Analysis Overview
SHA256
2363609a04549c29326c9e97b8d90a4483b800d3af84e87c23e56be260207271
Threat Level: Known bad
The file fg2.th was found to be: Known bad.
Malicious Activity Summary
Modifies WinLogon for persistence
Modifies AppInit DLL entries
Downloads MZ/PE file
Executes dropped EXE
Loads dropped DLL
Checks computer location settings
Drops startup file
Drops desktop.ini file(s)
Adds Run key to start application
Sets desktop wallpaper using registry
Drops file in Windows directory
Drops file in Program Files directory
Enumerates physical storage devices
Creates scheduled task(s)
Uses Task Scheduler COM API
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Modifies data under HKEY_USERS
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Modifies Control Panel
Opens file in notepad (likely ransom note)
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 11:34
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 11:34
Reported
2024-06-12 11:41
Platform
win10v2004-20240611-en
Max time kernel
406s
Max time network
407s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\\Windows\\System32\\userinit.exe,C:\\Program Files\\Visual c++2020.exe" | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe | N/A |
Downloads MZ/PE file
Modifies AppInit DLL entries
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\RNQ auto.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\Rnq\svhost.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe | C:\Users\Admin\Downloads\Rnq\svhost.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\RNQ auto.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Rnq\svhost.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe | N/A |
| N/A | N/A | C:\Windows\Рыгалка.exe | N/A |
| N/A | N/A | C:\Windows\Рыгалка.exe | N/A |
| N/A | N/A | C:\Windows\Рыгалка.exe | N/A |
| N/A | N/A | C:\Windows\Рыгалка.exe | N/A |
| N/A | N/A | C:\Windows\Рыгалка.exe | N/A |
| N/A | N/A | C:\Windows\Рыгалка.exe | N/A |
| N/A | N/A | C:\Users\Admin\UserNit.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\System32\NOTEPAD.EXE | N/A |
| N/A | N/A | C:\Windows\system32\wbem\WmiApSrv.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\System32\NOTEPAD.EXE | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\magiskhid = "C:\\Users\\Admin\\Downloads\\Rnq\\magiskhid.exe" | C:\Windows\system32\reg.exe | N/A |
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Desktop\desktop.ini | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tmp4A0B.tmp.jpg" | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Visual c++2020.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe | N/A |
| File opened for modification | C:\Program Files\Visual c++2020.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe | N/A |
Drops file in Windows directory
Enumerates physical storage devices
Creates scheduled task(s)
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies Control Panel
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\Desktop\WallpaperStyle = "2" | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\Desktop\TileWallpaper = "0" | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia\Audio Compression Manager | C:\Windows\Рыгалка.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia\Audio Compression Manager\MSACM | C:\Windows\Рыгалка.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia\Audio Compression Manager\Priority v4.00 | C:\Windows\Рыгалка.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia\Audio Compression Manager\ | C:\Windows\Рыгалка.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia\Audio Compression Manager\ | C:\Windows\Рыгалка.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia\Audio Compression Manager\Priority v4.00 | C:\Windows\Рыгалка.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia\Audio Compression Manager\MSACM | C:\Windows\Рыгалка.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software | C:\Windows\Рыгалка.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia\Audio Compression Manager\MSACM | C:\Windows\Рыгалка.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia\Audio Compression Manager\MSACM | C:\Windows\Рыгалка.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia\Audio Compression Manager\Priority v4.00 | C:\Windows\Рыгалка.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia\Audio Compression Manager\ | C:\Windows\Рыгалка.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia\Audio Compression Manager\Priority v4.00 | C:\Windows\Рыгалка.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia\Audio Compression Manager\ | C:\Windows\Рыгалка.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia\Audio Compression Manager\Priority v4.00 | C:\Windows\Рыгалка.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia\Audio Compression Manager\ | C:\Windows\Рыгалка.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia | C:\Windows\Рыгалка.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia\Audio Compression Manager\ | C:\Windows\Рыгалка.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft | C:\Windows\Рыгалка.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia\Audio Compression Manager\MSACM | C:\Windows\Рыгалка.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia\Audio Compression Manager\Priority v4.00 | C:\Windows\Рыгалка.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia\Audio Compression Manager\MSACM | C:\Windows\Рыгалка.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings | C:\Users\Admin\Downloads\Rnq\svhost.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\NOTEPAD.EXE | N/A |
| N/A | N/A | C:\Windows\System32\NOTEPAD.EXE | N/A |
| N/A | N/A | C:\Windows\System32\NOTEPAD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\fg2.th
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcccf6ab58,0x7ffcccf6ab68,0x7ffcccf6ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1788 --field-trial-handle=1924,i,16133020028262964803,7879353880462447009,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2000 --field-trial-handle=1924,i,16133020028262964803,7879353880462447009,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2260 --field-trial-handle=1924,i,16133020028262964803,7879353880462447009,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2908 --field-trial-handle=1924,i,16133020028262964803,7879353880462447009,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2916 --field-trial-handle=1924,i,16133020028262964803,7879353880462447009,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4392 --field-trial-handle=1924,i,16133020028262964803,7879353880462447009,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4576 --field-trial-handle=1924,i,16133020028262964803,7879353880462447009,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4692 --field-trial-handle=1924,i,16133020028262964803,7879353880462447009,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4724 --field-trial-handle=1924,i,16133020028262964803,7879353880462447009,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4732 --field-trial-handle=1924,i,16133020028262964803,7879353880462447009,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4656 --field-trial-handle=1924,i,16133020028262964803,7879353880462447009,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4304 --field-trial-handle=1924,i,16133020028262964803,7879353880462447009,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3456 --field-trial-handle=1924,i,16133020028262964803,7879353880462447009,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2924 --field-trial-handle=1924,i,16133020028262964803,7879353880462447009,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4892 --field-trial-handle=1924,i,16133020028262964803,7879353880462447009,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2484 --field-trial-handle=1924,i,16133020028262964803,7879353880462447009,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2640 --field-trial-handle=1924,i,16133020028262964803,7879353880462447009,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5024 --field-trial-handle=1924,i,16133020028262964803,7879353880462447009,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5128 --field-trial-handle=1924,i,16133020028262964803,7879353880462447009,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2568 --field-trial-handle=1924,i,16133020028262964803,7879353880462447009,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5352 --field-trial-handle=1924,i,16133020028262964803,7879353880462447009,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5328 --field-trial-handle=1924,i,16133020028262964803,7879353880462447009,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4136 --field-trial-handle=1924,i,16133020028262964803,7879353880462447009,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4824 --field-trial-handle=1924,i,16133020028262964803,7879353880462447009,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5500 --field-trial-handle=1924,i,16133020028262964803,7879353880462447009,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5572 --field-trial-handle=1924,i,16133020028262964803,7879353880462447009,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2668 --field-trial-handle=1924,i,16133020028262964803,7879353880462447009,131072 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\RNQ auto.exe
"C:\Users\Admin\Downloads\RNQ auto.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4412 --field-trial-handle=1924,i,16133020028262964803,7879353880462447009,131072 /prefetch:2
C:\Users\Admin\Downloads\Rnq\svhost.exe
"C:\Users\Admin\Downloads\Rnq\svhost.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Rnq\hid.bat" "
C:\Windows\system32\reg.exe
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /V "magiskhid" /t REG_SZ /F /D "C:\Users\Admin\Downloads\Rnq\magiskhid.exe"
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe"
C:\Windows\SysWOW64\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\hide.txt
C:\Windows\SYSTEM32\CMD.exe
