:53 64.75.67.172.in-addr.arpa udp
US 8.8.8.8:53 167.14.26.104.in-addr.arpa udp
US 8.8.8.8:53 widgets.outbrain.com udp
US 8.8.8.8:53 images.outbrainimg.com udp
US 23.53.113.140:443 widgets.outbrain.com tcp
US 23.53.113.140:443 widgets.outbrain.com tcp
US 23.220.113.254:443 images.outbrainimg.com tcp
US 23.220.113.254:443 images.outbrainimg.com tcp
US 8.8.8.8:53 static.criteo.net udp
US 8.8.8.8:53 log.outbrainimg.com udp
US 8.8.8.8:53 mcdp-chidc2.outbrain.com udp
NL 178.250.1.3:443 static.criteo.net tcp
US 64.74.236.95:443 mcdp-chidc2.outbrain.com tcp
US 64.74.236.95:443 mcdp-chidc2.outbrain.com tcp
US 64.74.236.95:443 mcdp-chidc2.outbrain.com tcp
US 50.31.142.127:443 log.outbrainimg.com tcp
US 50.31.142.127:443 log.outbrainimg.com tcp
US 50.31.142.127:443 log.outbrainimg.com tcp
DE 51.89.9.252:443 onetag-sys.com tcp
US 8.8.8.8:53 prg-apac.smartadserver.com udp
NL 178.250.1.11:443 gum.criteo.com tcp
US 8.8.8.8:53 132.170.232.199.in-addr.arpa udp
US 8.8.8.8:53 140.113.53.23.in-addr.arpa udp
US 8.8.8.8:53 254.113.220.23.in-addr.arpa udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 95.236.74.64.in-addr.arpa udp
US 8.8.8.8:53 127.142.31.50.in-addr.arpa udp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
FR 5.196.111.65:443 prg-apac.smartadserver.com tcp
FR 5.196.111.65:443 prg-apac.smartadserver.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 65.111.196.5.in-addr.arpa udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
NL 178.250.1.11:443 gum.criteo.com tcp
DE 162.19.138.118:443 id5-sync.com tcp
US 8.8.8.8:53 id.a-mx.com udp
NL 79.127.227.46:443 id.a-mx.com tcp
US 52.223.40.198:443 match.adsrvr.org tcp
US 8.8.8.8:53 sync.quantumdex.io udp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 s.ad.smaato.net udp
US 8.8.8.8:53 pxl.iqm.com udp
US 8.8.8.8:53 b1sync.zemanta.com udp
US 8.8.8.8:53 rtb-csync.smartadserver.com udp
US 70.42.32.159:443 b1sync.zemanta.com tcp
FR 5.196.111.73:443 rtb-csync.smartadserver.com tcp
US 3.229.202.201:443 pxl.iqm.com tcp
FR 18.164.52.25:443 s.ad.smaato.net tcp
DE 162.19.138.117:443 id5-sync.com tcp
US 8.8.8.8:53 c3.a-mo.net udp
DE 79.127.216.47:443 c3.a-mo.net tcp
US 8.8.8.8:53 match.sharethrough.com udp
FR 5.196.111.73:443 rtb-csync.smartadserver.com tcp
DE 18.194.142.248:443 match.sharethrough.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 8.8.8.8:53 br0wsers.com udp
US 104.21.75.28:443 br0wsers.com tcp
US 104.21.75.28:443 br0wsers.com tcp
US 8.8.8.8:53 ssp.disqus.com udp
US 8.8.8.8:53 rtb.mfadsrvr.com udp
US 8.8.8.8:53 sync.mathtag.com udp
US 8.8.8.8:53 pixel-eu.rubiconproject.com udp
NL 185.89.210.46:443 ib.adnxs.com tcp
US 8.8.8.8:53 ads.stickyadstv.com udp
US 8.8.8.8:53 pixel.rubiconproject.com udp
US 8.8.8.8:53 cs.admanmedia.com udp
US 8.8.8.8:53 t.adx.opera.com udp
US 8.8.8.8:53 ssbsync-global.smartadserver.com udp
US 35.175.159.193:443 ssp.disqus.com tcp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 74.121.140.211:443 sync.mathtag.com tcp
US 8.8.8.8:53 image8.pubmatic.com udp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
US 80.77.87.163:443 cs.admanmedia.com tcp
NL 82.145.213.8:443 t.adx.opera.com tcp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
NL 154.57.158.115:443 ads.stickyadstv.com tcp
US 8.8.8.8:53 sync.adkernel.com udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 s.amazon-adsystem.com udp
FR 51.178.195.213:443 ssbsync-global.smartadserver.com tcp
US 172.64.151.101:443 ssum-sec.casalemedia.com tcp
US 172.67.40.173:443 spl.zeotap.com tcp
GB 185.64.191.214:443 image8.pubmatic.com tcp
NL 77.245.57.72:443 sync.adkernel.com tcp
US 52.46.130.91:443 s.amazon-adsystem.com tcp
DE 18.192.161.231:443 rtb.mfadsrvr.com tcp
GB 172.217.169.2:443 cm.g.doubleclick.net tcp
GB 172.217.169.2:443 cm.g.doubleclick.net tcp
US 172.64.151.101:443 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 46.227.127.79.in-addr.arpa udp
US 8.8.8.8:53 73.111.196.5.in-addr.arpa udp
US 8.8.8.8:53 25.52.164.18.in-addr.arpa udp
US 8.8.8.8:53 159.32.42.70.in-addr.arpa udp
US 8.8.8.8:53 201.202.229.3.in-addr.arpa udp
US 8.8.8.8:53 47.216.127.79.in-addr.arpa udp
US 8.8.8.8:53 91.149.214.35.in-addr.arpa udp
US 8.8.8.8:53 248.142.194.18.in-addr.arpa udp
US 8.8.8.8:53 28.75.21.104.in-addr.arpa udp
US 8.8.8.8:53 148.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 8.213.145.82.in-addr.arpa udp
US 8.8.8.8:53 115.158.57.154.in-addr.arpa udp
US 80.77.87.163:443 cs.admanmedia.com tcp
US 8.8.8.8:53 ads.pubmatic.com udp
US 23.53.112.234:443 ads.pubmatic.com tcp
US 8.8.8.8:53 sync.1rx.io udp
NL 46.228.174.117:443 sync.1rx.io tcp
NL 77.245.57.72:443 sync.adkernel.com tcp
NL 77.245.57.72:443 sync.adkernel.com tcp
NL 77.245.57.72:443 sync.adkernel.com tcp
GB 172.217.169.2:443 cm.g.doubleclick.net udp
US 8.8.8.8:53 cs-server-s2s.yellowblue.io udp
NL 46.228.174.117:443 sync.1rx.io tcp
US 3.228.191.36:443 cs-server-s2s.yellowblue.io tcp
US 104.18.11.207:443 maxcdn.bootstrapcdn.com udp
US 8.8.8.8:53 img.softwaresblue.com udp
US 104.21.75.28:443 br0wsers.com udp
US 172.67.155.52:443 img.softwaresblue.com tcp
US 172.67.155.52:443 img.softwaresblue.com tcp
US 172.67.155.52:443 img.softwaresblue.com tcp
US 8.8.8.8:53 ads.betweendigital.com udp
NL 188.42.191.196:443 ads.betweendigital.com tcp
US 172.67.155.52:443 img.softwaresblue.com udp
GB 142.250.187.238:443 fundingchoicesmessages.google.com tcp
US 8.8.8.8:53 213.195.178.51.in-addr.arpa udp
US 8.8.8.8:53 101.151.64.172.in-addr.arpa udp
US 8.8.8.8:53 173.40.67.172.in-addr.arpa udp
US 8.8.8.8:53 193.159.175.35.in-addr.arpa udp
US 8.8.8.8:53 214.191.64.185.in-addr.arpa udp
US 8.8.8.8:53 211.140.121.74.in-addr.arpa udp
US 8.8.8.8:53 72.57.245.77.in-addr.arpa udp
US 8.8.8.8:53 231.161.192.18.in-addr.arpa udp
US 8.8.8.8:53 2.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 91.130.46.52.in-addr.arpa udp
US 8.8.8.8:53 234.112.53.23.in-addr.arpa udp
US 8.8.8.8:53 117.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 36.191.228.3.in-addr.arpa udp
US 8.8.8.8:53 52.155.67.172.in-addr.arpa udp
US 8.8.8.8:53 196.191.42.188.in-addr.arpa udp
GB 142.250.179.226:443 googleads.g.doubleclick.net udp
US 216.239.32.36:443 region1.google-analytics.com udp
GB 142.250.187.238:443 fundingchoicesmessages.google.com udp