"CMD" /C SchTaSKs /CrEAte /F /sc OnLoGoN /rl HighEst /tn "conhost" /tr "C:\Program Files\Visual c++2020.exe" & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /CrEAte /F /sc OnLoGoN /rl HighEst /tn "conhost" /tr "C:\Program Files\Visual c++2020.exe"
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo 5 /tn "dllhost" /tr "C:\Users\Admin\UserNit.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo 5 /tn "dllhost" /tr "C:\Users\Admin\UserNit.exe" /RL HIGHEST
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\ewar.bat
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\ewar.bat
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcccf6ab58,0x7ffcccf6ab68,0x7ffcccf6ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1680 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2240 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3084 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3092 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3612 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4520 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:8
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4652 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:8
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4672 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4784 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:8
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4284 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4840 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x524 0x504
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3476 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3196 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5096 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5220 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5572 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5708 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5260 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6116 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6032 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6292 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6468 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6492 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6680 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=5456 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=7132 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=6360 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6416 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=6616 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=5112 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=4996 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=2584 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=7928 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=7300 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=8172 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=7696 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=8140 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=7732 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=4860 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=7808 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=7680 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7952 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=4992 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=5992 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=8776 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=8820 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=8748 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=8624 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=6496 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=5720 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=8120 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=5696 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=7116 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=8888 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=4996 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=2748 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=8136 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=8408 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=8468 --field-trial-handle=1940,i,17353547117727739812,15839530375217611191,131072 /prefetch:1
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Windows\Рыгалка.exe
C:\Windows\Рыгалка.exe /WithTokenOf:TrustedInstaller.exe
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Windows\Рыгалка.exe
C:\Windows\Рыгалка.exe /WithTokenOf:TrustedInstaller.exe
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Windows\Рыгалка.exe
C:\Windows\Рыгалка.exe /WithTokenOf:TrustedInstaller.exe
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Windows\Рыгалка.exe
C:\Windows\Рыгалка.exe /WithTokenOf:TrustedInstaller.exe
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Windows\Рыгалка.exe
C:\Windows\Рыгалка.exe /WithTokenOf:TrustedInstaller.exe
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Windows\Рыгалка.exe
C:\Windows\Рыгалка.exe /WithTokenOf:TrustedInstaller.exe
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcccf6ab58,0x7ffcccf6ab68,0x7ffcccf6ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1672 --field-trial-handle=2316,i,15174596051270661363,15287532431028550212,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1764 --field-trial-handle=2316,i,15174596051270661363,15287532431028550212,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1968 --field-trial-handle=2316,i,15174596051270661363,15287532431028550212,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2864 --field-trial-handle=2316,i,15174596051270661363,15287532431028550212,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2872 --field-trial-handle=2316,i,15174596051270661363,15287532431028550212,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4300 --field-trial-handle=2316,i,15174596051270661363,15287532431028550212,131072 /prefetch:1
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4500 --field-trial-handle=2316,i,15174596051270661363,15287532431028550212,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3488 --field-trial-handle=2316,i,15174596051270661363,15287532431028550212,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4680 --field-trial-handle=2316,i,15174596051270661363,15287532431028550212,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4648 --field-trial-handle=2316,i,15174596051270661363,15287532431028550212,131072 /prefetch:8
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4552 --field-trial-handle=2316,i,15174596051270661363,15287532431028550212,131072 /prefetch:1
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4188 --field-trial-handle=2316,i,15174596051270661363,15287532431028550212,131072 /prefetch:8
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5020 --field-trial-handle=2316,i,15174596051270661363,15287532431028550212,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4852 --field-trial-handle=2316,i,15174596051270661363,15287532431028550212,131072 /prefetch:8
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5008 --field-trial-handle=2316,i,15174596051270661363,15287532431028550212,131072 /prefetch:8
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3260 --field-trial-handle=2316,i,15174596051270661363,15287532431028550212,131072 /prefetch:1
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5020 --field-trial-handle=2316,i,15174596051270661363,15287532431028550212,131072 /prefetch:1
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4116 --field-trial-handle=2316,i,15174596051270661363,15287532431028550212,131072 /prefetch:8
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5268 --field-trial-handle=2316,i,15174596051270661363,15287532431028550212,131072 /prefetch:1
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5304 --field-trial-handle=2316,i,15174596051270661363,15287532431028550212,131072 /prefetch:1
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Users\Admin\UserNit.exe
C:\Users\Admin\UserNit.exe
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "svhost" /tr "C:\Program Files\Visual c++2020.exe" /RL HIGHEST
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 46.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.187.206:443 | clients2.google.com | udp |
| GB | 142.250.187.206:443 | clients2.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 142.250.187.238:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | oxy.name | udp |
| US | 104.21.70.24:443 | oxy.name | tcp |
| US | 104.21.70.24:443 | oxy.name | tcp |
| US | 8.8.8.8:53 | oxy.st | udp |
| RU | 185.178.208.137:443 | oxy.st | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | contextual.media.net | udp |
| US | 142.250.69.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 23.200.188.27:443 | contextual.media.net | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | ads.themoneytizer.com | udp |
| US | 8.8.8.8:53 | smatr.net | udp |
| US | 8.8.8.8:53 | cdn.adlook.me | udp |
| US | 8.8.8.8:53 | lg3.media.net | udp |
| NL | 88.208.46.222:443 | smatr.net | tcp |
| US | 172.67.43.178:443 | ads.themoneytizer.com | tcp |
| US | 172.67.43.178:443 | ads.themoneytizer.com | tcp |
| US | 23.220.112.27:443 | lg3.media.net | tcp |
| US | 8.8.8.8:53 | yastatic.net | udp |
| RU | 193.17.93.93:443 | cdn.adlook.me | tcp |
| RU | 178.154.131.215:443 | yastatic.net | tcp |
| RU | 178.154.131.215:443 | yastatic.net | tcp |
| US | 8.8.8.8:53 | cdn.themoneytizer.fr | udp |
| US | 8.8.8.8:53 | ced.sascdn.com | udp |
| US | 8.8.8.8:53 | tag.leadplace.fr | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| GB | 142.250.187.206:443 | clients2.google.com | udp |
| US | 8.8.8.8:53 | 137.208.178.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.70.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | secure.quantserve.com | udp |
| US | 8.8.8.8:53 | adtrack.adleadevent.com | udp |
| US | 8.8.8.8:53 | p.cpx.to | udp |
| US | 8.8.8.8:53 | ogffa.net | udp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.188.200.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.69.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.46.208.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.43.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.112.220.23.in-addr.arpa | udp |
| US | 188.114.97.2:443 | cdn.themoneytizer.fr | tcp |
| FR | 145.239.192.166:443 | tag.leadplace.fr | tcp |
| DE | 51.89.9.252:443 | onetag-sys.com | tcp |
| BE | 2.17.107.178:443 | ced.sascdn.com | tcp |
| US | 8.8.8.8:53 | system-notify.app | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| NL | 88.208.46.222:443 | ogffa.net | tcp |
| RU | 88.212.202.52:443 | counter.yadro.ru | tcp |
| IE | 99.80.69.9:443 | adtrack.adleadevent.com | tcp |
| DE | 91.228.74.244:443 | secure.quantserve.com | tcp |
| IE | 3.255.45.104:443 | p.cpx.to | tcp |
| GB | 142.250.187.206:443 | clients2.google.com | tcp |
| DE | 157.90.33.121:443 | system-notify.app | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.200.10:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | ads.adlook.me | udp |
| RU | 78.140.242.36:443 | ads.adlook.me | tcp |
| US | 8.8.8.8:53 | rules.quantcount.com | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| NL | 185.89.210.46:443 | ib.adnxs.com | tcp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| RU | 78.140.242.36:443 | ads.adlook.me | tcp |
| US | 104.22.53.86:443 | cdn.id5-sync.com | tcp |
| FR | 18.244.28.120:443 | rules.quantcount.com | tcp |
| US | 8.8.8.8:53 | uidsync.net | udp |
| DE | 23.88.8.123:443 | uidsync.net | tcp |
| US | 8.8.8.8:53 | pixel.quantserve.com | udp |
| US | 8.8.8.8:53 | s.cpx.to | udp |
| IE | 63.34.77.99:443 | s.cpx.to | tcp |
| DE | 23.88.8.123:443 | uidsync.net | tcp |
| US | 8.8.8.8:53 | 93.93.17.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.131.154.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.97.114.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.192.239.145.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.9.89.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.69.80.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.45.255.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.74.228.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.202.212.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.33.90.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.242.140.78.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.40.223.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.28.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.53.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.8.88.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.77.34.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| DE | 162.19.138.118:443 | id5-sync.com | tcp |
| DE | 162.19.138.117:443 | id5-sync.com | tcp |
| US | 8.8.8.8:53 | 118.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| NL | 88.208.46.222:443 | ogffa.net | tcp |
| US | 8.8.8.8:53 | download.oxy.st | udp |
| RU | 185.178.208.137:443 | download.oxy.st | tcp |
| RU | 185.178.208.137:443 | download.oxy.st | tcp |
| US | 8.8.8.8:53 | tmzr.themoneytizer.fr | udp |
| US | 172.67.174.127:443 | tmzr.themoneytizer.fr | tcp |
| US | 8.8.8.8:53 | 127.174.67.172.in-addr.arpa | udp |
| US | 23.220.112.27:443 | lg3.media.net | udp |
| DE | 51.89.9.252:443 | onetag-sys.com | udp |
| DE | 157.90.33.121:443 | uidsync.net | tcp |
| NL | 185.89.210.46:443 | ib.adnxs.com | tcp |
| DE | 23.88.8.123:443 | uidsync.net | tcp |
| DE | 23.88.8.123:443 | uidsync.net | tcp |
| DE | 162.19.138.118:443 | id5-sync.com | tcp |
| DE | 162.19.138.117:443 | id5-sync.com | tcp |
| US | 8.8.8.8:53 | s1.oxy.st | udp |
| US | 104.21.234.182:443 | s1.oxy.st | tcp |
| US | 8.8.8.8:53 | 182.234.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lexicon.33across.com | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| DE | 162.19.138.118:443 | id5-sync.com | tcp |
| US | 8.8.8.8:53 | id.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | ww1097.smartadserver.com | udp |
| US | 35.244.193.51:443 | lexicon.33across.com | tcp |
| IE | 54.72.245.162:443 | id.crwdcntrl.net | tcp |
| FR | 91.134.110.129:443 | ww1097.smartadserver.com | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| DE | 162.19.138.117:443 | id5-sync.com | tcp |
| FR | 91.134.110.129:443 | ww1097.smartadserver.com | tcp |
| DE | 162.19.138.118:443 | id5-sync.com | tcp |
| US | 8.8.8.8:53 | 51.193.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.245.72.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.110.134.91.in-addr.arpa | udp |
| FR | 91.134.110.129:443 | ww1097.smartadserver.com | tcp |
| FR | 91.134.110.129:443 | ww1097.smartadserver.com | tcp |
| US | 8.8.8.8:53 | river-visible.gl.at.ply.gg | udp |
| US | 147.185.221.20:18651 | river-visible.gl.at.ply.gg | tcp |
| US | 8.8.8.8:53 | 20.221.185.147.in-addr.arpa | udp |
| US | 147.185.221.20:18651 | river-visible.gl.at.ply.gg | tcp |
| US | 147.185.221.20:18651 | river-visible.gl.at.ply.gg | tcp |
| US | 147.185.221.20:18651 | river-visible.gl.at.ply.gg | tcp |
| US | 147.185.221.20:18651 | river-visible.gl.at.ply.gg | tcp |
| US | 147.185.221.20:18651 | river-visible.gl.at.ply.gg | tcp |
| US | 147.185.221.20:18651 | river-visible.gl.at.ply.gg | tcp |
| US | 8.8.8.8:53 | cxcs.microsoft.net | udp |
| NL | 23.218.70.53:443 | cxcs.microsoft.net | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.70.218.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| GB | 142.250.187.206:443 | clients2.google.com | udp |
| GB | 142.250.187.206:443 | clients2.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| GB | 216.58.204.67:443 | id.google.com | tcp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | en.taiwebs.com | udp |
| US | 104.21.87.138:443 | en.taiwebs.com | tcp |
| US | 104.21.87.138:443 | en.taiwebs.com | tcp |
| US | 8.8.8.8:53 | maxcdn.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | taiwebs.com | udp |
| US | 104.21.87.138:443 | en.taiwebs.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 104.18.11.207:443 | maxcdn.bootstrapcdn.com | tcp |
| US | 188.114.96.2:443 | taiwebs.com | tcp |
| US | 188.114.96.2:443 | taiwebs.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 8.8.8.8:53 | services.vlitag.com | udp |
| US | 188.114.96.2:443 | taiwebs.com | udp |
| US | 172.67.21.227:443 | services.vlitag.com | tcp |
| US | 8.8.8.8:53 | 138.87.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.11.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.96.114.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.24.17.104.in-addr.arpa | udp |
| GB | 142.250.200.10:443 | content-autofill.googleapis.com | udp |
| US | 104.18.11.207:443 | maxcdn.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.179.226:443 | googleads.g.doubleclick.net | tcp |
| US | 172.67.21.227:443 | services.vlitag.com | udp |
| US | 8.8.8.8:53 | cmp.inmobi.com | udp |
| US | 8.8.8.8:53 | s3.vlitag.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | imasdk.googleapis.com | udp |
| FR | 52.222.149.104:443 | cmp.inmobi.com | tcp |
| GB | 142.250.200.10:443 | imasdk.googleapis.com | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 227.21.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.149.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| FR | 52.222.149.104:443 | cmp.inmobi.com | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | px.vliplatform.com | udp |
| US | 104.22.58.199:443 | s3.vlitag.com | udp |
| DE | 141.101.120.11:443 | px.vliplatform.com | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 172.67.21.227:443 | s3.vlitag.com | udp |
| US | 8.8.8.8:53 | api.cmp.inmobi.com | udp |
| DE | 18.157.128.118:443 | api.cmp.inmobi.com | tcp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| US | 8.8.8.8:53 | prebid-eu.creativecdn.com | udp |
| US | 8.8.8.8:53 | bidder.criteo.com | udp |
| US | 8.8.8.8:53 | useast.quantumdex.io | udp |
| US | 8.8.8.8:53 | script.4dex.io | udp |
| DE | 141.101.120.11:443 | px.vliplatform.com | udp |
| NL | 145.40.97.66:443 | prebid.a-mo.net | tcp |
| NL | 145.40.97.66:443 | prebid.a-mo.net | tcp |
| US | 8.8.8.8:53 | pbjs.e-planning.net | udp |
| NL | 145.40.97.66:443 | prebid.a-mo.net | tcp |
| NL | 145.40.97.66:443 | prebid.a-mo.net | tcp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| NL | 185.184.8.90:443 | prebid-eu.creativecdn.com | tcp |
| NL | 185.184.8.90:443 | prebid-eu.creativecdn.com | tcp |
| NL | 185.184.8.90:443 | prebid-eu.creativecdn.com | tcp |
| NL | 185.184.8.90:443 | prebid-eu.creativecdn.com | tcp |
| US | 172.67.42.201:443 | useast.quantumdex.io | tcp |
| US | 172.67.42.201:443 | useast.quantumdex.io | tcp |
| US | 172.67.42.201:443 | useast.quantumdex.io | tcp |
| US | 172.67.42.201:443 | useast.quantumdex.io | tcp |
| US | 104.26.8.169:443 | script.4dex.io | tcp |
| NL | 193.3.178.4:443 | pbjs.e-planning.net | tcp |
| NL | 193.3.178.4:443 | pbjs.e-planning.net | tcp |
| NL | 193.3.178.4:443 | pbjs.e-planning.net | tcp |
| US | 104.26.8.169:443 | script.4dex.io | tcp |
| US | 8.8.8.8:53 | cadmus.script.ac | udp |
| US | 104.18.22.145:443 | cadmus.script.ac | tcp |
| US | 8.8.8.8:53 | 199.58.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.120.101.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.128.157.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.97.40.145.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.8.184.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.42.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.8.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.178.3.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.22.18.104.in-addr.arpa | udp |
| US | 172.67.42.201:443 | useast.quantumdex.io | udp |
| US | 8.8.8.8:53 | dsp.vlitag.com | udp |
| US | 8.8.8.8:53 | adsystem.pocpoc.io | udp |
| US | 8.8.8.8:53 | px.pocpoc.io | udp |
| US | 172.67.75.64:443 | px.pocpoc.io | tcp |
| US | 172.67.75.64:443 | px.pocpoc.io | tcp |
| US | 172.67.75.64:443 | px.pocpoc.io | tcp |
| US | 172.67.75.64:443 | px.pocpoc.io | tcp |
| US | 172.67.75.64:443 | px.pocpoc.io | tcp |