GB 142.250.200.10:443 imasdk.googleapis.com udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 3.165.118.121:443 c.amazon-adsystem.com tcp
US 147.185.221.20:18651 river-visible.gl.at.ply.gg tcp
GB 142.250.187.238:443 fundingchoicesmessages.google.com udp
US 3.165.118.121:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 151.101.1.229:443 cdn.jsdelivr.net udp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
FR 52.84.174.60:443 config.aps.amazon-adsystem.com tcp
FR 3.162.36.191:443 aax.amazon-adsystem.com tcp
FR 3.162.36.191:443 aax.amazon-adsystem.com tcp
FR 3.162.36.191:443 aax.amazon-adsystem.com tcp
FR 3.162.36.191:443 aax.amazon-adsystem.com tcp
FR 3.162.36.191:443 aax.amazon-adsystem.com tcp
US 8.8.8.8:53 163.87.77.80.in-addr.arpa udp
US 8.8.8.8:53 121.118.165.3.in-addr.arpa udp
US 8.8.8.8:53 60.174.84.52.in-addr.arpa udp
US 8.8.8.8:53 191.36.162.3.in-addr.arpa udp
US 8.8.8.8:53 eb2.3lift.com udp
US 76.223.111.18:443 eb2.3lift.com tcp
US 8.8.8.8:53 eexsync.com udp
US 80.77.87.108:443 eexsync.com tcp
US 8.8.8.8:53 ap.lijit.com udp
IE 3.248.69.24:443 ap.lijit.com tcp
US 8.8.8.8:53 i.liadm.com udp
US 8.8.8.8:53 image2.pubmatic.com udp
US 44.195.167.64:443 i.liadm.com tcp
GB 185.64.191.210:443 image2.pubmatic.com tcp
US 8.8.8.8:53 ups.analytics.yahoo.com udp
DE 3.71.149.231:443 ups.analytics.yahoo.com tcp
US 8.8.8.8:53 vid.vidoomy.com udp
GB 195.181.164.15:443 vid.vidoomy.com tcp
US 8.8.8.8:53 cache.betweendigital.com udp
US 8.8.8.8:53 crt.sectigo.com udp
DE 151.236.118.146:443 cache.betweendigital.com tcp
US 172.64.149.23:80 crt.sectigo.com tcp
US 8.8.8.8:53 18.111.223.76.in-addr.arpa udp
US 8.8.8.8:53 108.87.77.80.in-addr.arpa udp
US 8.8.8.8:53 24.69.248.3.in-addr.arpa udp
US 8.8.8.8:53 210.191.64.185.in-addr.arpa udp
US 8.8.8.8:53 64.167.195.44.in-addr.arpa udp
US 8.8.8.8:53 231.149.71.3.in-addr.arpa udp
US 8.8.8.8:53 15.164.181.195.in-addr.arpa udp
US 8.8.8.8:53 image6.pubmatic.com udp
GB 185.64.190.78:443 image6.pubmatic.com tcp
US 147.185.221.20:18651 river-visible.gl.at.ply.gg tcp
US 8.8.8.8:53 px.ads.linkedin.com udp
US 8.8.8.8:53 pixel-sync.sitescout.com udp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
US 8.8.8.8:53 dis.criteo.com udp
US 13.107.42.14:443 px.ads.linkedin.com tcp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
NL 178.250.1.9:443 dis.criteo.com tcp
US 8.8.8.8:53 sync.bumlam.com udp
IE 67.220.224.150:443 aax-eu.amazon-adsystem.com tcp
US 8.8.8.8:53 p.rfihub.com udp
DE 31.172.81.147:443 sync.bumlam.com tcp
NL 193.0.160.131:443 p.rfihub.com tcp
US 8.8.8.8:53 simage2.pubmatic.com udp
US 34.36.216.150:443 pixel-sync.sitescout.com udp
NL 198.47.127.205:443 simage2.pubmatic.com tcp
NL 198.47.127.205:443 simage2.pubmatic.com tcp
US 8.8.8.8:53 cms.quantserve.com udp
DE 91.228.74.159:443 cms.quantserve.com tcp
US 8.8.8.8:53 sync.crwdcntrl.net udp
IE 52.48.212.10:443 sync.crwdcntrl.net tcp
IE 52.48.212.10:443 sync.crwdcntrl.net tcp
US 8.8.8.8:53 dsum-sec.casalemedia.com udp
US 8.8.8.8:53 pr-bh.ybp.yahoo.com udp
IE 63.32.137.205:443 pr-bh.ybp.yahoo.com tcp
US 8.8.8.8:53 x01.aidata.io udp
RU 89.108.119.43:443 x01.aidata.io tcp
US 8.8.8.8:53 sync.adotmob.com udp
US 8.8.8.8:53 cm.smadex.com udp
US 8.8.8.8:53 cr.frontend.weborama.fr udp
US 8.8.8.8:53 pixel.tapad.com udp
FR 45.137.176.88:443 sync.adotmob.com tcp
FR 52.84.174.95:443 cm.smadex.com tcp
US 34.111.129.221:443 cr.frontend.weborama.fr tcp
US 34.111.113.62:443 pixel.tapad.com tcp
US 8.8.8.8:53 146.118.236.151.in-addr.arpa udp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 78.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 150.216.36.34.in-addr.arpa udp
US 8.8.8.8:53 14.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 9.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 147.81.172.31.in-addr.arpa udp
US 8.8.8.8:53 131.160.0.193.in-addr.arpa udp
US 8.8.8.8:53 205.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 159.74.228.91.in-addr.arpa udp
US 8.8.8.8:53 10.212.48.52.in-addr.arpa udp
US 8.8.8.8:53 205.137.32.63.in-addr.arpa udp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
US 54.159.1.74:443 sync.srv.stackadapt.com tcp
US 54.159.1.74:443 sync.srv.stackadapt.com tcp
US 8.8.8.8:53 mwzeom.zeotap.com udp
US 34.111.129.221:443 cr.frontend.weborama.fr udp
US 8.8.8.8:53 csync.loopme.me udp
US 8.8.8.8:53 an.yandex.ru udp
NL 35.214.198.101:443 csync.loopme.me tcp
RU 213.180.193.90:443 an.yandex.ru tcp
US 8.8.8.8:53 um.simpli.fi udp
NL 35.204.74.118:443 um.simpli.fi tcp
US 8.8.8.8:53 c1.adform.net udp
US 8.8.8.8:53 yandex.ru udp
RU 77.88.55.88:443 yandex.ru tcp
DK 37.157.4.28:443 c1.adform.net tcp
US 8.8.8.8:53 image4.pubmatic.com udp
GB 185.64.190.81:443 image4.pubmatic.com tcp
US 8.8.8.8:53 43.119.108.89.in-addr.arpa udp
US 8.8.8.8:53 88.176.137.45.in-addr.arpa udp
US 8.8.8.8:53 95.174.84.52.in-addr.arpa udp
US 8.8.8.8:53 221.129.111.34.in-addr.arpa udp
US 8.8.8.8:53 62.113.111.34.in-addr.arpa udp
US 8.8.8.8:53 74.1.159.54.in-addr.arpa udp
US 8.8.8.8:53 101.198.214.35.in-addr.arpa udp
US 8.8.8.8:53 90.193.180.213.in-addr.arpa udp
US 8.8.8.8:53 118.74.204.35.in-addr.arpa udp
US 8.8.8.8:53 28.4.157.37.in-addr.arpa udp
US 8.8.8.8:53 88.55.88.77.in-addr.arpa udp
US 8.8.8.8:53 secure-assets.rubiconproject.com udp
NL 23.38.25.148:443 secure-assets.rubiconproject.com tcp
US 8.8.8.8:53 eus.rubiconproject.com udp
BE 23.55.98.169:443 eus.rubiconproject.com tcp
US 8.8.8.8:53 simage4.pubmatic.com udp
NL 198.47.127.20:443 simage4.pubmatic.com tcp
US 8.8.8.8:53 www.tns-counter.ru udp
RU 194.226.130.226:443 www.tns-counter.ru tcp
US 8.8.8.8:53 token.rubiconproject.com udp
NL 69.173.156.149:443 token.rubiconproject.com tcp
US 8.8.8.8:53 81.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 148.25.38.23.in-addr.arpa udp
US 8.8.8.8:53 169.98.55.23.in-addr.arpa udp
US 8.8.8.8:53 20.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 226.130.226.194.in-addr.arpa udp
NL 69.173.156.149:443 token.rubiconproject.com tcp
US 8.8.8.8:53 149.156.173.69.in-addr.arpa udp
NL 69.173.156.148:443 token.rubiconproject.com tcp
US 52.46.130.91:443 s.amazon-adsystem.com tcp
US 52.46.130.91:443 s.amazon-adsystem.com tcp
US 8.8.8.8:53 match.prod.bidr.io udp
IE 34.253.242.146:443 match.prod.bidr.io tcp
US 8.8.8.8:53 live.primis.tech udp
FR 52.222.201.106:443 live.primis.tech tcp
US 8.8.8.8:53 dsp.nrich.ai udp
FR 51.68.39.188:443 dsp.nrich.ai tcp