| US | 172.67.75.64:443 | px.pocpoc.io | tcp |
| US | 104.26.14.167:443 | px.pocpoc.io | tcp |
| US | 104.26.14.167:443 | px.pocpoc.io | tcp |
| US | 104.26.14.167:443 | px.pocpoc.io | tcp |
| US | 104.26.14.167:443 | px.pocpoc.io | tcp |
| US | 104.26.14.167:443 | px.pocpoc.io | tcp |
| US | 104.26.14.167:443 | px.pocpoc.io | tcp |
| US | 8.8.8.8:53 | static.vliplatform.com | udp |
| US | 8.8.8.8:53 | odb.outbrain.com | udp |
| FR | 199.232.170.132:443 | odb.outbrain.com | tcp |
| FR | 199.232.170.132:443 | odb.outbrain.com | tcp |
| FR | 199.232.170.132:443 | odb.outbrain.com | tcp |
| FR | 199.232.170.132:443 | odb.outbrain.com | tcp |
| FR | 199.232.170.132:443 | odb.outbrain.com | tcp |
| FR | 199.232.170.132:443 | odb.outbrain.com | tcp |
| FR | 199.232.170.132:443 | odb.outbrain.com | tcp |
| US | 8.8.8.8:53 | 64.75.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.14.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | widgets.outbrain.com | udp |
| US | 8.8.8.8:53 | images.outbrainimg.com | udp |
| US | 23.53.113.140:443 | widgets.outbrain.com | tcp |
| US | 23.53.113.140:443 | widgets.outbrain.com | tcp |
| US | 23.220.113.254:443 | images.outbrainimg.com | tcp |
| US | 23.220.113.254:443 | images.outbrainimg.com | tcp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 8.8.8.8:53 | log.outbrainimg.com | udp |
| US | 8.8.8.8:53 | mcdp-chidc2.outbrain.com | udp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| US | 64.74.236.95:443 | mcdp-chidc2.outbrain.com | tcp |
| US | 64.74.236.95:443 | mcdp-chidc2.outbrain.com | tcp |
| US | 64.74.236.95:443 | mcdp-chidc2.outbrain.com | tcp |
| US | 50.31.142.127:443 | log.outbrainimg.com | tcp |
| US | 50.31.142.127:443 | log.outbrainimg.com | tcp |
| US | 50.31.142.127:443 | log.outbrainimg.com | tcp |
| DE | 51.89.9.252:443 | onetag-sys.com | tcp |
| US | 8.8.8.8:53 | prg-apac.smartadserver.com | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | 132.170.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.113.220.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.236.74.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.142.31.50.in-addr.arpa | udp |
| GB | 142.250.179.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.179.226:443 | googleads.g.doubleclick.net | tcp |
| FR | 5.196.111.65:443 | prg-apac.smartadserver.com | tcp |
| FR | 5.196.111.65:443 | prg-apac.smartadserver.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 65.111.196.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| DE | 162.19.138.118:443 | id5-sync.com | tcp |
| US | 8.8.8.8:53 | id.a-mx.com | udp |
| NL | 79.127.227.46:443 | id.a-mx.com | tcp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| US | 8.8.8.8:53 | sync.quantumdex.io | udp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | s.ad.smaato.net | udp |
| US | 8.8.8.8:53 | pxl.iqm.com | udp |
| US | 8.8.8.8:53 | b1sync.zemanta.com | udp |
| US | 8.8.8.8:53 | rtb-csync.smartadserver.com | udp |
| US | 70.42.32.159:443 | b1sync.zemanta.com | tcp |
| FR | 5.196.111.73:443 | rtb-csync.smartadserver.com | tcp |
| US | 3.229.202.201:443 | pxl.iqm.com | tcp |
| FR | 18.164.52.25:443 | s.ad.smaato.net | tcp |
| DE | 162.19.138.117:443 | id5-sync.com | tcp |
| US | 8.8.8.8:53 | c3.a-mo.net | udp |
| DE | 79.127.216.47:443 | c3.a-mo.net | tcp |
| US | 8.8.8.8:53 | match.sharethrough.com | udp |
| FR | 5.196.111.73:443 | rtb-csync.smartadserver.com | tcp |
| DE | 18.194.142.248:443 | match.sharethrough.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| US | 8.8.8.8:53 | br0wsers.com | udp |
| US | 104.21.75.28:443 | br0wsers.com | tcp |
| US | 104.21.75.28:443 | br0wsers.com | tcp |
| US | 8.8.8.8:53 | ssp.disqus.com | udp |
| US | 8.8.8.8:53 | rtb.mfadsrvr.com | udp |
| US | 8.8.8.8:53 | sync.mathtag.com | udp |
| US | 8.8.8.8:53 | pixel-eu.rubiconproject.com | udp |
| NL | 185.89.210.46:443 | ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | ads.stickyadstv.com | udp |
| US | 8.8.8.8:53 | pixel.rubiconproject.com | udp |
| US | 8.8.8.8:53 | cs.admanmedia.com | udp |
| US | 8.8.8.8:53 | t.adx.opera.com | udp |
| US | 8.8.8.8:53 | ssbsync-global.smartadserver.com | udp |
| US | 35.175.159.193:443 | ssp.disqus.com | tcp |
| US | 8.8.8.8:53 | ssum-sec.casalemedia.com | udp |
| US | 74.121.140.211:443 | sync.mathtag.com | tcp |
| US | 8.8.8.8:53 | image8.pubmatic.com | udp |
| NL | 69.173.156.148:443 | pixel.rubiconproject.com | tcp |
| US | 80.77.87.163:443 | cs.admanmedia.com | tcp |
| NL | 82.145.213.8:443 | t.adx.opera.com | tcp |
| NL | 69.173.156.148:443 | pixel.rubiconproject.com | tcp |
| NL | 154.57.158.115:443 | ads.stickyadstv.com | tcp |
| US | 8.8.8.8:53 | sync.adkernel.com | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | s.amazon-adsystem.com | udp |
| FR | 51.178.195.213:443 | ssbsync-global.smartadserver.com | tcp |
| US | 172.64.151.101:443 | ssum-sec.casalemedia.com | tcp |
| US | 172.67.40.173:443 | spl.zeotap.com | tcp |
| GB | 185.64.191.214:443 | image8.pubmatic.com | tcp |
| NL | 77.245.57.72:443 | sync.adkernel.com | tcp |
| US | 52.46.130.91:443 | s.amazon-adsystem.com | tcp |
| DE | 18.192.161.231:443 | rtb.mfadsrvr.com | tcp |
| GB | 172.217.169.2:443 | cm.g.doubleclick.net | tcp |
| GB | 172.217.169.2:443 | cm.g.doubleclick.net | tcp |
| US | 172.64.151.101:443 | ssum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | 46.227.127.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.111.196.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.52.164.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.32.42.70.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.202.229.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.216.127.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.149.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.142.194.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.75.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.213.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.158.57.154.in-addr.arpa | udp |
| US | 80.77.87.163:443 | cs.admanmedia.com | tcp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 23.53.112.234:443 | ads.pubmatic.com | tcp |
| US | 8.8.8.8:53 | sync.1rx.io | udp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| NL | 77.245.57.72:443 | sync.adkernel.com | tcp |
| NL | 77.245.57.72:443 | sync.adkernel.com | tcp |
| NL | 77.245.57.72:443 | sync.adkernel.com | tcp |
| GB | 172.217.169.2:443 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | cs-server-s2s.yellowblue.io | udp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| US | 3.228.191.36:443 | cs-server-s2s.yellowblue.io | tcp |
| US | 104.18.11.207:443 | maxcdn.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | img.softwaresblue.com | udp |
| US | 104.21.75.28:443 | br0wsers.com | udp |
| US | 172.67.155.52:443 | img.softwaresblue.com | tcp |
| US | 172.67.155.52:443 | img.softwaresblue.com | tcp |
| US | 172.67.155.52:443 | img.softwaresblue.com | tcp |
| US | 8.8.8.8:53 | ads.betweendigital.com | udp |
| NL | 188.42.191.196:443 | ads.betweendigital.com | tcp |
| US | 172.67.155.52:443 | img.softwaresblue.com | udp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | tcp |
| US | 8.8.8.8:53 | 213.195.178.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.151.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.40.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.159.175.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.191.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.140.121.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.57.245.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.161.192.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.130.46.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.112.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.174.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.191.228.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.155.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.191.42.188.in-addr.arpa | udp |
| GB | 142.250.179.226:443 | googleads.g.doubleclick.net | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | udp |
| GB | 142.250.200.10:443 | imasdk.googleapis.com | udp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| US | 3.165.118.121:443 | c.amazon-adsystem.com | tcp |
| US | 147.185.221.20:18651 | river-visible.gl.at.ply.gg | tcp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | udp |
| US | 3.165.118.121:443 | c.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| FR | 52.84.174.60:443 | config.aps.amazon-adsystem.com | tcp |
| FR | 3.162.36.191:443 | aax.amazon-adsystem.com | tcp |
| FR | 3.162.36.191:443 | aax.amazon-adsystem.com | tcp |
| FR | 3.162.36.191:443 | aax.amazon-adsystem.com | tcp |
| FR | 3.162.36.191:443 | aax.amazon-adsystem.com | tcp |
| FR | 3.162.36.191:443 | aax.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | 163.87.77.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.118.165.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.174.84.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.36.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | eb2.3lift.com | udp |
| US | 76.223.111.18:443 | eb2.3lift.com | tcp |
| US | 8.8.8.8:53 | eexsync.com | udp |
| US | 80.77.87.108:443 | eexsync.com | tcp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| IE | 3.248.69.24:443 | ap.lijit.com | tcp |
| US | 8.8.8.8:53 | i.liadm.com | udp |
| US | 8.8.8.8:53 | image2.pubmatic.com | udp |
| US | 44.195.167.64:443 | i.liadm.com | tcp |
| GB | 185.64.191.210:443 | image2.pubmatic.com | tcp |
| US | 8.8.8.8:53 | ups.analytics.yahoo.com | udp |
| DE | 3.71.149.231:443 | ups.analytics.yahoo.com | tcp |
| US | 8.8.8.8:53 | vid.vidoomy.com | udp |
| GB | 195.181.164.15:443 | vid.vidoomy.com | tcp |
| US | 8.8.8.8:53 | cache.betweendigital.com | udp |
| US | 8.8.8.8:53 | crt.sectigo.com | udp |
| DE | 151.236.118.146:443 | cache.betweendigital.com | tcp |
| US | 172.64.149.23:80 | crt.sectigo.com | tcp |
| US | 8.8.8.8:53 | 18.111.223.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.87.77.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.69.248.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.191.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.167.195.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.149.71.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.181.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | image6.pubmatic.com | udp |
| GB | 185.64.190.78:443 | image6.pubmatic.com | tcp |
| US | 147.185.221.20:18651 | river-visible.gl.at.ply.gg | tcp |
| US | 8.8.8.8:53 | px.ads.linkedin.com | udp |
| US | 8.8.8.8:53 | pixel-sync.sitescout.com | udp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | tcp |
| US | 8.8.8.8:53 | dis.criteo.com | udp |
| US | 13.107.42.14:443 | px.ads.linkedin.com | tcp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| US | 8.8.8.8:53 | sync.bumlam.com | udp |
| IE | 67.220.224.150:443 | aax-eu.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | p.rfihub.com | udp |
| DE | 31.172.81.147:443 | sync.bumlam.com | tcp |
| NL | 193.0.160.131:443 | p.rfihub.com | tcp |
| US | 8.8.8.8:53 | simage2.pubmatic.com | udp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | udp |
| NL | 198.47.127.205:443 | simage2.pubmatic.com | tcp |
| NL | 198.47.127.205:443 | simage2.pubmatic.com | tcp |
| US | 8.8.8.8:53 | cms.quantserve.com | udp |
| DE | 91.228.74.159:443 | cms.quantserve.com | tcp |
| US | 8.8.8.8:53 | sync.crwdcntrl.net | udp |
| IE | 52.48.212.10:443 | sync.crwdcntrl.net | tcp |
| IE | 52.48.212.10:443 | sync.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | dsum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | pr-bh.ybp.yahoo.com | udp |
| IE | 63.32.137.205:443 | pr-bh.ybp.yahoo.com | tcp |
| US | 8.8.8.8:53 | x01.aidata.io | udp |
| RU | 89.108.119.43:443 | x01.aidata.io | tcp |
| US | 8.8.8.8:53 | sync.adotmob.com | udp |
| US | 8.8.8.8:53 | cm.smadex.com | udp |
| US | 8.8.8.8:53 | cr.frontend.weborama.fr | udp |
| US | 8.8.8.8:53 | pixel.tapad.com | udp |
| FR | 45.137.176.88:443 | sync.adotmob.com | tcp |
| FR | 52.84.174.95:443 | cm.smadex.com | tcp |
| US | 34.111.129.221:443 | cr.frontend.weborama.fr | tcp |
| US | 34.111.113.62:443 | pixel.tapad.com | tcp |
| US | 8.8.8.8:53 | 146.118.236.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.216.36.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.42.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.81.172.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.160.0.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.127.47.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.74.228.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.212.48.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.137.32.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sync.srv.stackadapt.com | udp |
| US | 54.159.1.74:443 | sync.srv.stackadapt.com | tcp |
| US | 54.159.1.74:443 | sync.srv.stackadapt.com | tcp |
| US | 8.8.8.8:53 | mwzeom.zeotap.com | udp |
| US | 34.111.129.221:443 | cr.frontend.weborama.fr | udp |
| US | 8.8.8.8:53 | csync.loopme.me | udp |
| US | 8.8.8.8:53 | an.yandex.ru | udp |
| NL | 35.214.198.101:443 | csync.loopme.me | tcp |
| RU | 213.180.193.90:443 | an.yandex.ru | tcp |
| US | 8.8.8.8:53 | um.simpli.fi | udp |
| NL | 35.204.74.118:443 | um.simpli.fi | tcp |
| US | 8.8.8.8:53 | c1.adform.net | udp |
| US | 8.8.8.8:53 | yandex.ru | udp |
| RU | 77.88.55.88:443 | yandex.ru | tcp |
| DK | 37.157.4.28:443 | c1.adform.net | tcp |
| US | 8.8.8.8:53 | image4.pubmatic.com | udp |
| GB | 185.64.190.81:443 | image4.pubmatic.com | tcp |
| US | 8.8.8.8:53 | 43.119.108.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.176.137.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.174.84.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.129.111.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.113.111.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.1.159.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.198.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.193.180.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.74.204.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.4.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.55.88.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | secure-assets.rubiconproject.com | udp |
| NL | 23.38.25.148:443 | secure-assets.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | eus.rubiconproject.com | udp |
| BE | 23.55.98.169:443 | eus.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | simage4.pubmatic.com | udp |
| NL | 198.47.127.20:443 | simage4.pubmatic.com | tcp |
| US | 8.8.8.8:53 | www.tns-counter.ru | udp |
| RU | 194.226.130.226:443 | www.tns-counter.ru | tcp |
| US | 8.8.8.8:53 | token.rubiconproject.com | udp |
| NL | 69.173.156.149:443 | token.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | 81.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.25.38.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.98.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.127.47.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.130.226.194.in-addr.arpa | udp |
| NL | 69.173.156.149:443 | token.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | 149.156.173.69.in-addr.arpa | udp |
| NL | 69.173.156.148:443 | token.rubiconproject.com | tcp |
| US | 52.46.130.91:443 | s.amazon-adsystem.com | tcp |
| US | 52.46.130.91:443 | s.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | match.prod.bidr.io | udp |
| IE | 34.253.242.146:443 | match.prod.bidr.io | tcp |
| US | 8.8.8.8:53 | live.primis.tech | udp |
| FR | 52.222.201.106:443 | live.primis.tech | tcp |
| US | 8.8.8.8:53 | dsp.nrich.ai | udp |
| FR | 51.68.39.188:443 | dsp.nrich.ai | tcp |
| US | 8.8.8.8:53 | dsp.adfarm1.adition.com | udp |
| DE | 85.114.159.118:443 | dsp.adfarm1.adition.com | tcp |
| US | 8.8.8.8:53 | 146.242.253.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.39.68.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.159.114.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ad.mrtnsvr.com | udp |
| US | 34.102.163.6:443 | ad.mrtnsvr.com | tcp |
| US | 34.102.163.6:443 | ad.mrtnsvr.com | tcp |
| US | 8.8.8.8:53 | sync-tm.everesttech.net | udp |
| US | 151.101.2.49:443 | sync-tm.everesttech.net | tcp |
| US | 8.8.8.8:53 | uipglob.semasio.net | udp |
| US | 8.8.8.8:53 | pixel.onaudience.com | udp |
| DK | 77.243.51.121:443 | uipglob.semasio.net | tcp |
| FR | 141.94.170.77:443 | pixel.onaudience.com | tcp |
| US | 8.8.8.8:53 | bh.contextweb.com | udp |
| US | 8.8.8.8:53 | capi.connatix.com | udp |
| NL | 208.93.169.131:443 | bh.contextweb.com | tcp |
| US | 172.64.146.152:443 | capi.connatix.com | tcp |
| US | 8.8.8.8:53 | sync.ipredictive.com | udp |
| US | 8.8.8.8:53 | creativecdn.com | udp |
| US | 54.147.46.253:443 | sync.ipredictive.com | tcp |
| US | 8.8.8.8:53 | pubmatic-match.dotomi.com | udp |
| NL | 89.207.16.204:443 | pubmatic-match.dotomi.com | tcp |
| US | 8.8.8.8:53 | 6.163.102.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.170.94.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.51.243.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.169.93.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.146.64.172.in-addr.arpa | udp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| US | 8.8.8.8:53 | mp.4dex.io | udp |
| US | 8.8.8.8:53 | targeting.unrulymedia.com | udp |
| US | 8.8.8.8:53 | hb.aralego.com | udp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| US | 104.18.34.178:443 | mp.4dex.io | tcp |
| US | 104.18.34.178:443 | mp.4dex.io | tcp |
| US | 104.18.34.178:443 | mp.4dex.io | tcp |
| US | 192.96.203.13:443 | hb.aralego.com | tcp |
| US | 192.96.203.13:443 | hb.aralego.com | tcp |
| US | 8.8.8.8:53 | 253.46.147.54.in-addr.arpa | udp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| US | 8.8.8.8:53 | 204.16.207.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.34.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.174.228.46.in-addr.arpa | udp |
| GB | 142.250.179.226:443 | googleads.g.doubleclick.net | udp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| US | 192.96.203.13:443 | hb.aralego.com | tcp |
| US | 192.96.203.13:443 | hb.aralego.com | tcp |
| US | 192.96.203.13:443 | hb.aralego.com | tcp |
| US | 8.8.8.8:53 | s0.2mdn.net | udp |
| GB | 216.58.204.70:443 | s0.2mdn.net | tcp |
| US | 192.96.203.13:443 | hb.aralego.com | tcp |
| US | 192.96.203.13:443 | hb.aralego.com | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| US | 8.8.8.8:53 | csi.gstatic.com | udp |
| US | 8.8.8.8:53 | quantumsyndication.com | udp |
| US | 216.239.32.3:443 | csi.gstatic.com | tcp |
| US | 8.8.8.8:53 | 13.203.96.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.204.58.216.in-addr.arpa | udp |
| US | 104.26.7.132:443 | quantumsyndication.com | tcp |
| US | 8.8.8.8:53 | pbc.vliplatform.com | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 172.67.75.64:443 | px.pocpoc.io | udp |
| US | 104.26.14.167:443 | px.pocpoc.io | udp |
| US | 216.239.32.3:443 | csi.gstatic.com | udp |
| US | 8.8.8.8:53 | bid.g.doubleclick.net | udp |
| BE | 66.102.1.156:443 | bid.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | ssp-ads.nl3.eu.criteo.com | udp |
| NL | 178.250.1.46:443 | ssp-ads.nl3.eu.criteo.com | tcp |
| US | 8.8.8.8:53 | 3.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.7.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.1.102.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gcdn.2mdn.net | udp |
| GB | 142.250.178.14:443 | gcdn.2mdn.net | tcp |
| BE | 66.102.1.156:443 | bid.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | r3---sn-aigl6n6s.c.2mdn.net | udp |
| GB | 173.194.3.72:443 | r3---sn-aigl6n6s.c.2mdn.net | tcp |
| US | 50.31.142.127:443 | log.outbrainimg.com | tcp |
| US | 64.74.236.95:443 | mcdp-chidc2.outbrain.com | tcp |
| GB | 142.250.178.14:443 | gcdn.2mdn.net | udp |
| US | 8.8.8.8:53 | r4---sn-aigl6nsd.c.2mdn.net | udp |
| GB | 74.125.105.41:443 | r4---sn-aigl6nsd.c.2mdn.net | tcp |
| US | 104.26.7.132:443 | quantumsyndication.com | udp |
| US | 8.8.8.8:53 | ghent-gce-sc.bidswitch.net | udp |