US 8.8.8.8:53 dsp.adfarm1.adition.com udp
DE 85.114.159.118:443 dsp.adfarm1.adition.com tcp
US 8.8.8.8:53 146.242.253.34.in-addr.arpa udp
US 8.8.8.8:53 106.201.222.52.in-addr.arpa udp
US 8.8.8.8:53 188.39.68.51.in-addr.arpa udp
US 8.8.8.8:53 118.159.114.85.in-addr.arpa udp
US 8.8.8.8:53 ad.mrtnsvr.com udp
US 34.102.163.6:443 ad.mrtnsvr.com tcp
US 34.102.163.6:443 ad.mrtnsvr.com tcp
US 8.8.8.8:53 sync-tm.everesttech.net udp
US 151.101.2.49:443 sync-tm.everesttech.net tcp
US 8.8.8.8:53 uipglob.semasio.net udp
US 8.8.8.8:53 pixel.onaudience.com udp
DK 77.243.51.121:443 uipglob.semasio.net tcp
FR 141.94.170.77:443 pixel.onaudience.com tcp
US 8.8.8.8:53 bh.contextweb.com udp
US 8.8.8.8:53 capi.connatix.com udp
NL 208.93.169.131:443 bh.contextweb.com tcp
US 172.64.146.152:443 capi.connatix.com tcp
US 8.8.8.8:53 sync.ipredictive.com udp
US 8.8.8.8:53 creativecdn.com udp
US 54.147.46.253:443 sync.ipredictive.com tcp
US 8.8.8.8:53 pubmatic-match.dotomi.com udp
NL 89.207.16.204:443 pubmatic-match.dotomi.com tcp
US 8.8.8.8:53 6.163.102.34.in-addr.arpa udp
US 8.8.8.8:53 49.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 77.170.94.141.in-addr.arpa udp
US 8.8.8.8:53 121.51.243.77.in-addr.arpa udp
US 8.8.8.8:53 131.169.93.208.in-addr.arpa udp
US 8.8.8.8:53 152.146.64.172.in-addr.arpa udp
NL 178.250.1.8:443 bidder.criteo.com tcp
US 8.8.8.8:53 mp.4dex.io udp
US 8.8.8.8:53 targeting.unrulymedia.com udp
US 8.8.8.8:53 hb.aralego.com udp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
US 104.18.34.178:443 mp.4dex.io tcp
US 104.18.34.178:443 mp.4dex.io tcp
US 104.18.34.178:443 mp.4dex.io tcp
US 192.96.203.13:443 hb.aralego.com tcp
US 192.96.203.13:443 hb.aralego.com tcp
US 8.8.8.8:53 253.46.147.54.in-addr.arpa udp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
US 8.8.8.8:53 204.16.207.89.in-addr.arpa udp
US 8.8.8.8:53 178.34.18.104.in-addr.arpa udp
US 8.8.8.8:53 115.174.228.46.in-addr.arpa udp
GB 142.250.179.226:443 googleads.g.doubleclick.net udp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
US 192.96.203.13:443 hb.aralego.com tcp
US 192.96.203.13:443 hb.aralego.com tcp
US 192.96.203.13:443 hb.aralego.com tcp
US 8.8.8.8:53 s0.2mdn.net udp
GB 216.58.204.70:443 s0.2mdn.net tcp
US 192.96.203.13:443 hb.aralego.com tcp
US 192.96.203.13:443 hb.aralego.com tcp
NL 178.250.1.3:443 static.criteo.net tcp
US 8.8.8.8:53 csi.gstatic.com udp
US 8.8.8.8:53 quantumsyndication.com udp
US 216.239.32.3:443 csi.gstatic.com tcp
US 8.8.8.8:53 13.203.96.192.in-addr.arpa udp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 70.204.58.216.in-addr.arpa udp
US 104.26.7.132:443 quantumsyndication.com tcp
US 8.8.8.8:53 pbc.vliplatform.com udp
NL 178.250.1.11:443 gum.criteo.com tcp
US 172.67.75.64:443 px.pocpoc.io udp
US 104.26.14.167:443 px.pocpoc.io udp
US 216.239.32.3:443 csi.gstatic.com udp
US 8.8.8.8:53 bid.g.doubleclick.net udp
BE 66.102.1.156:443 bid.g.doubleclick.net tcp
US 8.8.8.8:53 ssp-ads.nl3.eu.criteo.com udp
NL 178.250.1.46:443 ssp-ads.nl3.eu.criteo.com tcp
US 8.8.8.8:53 3.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 132.7.26.104.in-addr.arpa udp
US 8.8.8.8:53 156.1.102.66.in-addr.arpa udp
US 8.8.8.8:53 gcdn.2mdn.net udp
GB 142.250.178.14:443 gcdn.2mdn.net tcp
BE 66.102.1.156:443 bid.g.doubleclick.net udp
US 8.8.8.8:53 r3---sn-aigl6n6s.c.2mdn.net udp
GB 173.194.3.72:443 r3---sn-aigl6n6s.c.2mdn.net tcp
US 50.31.142.127:443 log.outbrainimg.com tcp
US 64.74.236.95:443 mcdp-chidc2.outbrain.com tcp
GB 142.250.178.14:443 gcdn.2mdn.net udp
US 8.8.8.8:53 r4---sn-aigl6nsd.c.2mdn.net udp
GB 74.125.105.41:443 r4---sn-aigl6nsd.c.2mdn.net tcp
US 104.26.7.132:443 quantumsyndication.com udp
US 8.8.8.8:53 ghent-gce-sc.bidswitch.net udp
US 8.8.8.8:53 googleads4.g.doubleclick.net udp
US 8.8.8.8:53 ade.googlesyndication.com udp
US 8.8.8.8:53 46.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 72.3.194.173.in-addr.arpa udp
US 8.8.8.8:53 41.105.125.74.in-addr.arpa udp
NL 35.214.198.101:443 csync.loopme.me tcp
NL 178.250.1.11:443 gum.criteo.com tcp
NL 79.127.227.46:443 c3.a-mo.net tcp
US 8.8.8.8:53 cdn.aralego.net udp
US 8.8.8.8:53 cat.nl3.eu.criteo.com udp
US 35.211.200.231:443 ghent-gce-sc.bidswitch.net tcp
US 8.8.8.8:53 media.grid.bidswitch.net udp
US 104.26.5.103:443 cdn.aralego.net tcp
US 35.211.200.231:443 ghent-gce-sc.bidswitch.net tcp
US 8.8.8.8:53 grid-mercury.criteo.com udp
US 8.8.8.8:53 stags.bluekai.com udp
GB 142.250.200.2:443 ade.googlesyndication.com tcp
GB 142.250.200.2:443 ade.googlesyndication.com tcp
GB 142.250.200.2:443 ade.googlesyndication.com tcp
GB 142.250.200.2:443 ade.googlesyndication.com tcp
GB 216.58.212.194:443 googleads4.g.doubleclick.net tcp
GB 216.58.212.194:443 googleads4.g.doubleclick.net tcp
NL 178.250.1.39:443 grid-mercury.criteo.com tcp
NL 178.250.1.6:443 cat.nl3.eu.criteo.com tcp
BE 23.55.96.210:443 stags.bluekai.com tcp
NL 35.214.200.194:443 media.grid.bidswitch.net tcp
NL 35.214.200.194:443 media.grid.bidswitch.net tcp
US 8.8.8.8:53 adx.g.doubleclick.net udp
US 8.8.8.8:53 103.5.26.104.in-addr.arpa udp
US 8.8.8.8:53 194.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 231.200.211.35.in-addr.arpa udp
US 8.8.8.8:53 39.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 6.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 210.96.55.23.in-addr.arpa udp
US 8.8.8.8:53 194.200.214.35.in-addr.arpa udp
US 8.8.8.8:53 sync.aralego.com udp
US 162.210.196.208:443 sync.aralego.com tcp
US 8.8.8.8:53 assets.a-mo.net udp
US 104.19.158.19:443 assets.a-mo.net tcp
US 8.8.8.8:53 ssbsync.smartadserver.com udp
FR 178.32.210.231:443 ssbsync.smartadserver.com tcp
US 8.8.8.8:53 208.196.210.162.in-addr.arpa udp
US 8.8.8.8:53 19.158.19.104.in-addr.arpa udp
US 8.8.8.8:53 231.210.32.178.in-addr.arpa udp
US 8.8.8.8:53 pulsepoint-match.dotomi.com udp
US 8.8.8.8:53 amazon-tam-match.dotomi.com udp
NL 89.207.16.137:443 pulsepoint-match.dotomi.com tcp
NL 63.215.202.140:443 amazon-tam-match.dotomi.com tcp
IE 67.220.224.150:443 aax-eu.amazon-adsystem.com tcp
GB 142.250.200.2:443 ade.googlesyndication.com udp
US 8.8.8.8:53 137.16.207.89.in-addr.arpa udp
US 8.8.8.8:53 140.202.215.63.in-addr.arpa udp
US 8.8.8.8:53 rtb.openx.net udp
US 8.8.8.8:53 ghent-gce-nl.bidswitch.net udp
US 8.8.8.8:53 cm.adform.net udp
US 8.8.8.8:53 ssum.casalemedia.com udp
US 35.186.253.211:443 rtb.openx.net tcp