| US | 8.8.8.8:53 | googleads4.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | ade.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 46.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.3.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.105.125.74.in-addr.arpa | udp |
| NL | 35.214.198.101:443 | csync.loopme.me | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| NL | 79.127.227.46:443 | c3.a-mo.net | tcp |
| US | 8.8.8.8:53 | cdn.aralego.net | udp |
| US | 8.8.8.8:53 | cat.nl3.eu.criteo.com | udp |
| US | 35.211.200.231:443 | ghent-gce-sc.bidswitch.net | tcp |
| US | 8.8.8.8:53 | media.grid.bidswitch.net | udp |
| US | 104.26.5.103:443 | cdn.aralego.net | tcp |
| US | 35.211.200.231:443 | ghent-gce-sc.bidswitch.net | tcp |
| US | 8.8.8.8:53 | grid-mercury.criteo.com | udp |
| US | 8.8.8.8:53 | stags.bluekai.com | udp |
| GB | 142.250.200.2:443 | ade.googlesyndication.com | tcp |
| GB | 142.250.200.2:443 | ade.googlesyndication.com | tcp |
| GB | 142.250.200.2:443 | ade.googlesyndication.com | tcp |
| GB | 142.250.200.2:443 | ade.googlesyndication.com | tcp |
| GB | 216.58.212.194:443 | googleads4.g.doubleclick.net | tcp |
| GB | 216.58.212.194:443 | googleads4.g.doubleclick.net | tcp |
| NL | 178.250.1.39:443 | grid-mercury.criteo.com | tcp |
| NL | 178.250.1.6:443 | cat.nl3.eu.criteo.com | tcp |
| BE | 23.55.96.210:443 | stags.bluekai.com | tcp |
| NL | 35.214.200.194:443 | media.grid.bidswitch.net | tcp |
| NL | 35.214.200.194:443 | media.grid.bidswitch.net | tcp |
| US | 8.8.8.8:53 | adx.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 103.5.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.200.211.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.96.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.200.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sync.aralego.com | udp |
| US | 162.210.196.208:443 | sync.aralego.com | tcp |
| US | 8.8.8.8:53 | assets.a-mo.net | udp |
| US | 104.19.158.19:443 | assets.a-mo.net | tcp |
| US | 8.8.8.8:53 | ssbsync.smartadserver.com | udp |
| FR | 178.32.210.231:443 | ssbsync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | 208.196.210.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.158.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.210.32.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pulsepoint-match.dotomi.com | udp |
| US | 8.8.8.8:53 | amazon-tam-match.dotomi.com | udp |
| NL | 89.207.16.137:443 | pulsepoint-match.dotomi.com | tcp |
| NL | 63.215.202.140:443 | amazon-tam-match.dotomi.com | tcp |
| IE | 67.220.224.150:443 | aax-eu.amazon-adsystem.com | tcp |
| GB | 142.250.200.2:443 | ade.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 137.16.207.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.202.215.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rtb.openx.net | udp |
| US | 8.8.8.8:53 | ghent-gce-nl.bidswitch.net | udp |
| US | 8.8.8.8:53 | cm.adform.net | udp |
| US | 8.8.8.8:53 | ssum.casalemedia.com | udp |
| US | 35.186.253.211:443 | rtb.openx.net | tcp |
| NL | 35.214.230.116:443 | ghent-gce-nl.bidswitch.net | tcp |
| US | 8.8.8.8:53 | ad.turn.com | udp |
| US | 8.8.8.8:53 | pb-am.a-mo.net | udp |
| NL | 147.75.84.158:443 | pb-am.a-mo.net | tcp |
| DK | 37.157.6.232:443 | cm.adform.net | tcp |
| NL | 46.228.164.11:443 | ad.turn.com | tcp |
| US | 8.8.8.8:53 | sync.a-mo.net | udp |
| US | 35.186.253.211:443 | rtb.openx.net | udp |
| NL | 145.40.97.66:443 | sync.a-mo.net | tcp |
| NL | 145.40.97.66:443 | sync.a-mo.net | tcp |
| NL | 145.40.97.66:443 | sync.a-mo.net | tcp |
| NL | 145.40.97.66:443 | sync.a-mo.net | tcp |
| NL | 145.40.97.66:443 | sync.a-mo.net | tcp |
| NL | 145.40.97.66:443 | sync.a-mo.net | tcp |
| US | 8.8.8.8:53 | match.adsby.bidtheatre.com | udp |
| NL | 64.227.64.62:443 | match.adsby.bidtheatre.com | tcp |
| US | 8.8.8.8:53 | 211.253.186.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.230.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.84.75.147.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.6.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.164.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.64.227.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | id.rtb.mx | udp |
| US | 8.8.8.8:53 | ow.pubmatic.com | udp |
| DE | 79.127.216.47:443 | id.rtb.mx | tcp |
| NL | 35.214.230.116:443 | ghent-gce-nl.bidswitch.net | tcp |
| NL | 185.64.189.116:443 | ow.pubmatic.com | tcp |
| GB | 216.58.212.194:443 | googleads4.g.doubleclick.net | udp |
| GB | 216.58.204.70:443 | s0.2mdn.net | udp |
| US | 8.8.8.8:53 | 116.189.64.185.in-addr.arpa | udp |
| GB | 89.187.167.7:443 | vpaid.vidoomy.com | tcp |
| US | 8.8.8.8:53 | sonata-notifications.taptapnetworks.com | udp |
| US | 8.8.8.8:53 | a.vidoomy.com | udp |
| DE | 52.28.34.225:443 | sonata-notifications.taptapnetworks.com | tcp |
| ES | 212.36.83.245:443 | a.vidoomy.com | tcp |
| ES | 212.36.83.245:443 | a.vidoomy.com | tcp |
| US | 8.8.8.8:53 | 7.167.187.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.83.36.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | free.webcompanion.com | udp |
| US | 45.63.66.114:443 | free.webcompanion.com | tcp |
| US | 45.63.66.114:443 | free.webcompanion.com | tcp |
| US | 147.185.221.20:18651 | river-visible.gl.at.ply.gg | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | udp |
| US | 45.63.66.114:443 | free.webcompanion.com | tcp |
| US | 45.63.66.114:443 | free.webcompanion.com | tcp |
| US | 45.63.66.114:443 | free.webcompanion.com | tcp |
| US | 8.8.8.8:53 | 114.66.63.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| US | 104.19.177.52:443 | cdn.cookielaw.org | tcp |
| US | 8.8.8.8:53 | 52.177.19.104.in-addr.arpa | udp |
| US | 45.63.66.114:443 | free.webcompanion.com | tcp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | udp |
| US | 104.19.177.52:443 | cdn.cookielaw.org | tcp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 104.18.32.137:443 | geolocation.onetrust.com | tcp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.32.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.clarity.ms | udp |
| US | 8.8.8.8:53 | x.clarity.ms | udp |
| IE | 68.219.88.97:443 | c.clarity.ms | tcp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| US | 8.8.8.8:53 | csm.nl3.eu.criteo.net | udp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| NL | 178.250.1.25:443 | csm.nl3.eu.criteo.net | tcp |
| US | 204.79.197.237:443 | c.bing.com | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| BE | 74.125.71.157:443 | stats.g.doubleclick.net | tcp |
| GB | 142.250.200.10:443 | imasdk.googleapis.com | udp |
| US | 8.8.8.8:53 | 97.88.219.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.190.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.71.125.74.in-addr.arpa | udp |
| NL | 35.214.198.101:443 | csync.loopme.me | tcp |
| US | 8.8.8.8:53 | d5p.de17a.com | udp |
| SE | 213.155.156.182:443 | d5p.de17a.com | tcp |
| US | 8.8.8.8:53 | cm-supply-web.gammaplatform.com | udp |
| SG | 35.186.154.107:443 | cm-supply-web.gammaplatform.com | tcp |
| US | 35.186.193.173:443 | ipac.ctnsnet.com | tcp |
| US | 8.8.8.8:53 | core.iprom.net | udp |
| SI | 195.5.165.20:443 | core.iprom.net | tcp |
| SG | 35.186.154.107:443 | cm-supply-web.gammaplatform.com | tcp |
| US | 8.8.8.8:53 | green.erne.co | udp |
| FR | 141.94.242.204:443 | green.erne.co | tcp |
| US | 8.8.8.8:53 | 182.156.155.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.193.186.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.165.5.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cm.adgrx.com | udp |
| IE | 54.217.19.5:443 | cm.adgrx.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| US | 8.8.8.8:53 | pixel-eu.onaudience.com | udp |
| US | 8.8.8.8:53 | a.tribalfusion.com | udp |
| FR | 141.94.171.216:443 | pixel-eu.onaudience.com | tcp |
| US | 104.18.24.173:443 | a.tribalfusion.com | tcp |
| US | 8.8.8.8:53 | ps.eyeota.net | udp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| DE | 3.122.214.165:443 | ps.eyeota.net | tcp |
| US | 8.8.8.8:53 | s.tribalfusion.com | udp |
| NL | 46.228.164.11:443 | ad.turn.com | tcp |
| US | 8.8.8.8:53 | sync.targeting.unrulymedia.com | udp |
| NL | 46.228.174.117:443 | sync.targeting.unrulymedia.com | tcp |
| US | 8.8.8.8:53 | 204.242.94.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.19.217.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.171.94.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.24.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.214.122.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | privacyportal-eu.onetrust.com | udp |
| US | 104.18.32.137:443 | privacyportal-eu.onetrust.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.187.206:443 | clients2.google.com | udp |
| GB | 142.250.187.206:443 | clients2.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 216.58.204.67:443 | id.google.com | udp |
| US | 104.21.87.138:443 | en.taiwebs.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn2.gstatic.com | udp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.180.14:443 | encrypted-tbn2.gstatic.com | tcp |
| US | 8.8.8.8:53 | 14.180.250.142.in-addr.arpa | udp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | udp |
| US | 104.18.11.207:443 | maxcdn.bootstrapcdn.com | udp |
| US | 188.114.96.2:443 | taiwebs.com | udp |
| US | 104.21.87.138:443 | en.taiwebs.com | udp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | services.vlitag.com | udp |
| US | 172.67.21.227:445 | services.vlitag.com | tcp |
| US | 104.18.11.207:443 | maxcdn.bootstrapcdn.com | udp |
| GB | 142.250.179.226:443 | adx.g.doubleclick.net | udp |
| US | 104.18.11.207:443 | maxcdn.bootstrapcdn.com | tcp |
| US | 104.22.59.199:445 | services.vlitag.com | tcp |
| US | 104.22.58.199:445 | services.vlitag.com | tcp |
| US | 172.67.21.227:139 | services.vlitag.com | tcp |
| US | 104.21.75.28:443 | br0wsers.com | udp |
| US | 172.67.155.52:443 | img.softwaresblue.com | udp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | udp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | tcp |
| GB | 142.250.179.226:443 | adx.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| GB | 142.250.179.226:443 | adx.g.doubleclick.net | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
Files
\??\pipe\crashpad_3616_RWKMMPLOGFPGDNKK
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 22f766927df8106abe4cbfbbb3dad9a9 |
| SHA1 | 8fbea63a5b8711a96cac89865cd7dbac7b7ebd5c |
| SHA256 | 8ca020d022304a022b467b7906b599e21ae349a9353f2c465ab1042fed634d60 |
| SHA512 | 413d3af0d2a475f464170ea54a9530ca75d16d00b78d5be50b01a1dc4062a7b7ca8c9ea210da7187b8c210ab67e32e3e3ed48f07100fe91b0bc8f6f686129a1c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 316676234c93b29e5fc30dbf44cf1cab |
| SHA1 | 2373d2e24a2ab881d56e52227d99316d9d435b94 |
| SHA256 | 6736c7c9daa689507fd36e2c6d92fa2e75cfdbea0f2c4738c646a998d2093598 |
| SHA512 | f3f26df532e932b38142097616ee81425cfe4e6b6739bc59707f5a879508f0e1c6d0d5420664507ab460074327983878b5b12614f0cae0d3546b126e5bb9f268 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d0d602eaeecbe90b35d7f53b0d692303 |
| SHA1 | 9ce27388d1720ef372e261dd1f6e801c826aaa95 |
| SHA256 | 35c39cd5dc4878201a75510ea391d18ae2c4ee9b2cb34b33c90e9554f47cf4ba |
| SHA512 | 916c9caaacccf8e65d1187a3e1ca132abe162cd9c406f39fd7976b03b6c083ad3dacd4cfecfbb1721f37543b283970dba47088a4c21cfd6fe99bfcf6e6fa6373 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 3904cece7ecc561b5c436743b410caae |
| SHA1 | aacbca00d946004805b034ec619e88c0337578a7 |
| SHA256 | 49b90b6147a88e47c63df999b4f636b31f2aa91286cfa5c544e120437b554ee5 |
| SHA512 | 8b953d092370d9b5cc5f14e34e4ec52094b5b38d05c5dcf1d7b7a9e096e2c2663fc2cdb66c4b870ac711cac247113a5f21bcadf6b5abe0e740b092fb7ab920de |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 73a88602c7ce25bcefc3c87e22097b5a |
| SHA1 | a8ed11477774956f52a1b977d5f0177b8f79847a |
| SHA256 | bbc7b7898fc4f3c7fa412533d23375f52c5f9d13a6000cfc94cc09b3f9cd7af0 |
| SHA512 | c843be9c0a43298e07a0efff8d19bb8f29e6e5116d32179070633ab054003ffc624c5fa1fa56ab8846d1089ffac38f8115fc197d8ea56c66f29c7b5275491b7b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d3b224f86c1134a752b367d1e6f5a6d4 |
| SHA1 | 338c50c64f5fb954b23a7a3848592fc949be8753 |
| SHA256 | 0f9bb4c8608fd0cc16c0ee726582ac8b9c19ad7dde042ffeacf178882ea72ef6 |
| SHA512 | 8b195b90e11517440c59546a27b8044da239a25b0b7978e22191f83b611028b9807237e89a3953787307a25952a4e6edf5f4688c7f6092298aae00647adf6da8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 55169f95ebd40c48f57c3f6c076b914e |
| SHA1 | 5579e7f02d2306bb93ad44643423451f3d01349c |
| SHA256 | ea2f1054dee7881960e124e715d425df2c9027cefe448e67a711de2fe62ede1f |
| SHA512 | c5d49e2fe43e2299b5bea6857af08f2ff5336996b4b488baa08aa2f6a8986cdff011900ac32a45ad84e97c6a9a392df3db0b1891072b6e4a3f2e8ef7f2645efa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e03b9322900c22f371c3ee7025ff1bf7 |
| SHA1 | cfcd8b79495ba5a9c5eb46ea970ada4930706c7d |
| SHA256 | 95e9a440030a452e8bac8062a318be4fe726a78bacfa4ab4dd478b7e7095f673 |
| SHA512 | 170271bc126f08b085bb3062395ed00d52c22cbeac53cdb210818477ccc24c8790ad179817321454cd5843926e9b2934b2ddaaca6b6120109f91d0cee09cfdaa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 65bd542def6cced64edff778657b4a26 |
| SHA1 | 1fcdd7952a10856c47369cc268ba63faf4339308 |
| SHA256 | 728712aca2aa18678a7942f60c513c0cc492165be6eb3b2c8e8fe745f1408be1 |
| SHA512 | 6b9b2cfdc7afb11149fd2e129b5ac30eaa36e5f97c015ac913bbe63ec6612fa5b512152da44043be00aa0c78693300dc7e8fd04aed4b93fb0a568008509fd955 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_download.oxy.st_0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_oxy.st_0.indexeddb.leveldb\MANIFEST-000001
| MD5 | 3fd11ff447c1ee23538dc4d9724427a3 |
| SHA1 | 1335e6f71cc4e3cf7025233523b4760f8893e9c9 |
| SHA256 | 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed |
| SHA512 | 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e35ce773a70247c977b06fab8cc9175c |
| SHA1 | fde646be9f440df780859b4e0aa1b54dc76799c8 |
| SHA256 | 87d818a2ca1aee176564487a5814316ca21f701889bc77bcd5e53832f38934ad |
| SHA512 | 9011e1d0f8187fba6eee8a12632de49de216af96a993874197863aedd4e795d62f92317c12325984e6542cd96700ae207fecff764c9005c65221b8d01324c216 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ec050e68a8e3deb88b71e1c5dc354f9d |
| SHA1 | 416a2017a14cc0f516a5c39915b0391104acec26 |
| SHA256 | 0ebf4b217b0eaa0427704d209258cd2c69728ae4ee8f3fcc2b4ae082abbf1c26 |
| SHA512 | cfdcdc78208cc979929ea9f558d4d43345daf40ab2fdfc1748e70491d4b333130cb3ebe88d2e4cd2a097875b7260a91f18b000b8f9c22943cb567600577d7802 |
C:\Users\Admin\Downloads\Unconfirmed 950543.crdownload
| MD5 | 9a53b8febfa6fe55e47a560da3a52e50 |
| SHA1 | 94fc3086a06970d688c6a28c41788b4f6660b5fd |
| SHA256 | d919a0e0808f7033cec5f5489c735650ec41034823fe5f8b380f21b195303518 |
| SHA512 | a90eabc2d2edb636b8cc3557344bb5721a83406b388ff112502ebc6ddd43d98b507f894141098120c632aaa4f55cc1b9c97fab463d415b3593887f4584100cd6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9548279ed95c13dd03213a1a87137abd |
| SHA1 | 3c866fea989e4dca86c9375c140305fd704af8de |
| SHA256 | 30da20bcb4538c67ec823d21b7317ebcb303d7c409a557d7daf68d245a6b3652 |
| SHA512 | d38d57543a2328447717910b6df977bfe941afb90172903adccf5febcdaa1514aa38c5135ff8a2b6a01a7053f87b3ae0464435f6bac585dcef05c9f1f4db7d11 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | a3124bd673b8a32c979dd2a6e63a7621 |
| SHA1 | 46232fa53c3beb6e6c3c0c0884364277a018f718 |
| SHA256 | 79df66406f65892ba3e8699bb78eccc195b3a6197ced62b4a8e9545b5c7eccde |
| SHA512 | 8480d18b50b24f820ce49321f3721709949fb0d390ef191cbe87d48eae00681e17f5765d7d75ee29ad4f675da748f3bac726b1296efd0be0bb2b9479bb162d0c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e50dc1a0607f5e02455403a7a5d933ff |
| SHA1 | ccebdaa7a574541bc76e41613f7651cdd253af0b |
| SHA256 | 7f7709578330ba825094b8435c7788a4318e7b7040df88f42ec602ed10cf9c3f |
| SHA512 | 9039636cb112b5e27199d881c323243c188b412f319ea088b7e417944cb85b47cfd67f5e6424341ed49bdc63eb61572f39ffda96c1369181be4da610d2c5c9f5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f1bc2a43b317b83c2880917a4a4dafe3 |
| SHA1 | d68e35b410846c29852d54eb1e07adaa5a5e61b5 |
| SHA256 | 9445f9ffc96c96e1edb034a7d96be4249ee67f6187de02c82ef16c070b083469 |
| SHA512 | 4310e9c17d16f2cc6c21eef96a420868e9501b3e42491eac3f177fe5e3e099dd19f507403ac488da989aeb8449da6faf2a5f489f0cbc290ae8b0ef77431d99f8 |
C:\Users\Admin\Downloads\Rnq\svhost.exe
| MD5 | 478ab7081d3c260dbdc76e5c9ff6fa03 |
| SHA1 | b8b9235ca3a9f5912139be095b9e1e455f9080a1 |
| SHA256 | 886759a396b301a72e1cdf9eb0db9c4e884ea10f30b54dfc1ba2841f455156c1 |
| SHA512 | dcf49c0f339dba86cf18e4276cb471be1afdf3db253a4013df28d8ae9c557f3080e4a6c980a306ad86bbe09521281f0a651102f2dd017cd193803430ff5bc586 |
C:\Users\Admin\Downloads\Rnq\hid.bat
| MD5 | 604560862301f2b4c8b3f8e028d38225 |
| SHA1 | aa6f403f5810bcb7343bf405a99e6873b5d41872 |
| SHA256 | eea2b135206044c2c3497b606d842ae457907bd5602e037cedec8ec2ecc758db |
| SHA512 | b3d494aae0ee7ba5976f2b4bf1b576dfc2bf8d0528466314183949de8e998fb27f65e2cb2c3cc0ca752bd41d238d3df7573d2c60ada806e4db2a78978e10c771 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magiskhid.exe
| MD5 | e6293458c2247ce2c122a36b00981309 |
| SHA1 | 45f9dbbad3e497295d635593f2efbe416d68bd2a |
| SHA256 | 7ebc5228681441951fdecb37fbbeb6a9a060d22976220879e611c7a326dba9c5 |
| SHA512 | a28fa4445eb1247332fa950d2f20a35f5ab4e881a99a47de5ca4ec023ad402f53aa26c733f0ebd7d46eff13883ef84a2ca8e1ad1c2a05b495115bb46c02b1d90 |
memory/2508-439-0x0000000000AA0000-0x0000000000B46000-memory.dmp
memory/3056-441-0x0000000000400000-0x00000000004AA000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 919d25203250415d33d2ed0e0af8e041 |
| SHA1 | cb68a844246b3b715f6eebd4cbb8c7064b2de0b9 |
| SHA256 | c2fa87ca225a4373ffa110c6e789dba16b59307f22e12e46734a0982bfc7b4c1 |
| SHA512 | 154d6446e61ee9dd2df1399286bce40b5cc372d10066419c2de7b8763d62a0acec5f5f149771875a0541d583a717af8af84771644849cff3ef3c14fe953fc226 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5958f4.TMP
| MD5 | 1b6998dce81c675953e0bc8abc218745 |
| SHA1 | 89d07dceba48fdf13a1d369b7a4a09b5e94629b6 |
| SHA256 | deb599d211b101dd17a220270fd24c0ad2d9eb737b03a240244a3474476965cb |
| SHA512 | 250da5dcaf7a6493ca9dc1fa7e731cc39df4d6c706338310cd8c4e879da760cf5c3aea6cc399a838dc17eca94243db8962343840de85c760212f00227d7efc01 |
C:\Users\Admin\AppData\Local\Temp\hide.txt
| MD5 | c11cc052260b7d37cd04c34d417e92ee |
| SHA1 | baa794ec18692bd4793c944348310417e3376ec5 |
| SHA256 | 3b00bc9d6653107e344b22d5ce43d708b0d850295a3c12ccaa0ecc5c0217accd |
| SHA512 | 30de2ba2c15d7e03b6c88c88ac54f2521c07c2b25cf8375448c21840361fb6eafd02e9922bc5a424e1d7cb1a60a4a07221a5d6c4bca5f331f1b05f9d51de0db0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 8828bbb307f0d1afd91ca67a3a104b2d |
| SHA1 | 9a722caf19b8cbc977486466984514a423be93ea |
| SHA256 | 2dbea321deee90273d95e56f6d828072d0e48772b406f79e144e9d91b4eda8db |
| SHA512 | 6925fdf943a4a672823206a984a0d375fd9509c7e1f4bb3bea66386e70442c85ac656a6ca6c61f91ceb15981e281d115600bf3933339fc366494ed5948ccfff3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0e076e93210152d3831c298c5c76baf1 |
| SHA1 | 2477fff788a82ef63b615bb895554b898118e639 |
| SHA256 | a307e195715056dd1113ae0b6c33c566202161dd7fc6dabd369319c69c415daa |
| SHA512 | bdb3b9f30c95c2a9087e75527ec0fa40c6f608c9e490bae713733adc84d21fa9fb28417818ed42d7035737bc14e74347aea3ff5a2a3a34bd72d1a7f4508408eb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | a8c4da0f03567f28ec3b8f5ea2fbdafb |
| SHA1 | d98c1deab75af4239c3420c7453c8b98bf3b230a |
| SHA256 | 8d2bd1e8a84ae1c33d4304296736e9a7af48775d3d698bb03550174e5949a244 |
| SHA512 | 5d44fcf5038418e053cf881dbc1e95e9b5ac5172093678a0636e61e05084e1c9445bfab58f3e40fa3611a2430ce63164db3fdb8bbc3a8be69c7f209a2c6018bd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | efd2582ad2a2830187b45f3db0abcd04 |
| SHA1 | b1ea0a5974bfe583f170ae039a02036d7abd2ca0 |
| SHA256 | eaf1ee79dfbdab65bf32f0380d980d88f77eeb163287317d0bdd16d20c2d4ba7 |
| SHA512 | 62decbbc0de0636c19d3f316c9aac2348021a26b01cb56dbf60796e1358db6e7d0a3d0cda4547df20d12692cf5ea31d1896fbaef4815795249660b2f2e9e7df5 |
C:\Windows\xdwd.dll