NL 35.214.230.116:443 ghent-gce-nl.bidswitch.net tcp
US 8.8.8.8:53 ad.turn.com udp
US 8.8.8.8:53 pb-am.a-mo.net udp
NL 147.75.84.158:443 pb-am.a-mo.net tcp
DK 37.157.6.232:443 cm.adform.net tcp
NL 46.228.164.11:443 ad.turn.com tcp
US 8.8.8.8:53 sync.a-mo.net udp
US 35.186.253.211:443 rtb.openx.net udp
NL 145.40.97.66:443 sync.a-mo.net tcp
NL 145.40.97.66:443 sync.a-mo.net tcp
NL 145.40.97.66:443 sync.a-mo.net tcp
NL 145.40.97.66:443 sync.a-mo.net tcp
NL 145.40.97.66:443 sync.a-mo.net tcp
NL 145.40.97.66:443 sync.a-mo.net tcp
US 8.8.8.8:53 match.adsby.bidtheatre.com udp
NL 64.227.64.62:443 match.adsby.bidtheatre.com tcp
US 8.8.8.8:53 211.253.186.35.in-addr.arpa udp
US 8.8.8.8:53 116.230.214.35.in-addr.arpa udp
US 8.8.8.8:53 158.84.75.147.in-addr.arpa udp
US 8.8.8.8:53 232.6.157.37.in-addr.arpa udp
US 8.8.8.8:53 11.164.228.46.in-addr.arpa udp
US 8.8.8.8:53 62.64.227.64.in-addr.arpa udp
US 8.8.8.8:53 id.rtb.mx udp
US 8.8.8.8:53 ow.pubmatic.com udp
DE 79.127.216.47:443 id.rtb.mx tcp
NL 35.214.230.116:443 ghent-gce-nl.bidswitch.net tcp
NL 185.64.189.116:443 ow.pubmatic.com tcp
GB 216.58.212.194:443 googleads4.g.doubleclick.net udp
GB 216.58.204.70:443 s0.2mdn.net udp
US 8.8.8.8:53 116.189.64.185.in-addr.arpa udp
GB 89.187.167.7:443 vpaid.vidoomy.com tcp
US 8.8.8.8:53 sonata-notifications.taptapnetworks.com udp
US 8.8.8.8:53 a.vidoomy.com udp
DE 52.28.34.225:443 sonata-notifications.taptapnetworks.com tcp
ES 212.36.83.245:443 a.vidoomy.com tcp
ES 212.36.83.245:443 a.vidoomy.com tcp
US 8.8.8.8:53 7.167.187.89.in-addr.arpa udp
US 8.8.8.8:53 245.83.36.212.in-addr.arpa udp
US 8.8.8.8:53 free.webcompanion.com udp
US 45.63.66.114:443 free.webcompanion.com tcp
US 45.63.66.114:443 free.webcompanion.com tcp
US 147.185.221.20:18651 river-visible.gl.at.ply.gg tcp
US 104.17.24.14:443 cdnjs.cloudflare.com udp
US 45.63.66.114:443 free.webcompanion.com tcp
US 45.63.66.114:443 free.webcompanion.com tcp
US 45.63.66.114:443 free.webcompanion.com tcp
US 8.8.8.8:53 114.66.63.45.in-addr.arpa udp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 104.19.177.52:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 52.177.19.104.in-addr.arpa udp
US 45.63.66.114:443 free.webcompanion.com tcp
US 8.8.8.8:53 www.clarity.ms udp
US 13.107.246.64:443 www.clarity.ms tcp
US 104.17.24.14:443 cdnjs.cloudflare.com udp
US 104.19.177.52:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 104.18.32.137:443 geolocation.onetrust.com tcp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 137.32.18.104.in-addr.arpa udp
US 8.8.8.8:53 c.clarity.ms udp
US 8.8.8.8:53 x.clarity.ms udp
IE 68.219.88.97:443 c.clarity.ms tcp
US 20.114.190.119:443 x.clarity.ms tcp
US 8.8.8.8:53 csm.nl3.eu.criteo.net udp
US 8.8.8.8:53 c.bing.com udp
NL 178.250.1.25:443 csm.nl3.eu.criteo.net tcp
US 204.79.197.237:443 c.bing.com tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 www.google.co.uk udp
BE 74.125.71.157:443 stats.g.doubleclick.net tcp
GB 142.250.200.10:443 imasdk.googleapis.com udp
US 8.8.8.8:53 97.88.219.68.in-addr.arpa udp
US 8.8.8.8:53 119.190.114.20.in-addr.arpa udp
US 8.8.8.8:53 25.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 157.71.125.74.in-addr.arpa udp
NL 35.214.198.101:443 csync.loopme.me tcp
US 8.8.8.8:53 d5p.de17a.com udp
SE 213.155.156.182:443 d5p.de17a.com tcp
US 8.8.8.8:53 cm-supply-web.gammaplatform.com udp
SG 35.186.154.107:443 cm-supply-web.gammaplatform.com tcp
US 35.186.193.173:443 ipac.ctnsnet.com tcp
US 8.8.8.8:53 core.iprom.net udp
SI 195.5.165.20:443 core.iprom.net tcp
SG 35.186.154.107:443 cm-supply-web.gammaplatform.com tcp
US 8.8.8.8:53 green.erne.co udp
FR 141.94.242.204:443 green.erne.co tcp
US 8.8.8.8:53 182.156.155.213.in-addr.arpa udp
US 8.8.8.8:53 173.193.186.35.in-addr.arpa udp
US 8.8.8.8:53 20.165.5.195.in-addr.arpa udp
US 8.8.8.8:53 cm.adgrx.com udp
IE 54.217.19.5:443 cm.adgrx.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
US 8.8.8.8:53 pixel-eu.onaudience.com udp
US 8.8.8.8:53 a.tribalfusion.com udp
FR 141.94.171.216:443 pixel-eu.onaudience.com tcp
US 104.18.24.173:443 a.tribalfusion.com tcp
US 8.8.8.8:53 ps.eyeota.net udp
NL 46.228.174.117:443 sync.1rx.io tcp
DE 3.122.214.165:443 ps.eyeota.net tcp
US 8.8.8.8:53 s.tribalfusion.com udp
NL 46.228.164.11:443 ad.turn.com tcp
US 8.8.8.8:53 sync.targeting.unrulymedia.com udp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
US 8.8.8.8:53 204.242.94.141.in-addr.arpa udp
US 8.8.8.8:53 5.19.217.54.in-addr.arpa udp
US 8.8.8.8:53 216.171.94.141.in-addr.arpa udp
US 8.8.8.8:53 173.24.18.104.in-addr.arpa udp
US 8.8.8.8:53 165.214.122.3.in-addr.arpa udp
US 8.8.8.8:53 privacyportal-eu.onetrust.com udp
US 104.18.32.137:443 privacyportal-eu.onetrust.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 172.217.169.46:443 play.google.com udp
GB 172.217.169.46:443 play.google.com tcp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.187.206:443 clients2.google.com udp
GB 142.250.187.206:443 clients2.google.com tcp
GB 142.250.187.196:443 www.google.com udp
GB 216.58.204.67:443 id.google.com udp
US 104.21.87.138:443 en.taiwebs.com udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn2.gstatic.com udp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.180.14:443 encrypted-tbn2.gstatic.com tcp
US 8.8.8.8:53 14.180.250.142.in-addr.arpa udp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com udp
US 104.18.11.207:443 maxcdn.bootstrapcdn.com udp
US 188.114.96.2:443 taiwebs.com udp
US 104.21.87.138:443 en.taiwebs.com udp
US 104.17.24.14:443 cdnjs.cloudflare.com udp
US 8.8.8.8:53 services.vlitag.com udp
US 172.67.21.227:445 services.vlitag.com tcp
US 104.18.11.207:443 maxcdn.bootstrapcdn.com udp
GB 142.250.179.226:443 adx.g.doubleclick.net udp
US 104.18.11.207:443 maxcdn.bootstrapcdn.com tcp
US 104.22.59.199:445 services.vlitag.com tcp
US 104.22.58.199:445 services.vlitag.com tcp
US 172.67.21.227:139 services.vlitag.com tcp
US 104.21.75.28:443 br0wsers.com udp
US 172.67.155.52:443 img.softwaresblue.com udp
GB 142.250.187.238:443 fundingchoicesmessages.google.com udp
GB 142.250.187.238:443 fundingchoicesmessages.google.com tcp
GB 142.250.179.226:443 adx.g.doubleclick.net udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
GB 142.250.179.226:443 adx.g.doubleclick.net tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp

Files

\??\pipe\crashpad_3616_RWKMMPLOGFPGDNKK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 22f766927df8106abe4cbfbbb3dad9a9
SHA1 8fbea63a5b8711a96cac89865cd7dbac7b7ebd5c
SHA256 8ca020d022304a022b467b7906b599e21ae349a9353f2c465ab1042fed634d60
SHA512 413d3af0d2a475f464170ea54a9530ca75d16d00b78d5be50b01a1dc4062a7b7ca8c9ea210da7187b8c210ab67e32e3e3ed48f07100fe91b0bc8f6f686129a1c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 316676234c93b29e5fc30dbf44cf1cab
SHA1 2373d2e24a2ab881d56e52227d99316d9d435b94
SHA256 6736c7c9daa689507fd36e2c6d92fa2e75cfdbea0f2c4738c646a998d2093598
SHA512 f3f26df532e932b38142097616ee81425cfe4e6b6739bc59707f5a879508f0e1c6d0d5420664507ab460074327983878b5b12614f0cae0d3546b126e5bb9f268

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d0d602eaeecbe90b35d7f53b0d692303
SHA1 9ce27388d1720ef372e261dd1f6e801c826aaa95
SHA256 35c39cd5dc4878201a75510ea391d18ae2c4ee9b2cb34b33c90e9554f47cf4ba
SHA512 916c9caaacccf8e65d1187a3e1ca132abe162cd9c406f39fd7976b03b6c083ad3dacd4cfecfbb1721f37543b283970dba47088a4c21cfd6fe99bfcf6e6fa6373

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 3904cece7ecc561b5c436743b410caae
SHA1 aacbca00d946004805b034ec619e88c0337578a7
SHA256 49b90b6147a88e47c63df999b4f636b31f2aa91286cfa5c544e120437b554ee5
SHA512 8b953d092370d9b5cc5f14e34e4ec52094b5b38d05c5dcf1d7b7a9e096e2c2663fc2cdb66c4b870ac711cac247113a5f21bcadf6b5abe0e740b092fb7ab920de

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 73a88602c7ce25bcefc3c87e22097b5a
SHA1 a8ed11477774956f52a1b977d5f0177b8f79847a
SHA256 bbc7b7898fc4f3c7fa412533d23375f52c5f9d13a6000cfc94cc09b3f9cd7af0
SHA512 c843be9c0a43298e07a0efff8d19bb8f29e6e5116d32179070633ab054003ffc624c5fa1fa56ab8846d1089ffac38f8115fc197d8ea56c66f29c7b5275491b7b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d3b224f86c1134a752b367d1e6f5a6d4
SHA1 338c50c64f5fb954b23a7a3848592fc949be8753
SHA256 0f9bb4c8608fd0cc16c0ee726582ac8b9c19ad7dde042ffeacf178882ea72ef6
SHA512 8b195b90e11517440c59546a27b8044da239a25b0b7978e22191f83b611028b9807237e89a3953787307a25952a4e6edf5f4688c7f6092298aae00647adf6da8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 55169f95ebd40c48f57c3f6c076b914e
SHA1 5579e7f02d2306bb93ad44643423451f3d01349c
SHA256 ea2f1054dee7881960e124e715d425df2c9027cefe448e67a711de2fe62ede1f
SHA512 c5d49e2fe43e2299b5bea6857af08f2ff5336996b4b488baa08aa2f6a8986cdff011900ac32a45ad84e97c6a9a392df3db0b1891072b6e4a3f2e8ef7f2645efa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e03b9322900c22f371c3ee7025ff1bf7
SHA1 cfcd8b79495ba5a9c5eb46ea970ada4930706c7d
SHA256 95e9a440030a452e8bac8062a318be4fe726a78bacfa4ab4dd478b7e7095f673
SHA512 170271bc126f08b085bb3062395ed00d52c22cbeac53cdb210818477ccc24c8790ad179817321454cd5843926e9b2934b2ddaaca6b6120109f91d0cee09cfdaa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 65bd542def6cced64edff778657b4a26
SHA1 1fcdd7952a10856c47369cc268ba63faf4339308
SHA256 728712aca2aa18678a7942f60c513c0cc492165be6eb3b2c8e8fe745f1408be1
SHA512 6b9b2cfdc7afb11149fd2e129b5ac30eaa36e5f97c015ac913bbe63ec6612fa5b512152da44043be00aa0c78693300dc7e8fd04aed4b93fb0a568008509fd955

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_download.oxy.st_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_oxy.st_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e35ce773a70247c977b06fab8cc9175c
SHA1 fde646be9f440df780859b4e0aa1b54dc76799c8
SHA256 87d818a2ca1aee176564487a5814316ca21f701889bc77bcd5e53832f38934ad
SHA512 9011e1d0f8187fba6eee8a12632de49de216af96a993874197863aedd4e795d62f92317c12325984e6542cd96700ae207fecff764c9005c65221b8d01324c216

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ec050e68a8e3deb88b71e1c5dc354f9d
SHA1 416a2017a14cc0f516a5c39915b0391104acec26
SHA256 0ebf4b217b0eaa0427704d209258cd2c69728ae4ee8f3fcc2b4ae082abbf1c26
SHA512 cfdcdc78208cc979929ea9f558d4d43345daf40ab2fdfc1748e70491d4b333130cb3ebe88d2e4cd2a097875b7260a91f18b000b8f9c22943cb567600577d7802

C:\Users\Admin\Downloads\Unconfirmed 950543.crdownload

MD5 9a53b8febfa6fe55e47a560da3a52e50
SHA1 94fc3086a06970d688c6a28c41788b4f6660b5fd
SHA256 d919a0e0808f7033cec5f5489c735650ec41034823fe5f8b380f21b195303518
SHA512 a90eabc2d2edb636b8cc3557344bb5721a83406b388ff112502ebc6ddd43d98b507f894141098120c632aaa4f55cc1b9c97fab463d415b3593887f4584100cd6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9548279ed95c13dd03213a1a87137abd
SHA1 3c866fea989e4dca86c9375c140305fd704af8de
SHA256 30da20bcb4538c67ec823d21b7317ebcb303d7c409a557d7daf68d245a6b3652
SHA512 d38d57543a2328447717910b6df977bfe941afb90172903adccf5febcdaa1514aa38c5135ff8a2b6a01a7053f87b3ae0464435f6bac585dcef05c9f1f4db7d11

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 a3124bd673b8a32c979dd2a6e63a7621
SHA1 46232fa53c3beb6e6c3c0c0884364277a018f718
SHA256 79df66406f65892ba3e8699bb78eccc195b3a6197ced62b4a8e9545b5c7eccde
SHA512 8480d18b50b24f820ce49321f3721709949fb0d390ef191cbe87d48eae00681e17f5765d7d75ee29ad4f675da748f3bac726b1296efd0be0bb2b9479bb162d0c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e50dc1a0607f5e02455403a7a5d933ff
SHA1 ccebdaa7a574541bc76e41613f7651cdd253af0b
SHA256 7f7709578330ba825094b8435c7788a4318e7b7040df88f42ec602ed10cf9c3f
SHA512 9039636cb112b5e27199d881c323243c188b412f319ea088b7e417944cb85b47cfd67f5e6424341ed49bdc63eb61572f39ffda96c1369181be4da610d2c5c9f5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f1bc2a43b317b83c2880917a4a4dafe3
SHA1 d68e35b410846c29852d54eb1e07adaa5a5e61b5
SHA256 9445f9ffc96c96e1edb034a7d96be4249ee67f6187de02c82ef16c070b083469
SHA512 4310e9c17d16f2cc6c21eef96a420868e9501b3e42491eac3f177fe5e3e099dd19f507403ac488da989aeb8449da6faf2a5f489f0cbc290ae8b0ef77431d99f8

C:\Users\Admin\Downloads\Rnq\svhost.exe

MD5 478ab7081d3c260dbdc76e5c9ff6fa03
SHA1 b8b9235ca3a9f5912139be095b9e1e455f9080a1
SHA256 886759a396b301a72e1cdf9eb0db9c4e884ea10f30b54dfc1ba2841f455156c1
SHA512 dcf49c0f339dba86cf18e4276cb471be1afdf3db253a4013df28d8ae9c557f3080e4a6c980a306ad86bbe09521281f0a651102f2dd017cd193803430ff5bc586

C:\Users\Admin\Downloads\Rnq\hid.bat

MD5 604560862301f2b4c8b3f8e028d38225
SHA1 aa6f403f5810bcb7343bf405a99e6873b5d41872
SHA256 eea2b135206044c2c3497b606d842ae457907bd5602e037cedec8ec2ecc758db
SHA512 b3d494aae0ee7ba5976f2b4bf1b576dfc2bf8d0528466314183949de8e998fb27f65e2cb2c3cc0ca752bd41d238d3df7573d2c60ada806e4db2a78978e10c771

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe

MD5 e6293458c2247ce2c122a36b00981309
SHA1 45f9dbbad3e497295d635593f2efbe416d68bd2a
SHA256 7ebc5228681441951fdecb37fbbeb6a9a060d22976220879e611c7a326dba9c5
SHA512 a28fa4445eb1247332fa950d2f20a35f5ab4e881a99a47de5ca4ec023ad402f53aa26c733f0ebd7d46eff13883ef84a2ca8e1ad1c2a05b495115bb46c02b1d90

memory/2508-439-0x0000000000AA0000-0x0000000000B46000-memory.dmp

memory/3056-441-0x0000000000400000-0x00000000004AA000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 919d25203250415d33d2ed0e0af8e041
SHA1 cb68a844246b3b715f6eebd4cbb8c7064b2de0b9
SHA256 c2fa87ca225a4373ffa110c6e789dba16b59307f22e12e46734a0982bfc7b4c1
SHA512 154d6446e61ee9dd2df1399286bce40b5cc372d10066419c2de7b8763d62a0acec5f5f149771875a0541d583a717af8af84771644849cff3ef3c14fe953fc226

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5958f4.TMP

MD5 1b6998dce81c675953e0bc8abc218745
SHA1 89d07dceba48fdf13a1d369b7a4a09b5e94629b6
SHA256 deb599d211b101dd17a220270fd24c0ad2d9eb737b03a240244a3474476965cb
SHA512 250da5dcaf7a6493ca9dc1fa7e731cc39df4d6c706338310cd8c4e879da760cf5c3aea6cc399a838dc17eca94243db8962343840de85c760212f00227d7efc01

C:\Users\Admin\AppData\Local\Temp\hide.txt

MD5 c11cc052260b7d37cd04c34d417e92ee
SHA1 baa794ec18692bd4793c944348310417e3376ec5
SHA256 3b00bc9d6653107e344b22d5ce43d708b0d850295a3c12ccaa0ecc5c0217accd
SHA512 30de2ba2c15d7e03b6c88c88ac54f2521c07c2b25cf8375448c21840361fb6eafd02e9922bc5a424e1d7cb1a60a4a07221a5d6c4bca5f331f1b05f9d51de0db0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 8828bbb307f0d1afd91ca67a3a104b2d
SHA1 9a722caf19b8cbc977486466984514a423be93ea
SHA256 2dbea321deee90273d95e56f6d828072d0e48772b406f79e144e9d91b4eda8db
SHA512 6925fdf943a4a672823206a984a0d375fd9509c7e1f4bb3bea66386e70442c85ac656a6ca6c61f91ceb15981e281d115600bf3933339fc366494ed5948ccfff3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0e076e93210152d3831c298c5c76baf1
SHA1 2477fff788a82ef63b615bb895554b898118e639
SHA256 a307e195715056dd1113ae0b6c33c566202161dd7fc6dabd369319c69c415daa
SHA512 bdb3b9f30c95c2a9087e75527ec0fa40c6f608c9e490bae713733adc84d21fa9fb28417818ed42d7035737bc14e74347aea3ff5a2a3a34bd72d1a7f4508408eb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 a8c4da0f03567f28ec3b8f5ea2fbdafb
SHA1 d98c1deab75af4239c3420c7453c8b98bf3b230a
SHA256 8d2bd1e8a84ae1c33d4304296736e9a7af48775d3d698bb03550174e5949a244
SHA512 5d44fcf5038418e053cf881dbc1e95e9b5ac5172093678a0636e61e05084e1c9445bfab58f3e40fa3611a2430ce63164db3fdb8bbc3a8be69c7f209a2c6018bd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 efd2582ad2a2830187b45f3db0abcd04
SHA1 b1ea0a5974bfe583f170ae039a02036d7abd2ca0
SHA256 eaf1ee79dfbdab65bf32f0380d980d88f77eeb163287317d0bdd16d20c2d4ba7
SHA512 62decbbc0de0636c19d3f316c9aac2348021a26b01cb56dbf60796e1358db6e7d0a3d0cda4547df20d12692cf5ea31d1896fbaef4815795249660b2f2e9e7df5

C:\Windows\xdwd.dll

MD5 16e5a492c9c6ae34c59683be9c51fa31
SHA1 97031b41f5c56f371c28ae0d62a2df7d585adaba
SHA256 35c8d022e1d917f1aabdceae98097ccc072161b302f84c768ca63e4b32ac2b66
SHA512 20fd369172ef5e3e2fde388666b42e8fe5f0c2bfa338c0345f45e98af6561a249ba3ecc48c3f16efcc73f02ecb67b3ddb1e2e8f0e77d18fa00ac34e6379e50b6

memory/2508-686-0x000000001C430000-0x000000001C4A6000-memory.dmp

memory/2508-687-0x0000000002E90000-0x0000000002E9C000-memory.dmp

memory/2508-688-0x0000000002ED0000-0x0000000002EEE000-memory.dmp

memory/2508-716-0x000000001D3E0000-0x000000001D526000-memory.dmp

C:\Users\Admin\Desktop\ewar.bat

MD5 5d9d5e81f54d00a65d174fcefeb8cf28
SHA1 99a9176438ea7289cfcbc3a3cd52641a8651016d
SHA256 67c2bd43b07a7ef117b3b1aa1bb43ebbe1e0a4303e491106e63ef0eaf88377f6
SHA512 ae29ec95a0e35cf2b717557c9596d6f31a243179b83e87427fdb8bc4c55693e486acc23a2cfb0e3fdb57c7925aefed4d1a98e64c04986689ce45a134d7268786

memory/2508-1019-0x0000000001280000-0x000000000128A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\tmp4A0A.tmp.jpg

MD5 6a0665b50831e888400e85e918aa663e
SHA1 00c7a24a96b5d2ba038b90df2f1438bc156f7b5d
SHA256 cd7a221c88abc1dc0e2b04107e590f7bcb2d98e2677c3a1ab5d269a15ef2885c
SHA512 8be41122fcfca618713975e87799a38c4358d3b7da606d490675d9a248fcd34989a4cb981f2749e7e32090915b372754bd2e195b32ed344e82070ba3bc18599e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 efdf336c3d3a1adb92b2ad84b9e0ddf8
SHA1 d12684bf46d8efdc7fe65d72974a64f8cfc83aae
SHA256 a3b64fe67ea4be6fd1cad4f43ab347f08f3c05afd11552101ddc5f80fd3e31cc
SHA512 d47956132f95e0f8c31b0d8e8b23a7748b4fd39b6acf746e65600499bb6dac8bf3ba64843a090e41066de86eadd02aeb9c1ebd3ab9cdee4bd9d7867febbb696e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 648f8a8ecc6901ea131b19bda4dbea64
SHA1 ca13aa8a169e35ba8c940cfaa065a32e5040bcf8
SHA256 fe438ae9d73f68fbeb217d7abb0369b7a9841162eab3001b17ab44f70312d84e
SHA512 47abb88b71f630a8ad1a3b363b48553fc418e382d4a7340b42879faec1328261199d99571b446bf25b23304a950068a8acef5899b5bf9d16adbf3d6930ea289a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 43481393be17296f44dfcf8e85d83252
SHA1 486fbaae5fd2f0f97217a73802a07e589ee696c8
SHA256 5b9a4b0271450435dbf0e01f431e5e25148170b34ad80784a5aa97a68336d5dc
SHA512 4d3f7914eaa5123740a033c1d9516ea67cdae50d9a102f9e647435cf653d753b377b45644f6462265f91c352cba9d74655fe02005b4f16758a0bcc39fc381227

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 851649db86d2cfac3602a75a0497e092
SHA1 242a0ad92e2728da190abccbf220440484b49c6c
SHA256 f37b4759a7d40342b3671ab6d67abeebdfef663e287a48e7ed5d33d96e36acf8
SHA512 e4a68ec5ce203efb77138b3e8a2fcdd0a29553d5680e0d783b54d1de0e4452b00b8d47021e8341a10a861681a0eb89821e2d9b8c3b4a02f9bd781225f8b055f0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 91e11d5cb216f0f6cdf9a7652170f5b7
SHA1 b6d3b26b051fd252b22298e4333b15ddd0568bac
SHA256 41a29c7920445af1e724269709e17b03ac8fdaaeef42c4e3133b7fba6f3a3308
SHA512 68518a6f773479bca0d2c7fcb06acc1cbbc078e01cc61bce4070983c634bbec6b4de994db6c483b1a3b4535be85208fb7196e56ec784472847498dc519a2d8d3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9a3ebfc89c8bb523_0

MD5 5238af03956c284beb59f560a86bb670
SHA1 220fe2fa04ad80d53acd0257f7e75b60a5823eaa
SHA256 6da5264c6dca750eb3d318ce2679aa1c771efa2d4b97044930137882d11186fa
SHA512 c3fe420424cd0fe1d2cc8f40dfc3b7abd4911ee0f744540b2fbc3540cef9530f177e730231bd5ccced565b241627b00af17be1eceefd87e36491abd7a6258ea0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 cf122def58e2f2d42b3e3956e83dab6c
SHA1 fd7202bd40ba3b2ffd9f00b6182f15dd3d415320
SHA256 068e3d34fed50e9e7e314ac60a4fdfcc69d587a526c2b398ab8143196482e870
SHA512 e287d95380262e1bbeacbb1c74733cfef33b035dc7c84d49c7c51aca7abf9e129a010ab13155c39b1ce9e21fd0ffc839ee277c699d17e7e0fde4fda871342dd6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 81354eb603464279bc858defb0c61717
SHA1 39be98c88c391e904d537f53a592607b2a505bf4
SHA256 319447e5707a09bacc2373229bda4b58481ecde55bf4023c3a401e32a95c94f1
SHA512 63cd403e023368c378e93c72f0fa0f16ee9c6ddcae2af8f7beb2279e4b369ec4dcfd53c850b1d34146b543eacfa4710c0a98dfa06de93e9ae270905b9d6aaff2

memory/2508-1767-0x00000000012E0000-0x0000000001362000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1bc851f58db509e8272c3a33dad8d73f
SHA1 7ff1ccbf04eb1d7854ec5d705edcbbbf472093ee
SHA256 520da9dfbfa305f9258990d8d40c9d153208daf98ac5d224bffaa0dac4459689
SHA512 0eb80f721c50552f52f2cc6fca828aec23682f2e5c9166749f8afaf3cabd5d9a545eb347c7525ad5f0ec342ba0b8eb60082766c3a6fb135ec2b7c448202e53a3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 252fb7c15e4436022970144370b551a6
SHA1 e1135cd707a4aca0167bdbc2a51343a6ed69a6b5
SHA256 f6a30748fd8310dda82bb744ec45a8595261e1874bb09832b175786886e63c3a
SHA512 c712c2ee68064969a9ef30c0a970caa888d7a226809247a2d316090709df408b09420d3ebb49d0334e48d4b21cae301a959c8072b432f58854b3d5d3baa28069

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 c34ebe36365ebba331a0e2636af62c32
SHA1 9528631ba8a57465f0ba483367df74adca1afe15
SHA256 9f313a8833ddc880ec864be0df024530611520b1068191633eab520a1390f473
SHA512 149d5a15742dd65a9cb5a480deb03245ce02272db732e957eb63e5ef059db0c6b52ecf4c524189b7b6fb1c3952c818685856628aae71cb381f1788caeb07cdfc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006f

MD5 6fb26b39d8dcf2f09ef8aebb8a5ffe23
SHA1 578cac24c947a6d24bc05a6aa305756dd70e9ac3
SHA256 774379647c0a6db04a0c2662be757a730c20f13b4c03fe0b12d43c0f09e7a059
SHA512 c40f4771c10add1b20efb81ee3b61fc5ede4701587f29a1c2cdde8b6faabd1c76d769bf8b99aa19082012f95d99ba448a472463fb9056acd2e43542e14e605cd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000074

MD5 e9d809a1d7fd30047317fbd43fae61e9
SHA1 f787ab2f19856948bd9ea7aae25f45b2a8d08d8e
SHA256 0ba8c1a3ea7999dc49680abfe030219c514214972d20197ccf7def509471b72d
SHA512 e91109af437dfb88f8f97df5795a25e4efaf1a2fcf9ffff8410f19a815bcf80f62e21fe9d5de7e5b6df5e983eef8393c806e5df48353547a02b81c0780fefc50

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000083

MD5 e78f9f9e3c27e7c593b4355a84d7f65a
SHA1 562ce4ba516712d05ed293f34385d18f7138c904
SHA256 75488ac5677083f252c43009f026c2ec023ac4da3e65c5d7a084742e32abce3d
SHA512 05f9fbbd59c286024b3ad49961c4e0eaa1abcf36ed29a1d07ea73d2b057075d46fbfdda56f135145f942bd0c3d48246c73be1771c21861eec4ddf8bbc365a286

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 fc3a67aacd684e4e53518025194a7d4c
SHA1 f01e85e3b05396887bdb003c27b7ec68d40ab3b7
SHA256 63417ee2cb5dc70be7d5c0160997a5d2a3aa0fe490216de161fb0fccf81682f3
SHA512 d1618438995f1dadd10aa8b44edb71dd582122125bd099502f974ca03d8d32bf2222317029e97a0fc3ed45699efd59f8c43e0bdcbfcffdddd03f19db624a7427

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d934f0c02e4b6ef7b69879ff09e7d3cf
SHA1 db55c103e339604e544478c232987cebbc4e3a14
SHA256 d4351756637ebca1d356c889100442fb0ab1f08807a914b8e1b60aaf03810694
SHA512 a422f5e4d7769f958f3ae0cb0c34764536ec7ed9e8c4b7e25700cf67f381391886c8530e4f553a3061c8392522c6ab171dbe9cc62e60078f7dcbc11d8eff12fb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 73b649906ac6ccdd32d697e2d7ef01cb
SHA1 a714b031faa3b108bca5b79aae4ad2511f57d2f6
SHA256 3db3e43e8fb68b8b45bb1d2b0bc12d1c82f71d3b9571cd5ff4b8825fd063765c
SHA512 cbed93ad6daaceaf728037a8b6e46bed45a93e672f956ac31b1ad4db91191ca4dcc438d267871e06ca2a6bfd2cb23dc69d9e02623841fae1a2dd6a8bdfa9947d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 8b80fea165ec5a894489e40cadab6f57
SHA1 74b38280c7b21f222b0e417d62f97da6ec41999e
SHA256 d3441d75cb7058d3a3eed98009128a5615c0d81add3ec8346f79b29f977727ff
SHA512 a20d76ba3219850e9f1e2f68b8e45547cdf43c3bbc586a5aee5afb3845cedf4cf1c86992cfe7d0b0f8e63af977d6a2dcab6309b0092dbe90c8f4a5f80a1141d8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3a38af4cd9945759ec57d13b40c5e651
SHA1 7982705042b0bdc24ef833ea89c2288dbba9b51a
SHA256 83c600e235bc6aba7fb97c45223f3850f75f0bf958ce0ee3c05ab2c42eff14fd
SHA512 0c4886a35eb9af9179816e01a19c5acf0f86dd92dcb09b5039d874bc496f9e931b9d96c47d76b8e489a144beb6a6aea83894e944d35effd9efe4259a08b3320d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 48c87812dca881c8aebe9f4053e1df8d
SHA1 56bf5ede143eac6a5d01399e29d667b6d3b30b98
SHA256 51ea2bf4ca533996982bd421cc6f76459bd24ba52259c073fcc9bee5bc3d78cd
SHA512 af6cbe5d759f26eb0565c428dc98dcf16432089a188f905712f065a7d97df8a1ccc911a7bc63a9c121be6170be4db20358822436c17e660107ef059d99f75397

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 c0d0d117dd40a5122a92fd76b994d958
SHA1 263b51a4593254a0d3639d12669c5697c19c6d32
SHA256 a02239ebbc0029f9d3c08aadf4107f4e96479493885b369e95800d534073aad1
SHA512 f1a10a5b5a1846fae394d7be4a9b13545615096454e19b30dd449ab0216438fb377cf871e7375ab8d582992bf1a5dc9748b06f76c068fd1586bfcf8db410b268

memory/6400-2763-0x0000000000400000-0x0000000000454000-memory.dmp

memory/7144-2772-0x0000000000400000-0x0000000000454000-memory.dmp

memory/4476-2791-0x0000000000400000-0x0000000000454000-memory.dmp

memory/1508-2818-0x0000000000400000-0x0000000000454000-memory.dmp

memory/5008-2846-0x0000000000400000-0x0000000000454000-memory.dmp

memory/2888-2874-0x0000000000400000-0x0000000000454000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\a77c350e-edea-436f-b63d-1929fb5e25a0.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

memory/7144-2991-0x0000000000400000-0x0000000000454000-memory.dmp

memory/1508-3053-0x0000000000400000-0x0000000000454000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 90b395c7a786ae4964d4707793ec163f
SHA1 0b17fd853e3e77da1f25fd2e1a55cb18c6f38b0b
SHA256 4159426162eac0a1da4b86769ac956117d766ba3d54d9366af5de8139d56edb7
SHA512 27eab09c93d6bbd86aca0a5bf08ddf01d98e539759bcfe288ebb6130f047938b0b18a5b833cb5b629beff05de1e90db2928bb3218196fcb5d687fb70dec87d69

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3a9cd37d0c47db4b213166caaa34aa14
SHA1 1d7480b9eb69bd48c355772b0a15db964b0c4370
SHA256 79887176d9d887150a62172e3c3aea565b6e53cf8f85710afd1c9d1cd944dbbf
SHA512 fb14f80a45a55909505982571c054d6e9838fa628cc832688acaf0d27a59f0e3ba8c4cf11665f8262cd83f6bc9f4f261e702b4195725868566d28df677889f19

C:\Users\Admin\Downloads\download-mini-kms-activator-ultimate-3623 (1).html

MD5 e07f561fea46e235ab65c0747bcc8820
SHA1 f59e408c6bd591c150002133a40fce09a7196a84
SHA256 7c345d4f6f90f8ac48bfc07cb91015a8cfc5f882f2b98a8116a2b0d79ba3df8d
SHA512 7282baf21fc51af2db0eafa722984787b61cb28967a29c757ccc68f4e9e88ab3595777556524b25f7f790ed08048c25a307f14c9b304c674e0be578d4206726e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b252335851711b1ab4829bbcfa5de422
SHA1 79f689e078dbef2a33e752bd2450c1983eb24cdd
SHA256 9aac0f9174dd0c2d4cc369fdfac0850058e94917302618b31814303dd7f22616
SHA512 c66e9c21a0d3adf8a4fcf66a2a25a954f8a6fc3e21f5cd0ff64a8e617e9afcca5e14d293c2cc2bcaaf14b9d8019e0f4a26f8cc5a5dd364a6f822eedbcbbdf6db

memory/2888-3268-0x0000000000400000-0x0000000000454000-memory.dmp

memory/4476-3269-0x0000000000400000-0x0000000000454000-memory.dmp

memory/6400-3296-0x0000000000400000-0x0000000000454000-memory.dmp

memory/1508-3297-0x0000000000400000-0x0000000000454000-memory.dmp

memory/5008-3298-0x0000000000400000-0x0000000000454000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3839c4b7f9e660add44a58ca711639eb
SHA1 98c1e9c76550a5f028be355792fcdd739834eae5
SHA256 b6b6268b480d890003c8f6a561001bfea792d2db2ed556ed6b33407007fc960a
SHA512 66bac4c3e0eb6e665f8ced5acb0b7c7a39fad84aa55733100dab7cde7063857f3ae753b2ac508d351a9ad8b6be3b1e74611e7db7e6a60e261409497864ba7ede

memory/5008-3397-0x0000000000400000-0x0000000000454000-memory.dmp

memory/7144-3414-0x0000000000400000-0x0000000000454000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000aa

MD5 208962e0f3533d703b9b2ce12e8bd1fc
SHA1 3c1f06656568ae121e084128e6d64a8577bda3d1
SHA256 ae7f8271daa1fde4c317b641e1e26576b340208384bd0cf2f262ec266b8de20b
SHA512 d2aca232d2205700f9689cda1bd0710381ce82e1259975cd7784bc120602465fedc5d8fc9aa369cf1001caf3835499830dd68aa3b2515f85ea434dac1be92b6d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000ae

MD5 4b5a84aaf1c9485e060c503a0ff8cadb
SHA1 574ea2698c03ae9477db2ea3baf460ee32f1a7ea
SHA256 3c4a1bb7ce3234407184f0d80cc4dec075e4ad616b44dcc5778e1cfb1bc24019
SHA512 05196036c41398616c077925fc4bf252e81f11b6ebef8745047d75cb2c8b80441b8c3593f4d5b2617089e9f3d8d957f9edcdf8e43993661a277be8f4b6a32111

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000af

MD5 87e8230a9ca3f0c5ccfa56f70276e2f2
SHA1 eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256 e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA512 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

memory/6400-3521-0x0000000000400000-0x0000000000454000-memory.dmp

memory/2888-3541-0x0000000000400000-0x0000000000454000-memory.dmp

C:\Users\Admin\Downloads\mini-kms-activator-ultimate-3623-10088.html

MD5 7677529a05f8f6759c4a20627e88c314
SHA1 1f6d3d1c213d6a3ab05ac598bf6ff2945b2df260
SHA256 7ceb4d66f0acfc6408c12147d16a3cd1ed9abd986b98990fda43ddaa14a53807
SHA512 0ee9ed64cdf774b19759c75e82bef185b2e6ff7de02720b004918fbcf6d537d0a73c1c830b46ea1ca6efd57ec2c1897167f952d5c6a87f8fdc387dc40dc841e3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 7515da7d7ebb5eead7c91ca5fd8a89fb
SHA1 198dd04e12582a6007a98efc2d3ba28a18aca7fc
SHA256 1a0f9dc3b7053792aa32ac0b6e85a25654c80ff8d7eb0fbcd34b57a319adb28d
SHA512 5baac9f8381f0e1dc2d011fefdc83b0b08a351ae132b6572b2c70bae26663a7d374fad6437930c568d4d00e8bd29bb5be957cfede42b239aa25c2d58192d7eec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b5cea9f0035d8bcfe3fc527874686971
SHA1 ebe573fd1c538791b51f72f3a2256f804143490c
SHA256 c62de0cf0893740123bd871710c5dd8a7222a36af6ff3df80fbf82a5bf927615
SHA512 b9781c0adfb7158189cb5d5ded475296364d83379e8427ba94b75e085424af178943c2f1c6ab60deb31268b131c2680b4adbd0c08ab608d9ce4a473fbacab842

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e2e72feb3f28140a6bc37ff181dfcf83
SHA1 f0fad28f1756741e204cbebe1437e63a25751603
SHA256 ee00242afe78b4e4cbc10e14a08558649cd4619283abd8a94974c2d0b0f13dde
SHA512 2d2befb4e67d16532b20cc3a5f3810a7f39a6a86f914db55dc6eca077b2c6b8e85464f4184b4dd308e69ea6c1e0c419f0d8134ddc737ad1a3555f2af9d68f8ff

memory/6400-3658-0x0000000000400000-0x0000000000454000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 9454ebc66e2405b4fed8284940d8d9a8
SHA1 aaabeabd95e9087f0896292d3e11d3d1052895b0
SHA256 3b651bec5a9f7c25c2012b0fb64c7d33e589710a6f58828f0284db1a2df83b23
SHA512 abd8675e3ca4841948a5f949880dc4cd544f8e6ecba48e5c3545fac547616fe004e5e32f469b127b53dcbd62139c38d79086631bb327c38bd8a0613f17ef268d

memory/5008-3758-0x0000000000400000-0x0000000000454000-memory.dmp

memory/7144-3785-0x0000000000400000-0x0000000000454000-memory.dmp

memory/4476-3813-0x0000000000400000-0x0000000000454000-memory.dmp

memory/1508-3814-0x0000000000400000-0x0000000000454000-memory.dmp

memory/6400-3841-0x0000000000400000-0x0000000000454000-memory.dmp

memory/7144-3869-0x0000000000400000-0x0000000000454000-memory.dmp

memory/4476-3897-0x0000000000400000-0x0000000000454000-memory.dmp