| MD5 | 16e5a492c9c6ae34c59683be9c51fa31 |
| SHA1 | 97031b41f5c56f371c28ae0d62a2df7d585adaba |
| SHA256 | 35c8d022e1d917f1aabdceae98097ccc072161b302f84c768ca63e4b32ac2b66 |
| SHA512 | 20fd369172ef5e3e2fde388666b42e8fe5f0c2bfa338c0345f45e98af6561a249ba3ecc48c3f16efcc73f02ecb67b3ddb1e2e8f0e77d18fa00ac34e6379e50b6 |
memory/2508-686-0x000000001C430000-0x000000001C4A6000-memory.dmp
memory/2508-687-0x0000000002E90000-0x0000000002E9C000-memory.dmp
memory/2508-688-0x0000000002ED0000-0x0000000002EEE000-memory.dmp
memory/2508-716-0x000000001D3E0000-0x000000001D526000-memory.dmp
C:\Users\Admin\Desktop\ewar.bat
| MD5 | 5d9d5e81f54d00a65d174fcefeb8cf28 |
| SHA1 | 99a9176438ea7289cfcbc3a3cd52641a8651016d |
| SHA256 | 67c2bd43b07a7ef117b3b1aa1bb43ebbe1e0a4303e491106e63ef0eaf88377f6 |
| SHA512 | ae29ec95a0e35cf2b717557c9596d6f31a243179b83e87427fdb8bc4c55693e486acc23a2cfb0e3fdb57c7925aefed4d1a98e64c04986689ce45a134d7268786 |
memory/2508-1019-0x0000000001280000-0x000000000128A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmp4A0A.tmp.jpg
| MD5 | 6a0665b50831e888400e85e918aa663e |
| SHA1 | 00c7a24a96b5d2ba038b90df2f1438bc156f7b5d |
| SHA256 | cd7a221c88abc1dc0e2b04107e590f7bcb2d98e2677c3a1ab5d269a15ef2885c |
| SHA512 | 8be41122fcfca618713975e87799a38c4358d3b7da606d490675d9a248fcd34989a4cb981f2749e7e32090915b372754bd2e195b32ed344e82070ba3bc18599e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | efdf336c3d3a1adb92b2ad84b9e0ddf8 |
| SHA1 | d12684bf46d8efdc7fe65d72974a64f8cfc83aae |
| SHA256 | a3b64fe67ea4be6fd1cad4f43ab347f08f3c05afd11552101ddc5f80fd3e31cc |
| SHA512 | d47956132f95e0f8c31b0d8e8b23a7748b4fd39b6acf746e65600499bb6dac8bf3ba64843a090e41066de86eadd02aeb9c1ebd3ab9cdee4bd9d7867febbb696e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 648f8a8ecc6901ea131b19bda4dbea64 |
| SHA1 | ca13aa8a169e35ba8c940cfaa065a32e5040bcf8 |
| SHA256 | fe438ae9d73f68fbeb217d7abb0369b7a9841162eab3001b17ab44f70312d84e |
| SHA512 | 47abb88b71f630a8ad1a3b363b48553fc418e382d4a7340b42879faec1328261199d99571b446bf25b23304a950068a8acef5899b5bf9d16adbf3d6930ea289a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 43481393be17296f44dfcf8e85d83252 |
| SHA1 | 486fbaae5fd2f0f97217a73802a07e589ee696c8 |
| SHA256 | 5b9a4b0271450435dbf0e01f431e5e25148170b34ad80784a5aa97a68336d5dc |
| SHA512 | 4d3f7914eaa5123740a033c1d9516ea67cdae50d9a102f9e647435cf653d753b377b45644f6462265f91c352cba9d74655fe02005b4f16758a0bcc39fc381227 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 851649db86d2cfac3602a75a0497e092 |
| SHA1 | 242a0ad92e2728da190abccbf220440484b49c6c |
| SHA256 | f37b4759a7d40342b3671ab6d67abeebdfef663e287a48e7ed5d33d96e36acf8 |
| SHA512 | e4a68ec5ce203efb77138b3e8a2fcdd0a29553d5680e0d783b54d1de0e4452b00b8d47021e8341a10a861681a0eb89821e2d9b8c3b4a02f9bd781225f8b055f0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 91e11d5cb216f0f6cdf9a7652170f5b7 |
| SHA1 | b6d3b26b051fd252b22298e4333b15ddd0568bac |
| SHA256 | 41a29c7920445af1e724269709e17b03ac8fdaaeef42c4e3133b7fba6f3a3308 |
| SHA512 | 68518a6f773479bca0d2c7fcb06acc1cbbc078e01cc61bce4070983c634bbec6b4de994db6c483b1a3b4535be85208fb7196e56ec784472847498dc519a2d8d3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9a3ebfc89c8bb523_0
| MD5 | 5238af03956c284beb59f560a86bb670 |
| SHA1 | 220fe2fa04ad80d53acd0257f7e75b60a5823eaa |
| SHA256 | 6da5264c6dca750eb3d318ce2679aa1c771efa2d4b97044930137882d11186fa |
| SHA512 | c3fe420424cd0fe1d2cc8f40dfc3b7abd4911ee0f744540b2fbc3540cef9530f177e730231bd5ccced565b241627b00af17be1eceefd87e36491abd7a6258ea0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | cf122def58e2f2d42b3e3956e83dab6c |
| SHA1 | fd7202bd40ba3b2ffd9f00b6182f15dd3d415320 |
| SHA256 | 068e3d34fed50e9e7e314ac60a4fdfcc69d587a526c2b398ab8143196482e870 |
| SHA512 | e287d95380262e1bbeacbb1c74733cfef33b035dc7c84d49c7c51aca7abf9e129a010ab13155c39b1ce9e21fd0ffc839ee277c699d17e7e0fde4fda871342dd6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 81354eb603464279bc858defb0c61717 |
| SHA1 | 39be98c88c391e904d537f53a592607b2a505bf4 |
| SHA256 | 319447e5707a09bacc2373229bda4b58481ecde55bf4023c3a401e32a95c94f1 |
| SHA512 | 63cd403e023368c378e93c72f0fa0f16ee9c6ddcae2af8f7beb2279e4b369ec4dcfd53c850b1d34146b543eacfa4710c0a98dfa06de93e9ae270905b9d6aaff2 |
memory/2508-1767-0x00000000012E0000-0x0000000001362000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 1bc851f58db509e8272c3a33dad8d73f |
| SHA1 | 7ff1ccbf04eb1d7854ec5d705edcbbbf472093ee |
| SHA256 | 520da9dfbfa305f9258990d8d40c9d153208daf98ac5d224bffaa0dac4459689 |
| SHA512 | 0eb80f721c50552f52f2cc6fca828aec23682f2e5c9166749f8afaf3cabd5d9a545eb347c7525ad5f0ec342ba0b8eb60082766c3a6fb135ec2b7c448202e53a3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 252fb7c15e4436022970144370b551a6 |
| SHA1 | e1135cd707a4aca0167bdbc2a51343a6ed69a6b5 |
| SHA256 | f6a30748fd8310dda82bb744ec45a8595261e1874bb09832b175786886e63c3a |
| SHA512 | c712c2ee68064969a9ef30c0a970caa888d7a226809247a2d316090709df408b09420d3ebb49d0334e48d4b21cae301a959c8072b432f58854b3d5d3baa28069 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | c34ebe36365ebba331a0e2636af62c32 |
| SHA1 | 9528631ba8a57465f0ba483367df74adca1afe15 |
| SHA256 | 9f313a8833ddc880ec864be0df024530611520b1068191633eab520a1390f473 |
| SHA512 | 149d5a15742dd65a9cb5a480deb03245ce02272db732e957eb63e5ef059db0c6b52ecf4c524189b7b6fb1c3952c818685856628aae71cb381f1788caeb07cdfc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006f
| MD5 | 6fb26b39d8dcf2f09ef8aebb8a5ffe23 |
| SHA1 | 578cac24c947a6d24bc05a6aa305756dd70e9ac3 |
| SHA256 | 774379647c0a6db04a0c2662be757a730c20f13b4c03fe0b12d43c0f09e7a059 |
| SHA512 | c40f4771c10add1b20efb81ee3b61fc5ede4701587f29a1c2cdde8b6faabd1c76d769bf8b99aa19082012f95d99ba448a472463fb9056acd2e43542e14e605cd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000074
| MD5 | e9d809a1d7fd30047317fbd43fae61e9 |
| SHA1 | f787ab2f19856948bd9ea7aae25f45b2a8d08d8e |
| SHA256 | 0ba8c1a3ea7999dc49680abfe030219c514214972d20197ccf7def509471b72d |
| SHA512 | e91109af437dfb88f8f97df5795a25e4efaf1a2fcf9ffff8410f19a815bcf80f62e21fe9d5de7e5b6df5e983eef8393c806e5df48353547a02b81c0780fefc50 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000083
| MD5 | e78f9f9e3c27e7c593b4355a84d7f65a |
| SHA1 | 562ce4ba516712d05ed293f34385d18f7138c904 |
| SHA256 | 75488ac5677083f252c43009f026c2ec023ac4da3e65c5d7a084742e32abce3d |
| SHA512 | 05f9fbbd59c286024b3ad49961c4e0eaa1abcf36ed29a1d07ea73d2b057075d46fbfdda56f135145f942bd0c3d48246c73be1771c21861eec4ddf8bbc365a286 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | fc3a67aacd684e4e53518025194a7d4c |
| SHA1 | f01e85e3b05396887bdb003c27b7ec68d40ab3b7 |
| SHA256 | 63417ee2cb5dc70be7d5c0160997a5d2a3aa0fe490216de161fb0fccf81682f3 |
| SHA512 | d1618438995f1dadd10aa8b44edb71dd582122125bd099502f974ca03d8d32bf2222317029e97a0fc3ed45699efd59f8c43e0bdcbfcffdddd03f19db624a7427 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d934f0c02e4b6ef7b69879ff09e7d3cf |
| SHA1 | db55c103e339604e544478c232987cebbc4e3a14 |
| SHA256 | d4351756637ebca1d356c889100442fb0ab1f08807a914b8e1b60aaf03810694 |
| SHA512 | a422f5e4d7769f958f3ae0cb0c34764536ec7ed9e8c4b7e25700cf67f381391886c8530e4f553a3061c8392522c6ab171dbe9cc62e60078f7dcbc11d8eff12fb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 73b649906ac6ccdd32d697e2d7ef01cb |
| SHA1 | a714b031faa3b108bca5b79aae4ad2511f57d2f6 |
| SHA256 | 3db3e43e8fb68b8b45bb1d2b0bc12d1c82f71d3b9571cd5ff4b8825fd063765c |
| SHA512 | cbed93ad6daaceaf728037a8b6e46bed45a93e672f956ac31b1ad4db91191ca4dcc438d267871e06ca2a6bfd2cb23dc69d9e02623841fae1a2dd6a8bdfa9947d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 8b80fea165ec5a894489e40cadab6f57 |
| SHA1 | 74b38280c7b21f222b0e417d62f97da6ec41999e |
| SHA256 | d3441d75cb7058d3a3eed98009128a5615c0d81add3ec8346f79b29f977727ff |
| SHA512 | a20d76ba3219850e9f1e2f68b8e45547cdf43c3bbc586a5aee5afb3845cedf4cf1c86992cfe7d0b0f8e63af977d6a2dcab6309b0092dbe90c8f4a5f80a1141d8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 3a38af4cd9945759ec57d13b40c5e651 |
| SHA1 | 7982705042b0bdc24ef833ea89c2288dbba9b51a |
| SHA256 | 83c600e235bc6aba7fb97c45223f3850f75f0bf958ce0ee3c05ab2c42eff14fd |
| SHA512 | 0c4886a35eb9af9179816e01a19c5acf0f86dd92dcb09b5039d874bc496f9e931b9d96c47d76b8e489a144beb6a6aea83894e944d35effd9efe4259a08b3320d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 48c87812dca881c8aebe9f4053e1df8d |
| SHA1 | 56bf5ede143eac6a5d01399e29d667b6d3b30b98 |
| SHA256 | 51ea2bf4ca533996982bd421cc6f76459bd24ba52259c073fcc9bee5bc3d78cd |
| SHA512 | af6cbe5d759f26eb0565c428dc98dcf16432089a188f905712f065a7d97df8a1ccc911a7bc63a9c121be6170be4db20358822436c17e660107ef059d99f75397 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | c0d0d117dd40a5122a92fd76b994d958 |
| SHA1 | 263b51a4593254a0d3639d12669c5697c19c6d32 |
| SHA256 | a02239ebbc0029f9d3c08aadf4107f4e96479493885b369e95800d534073aad1 |
| SHA512 | f1a10a5b5a1846fae394d7be4a9b13545615096454e19b30dd449ab0216438fb377cf871e7375ab8d582992bf1a5dc9748b06f76c068fd1586bfcf8db410b268 |
memory/6400-2763-0x0000000000400000-0x0000000000454000-memory.dmp
memory/7144-2772-0x0000000000400000-0x0000000000454000-memory.dmp
memory/4476-2791-0x0000000000400000-0x0000000000454000-memory.dmp
memory/1508-2818-0x0000000000400000-0x0000000000454000-memory.dmp
memory/5008-2846-0x0000000000400000-0x0000000000454000-memory.dmp
memory/2888-2874-0x0000000000400000-0x0000000000454000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\a77c350e-edea-436f-b63d-1929fb5e25a0.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
memory/7144-2991-0x0000000000400000-0x0000000000454000-memory.dmp
memory/1508-3053-0x0000000000400000-0x0000000000454000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 90b395c7a786ae4964d4707793ec163f |
| SHA1 | 0b17fd853e3e77da1f25fd2e1a55cb18c6f38b0b |
| SHA256 | 4159426162eac0a1da4b86769ac956117d766ba3d54d9366af5de8139d56edb7 |
| SHA512 | 27eab09c93d6bbd86aca0a5bf08ddf01d98e539759bcfe288ebb6130f047938b0b18a5b833cb5b629beff05de1e90db2928bb3218196fcb5d687fb70dec87d69 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3a9cd37d0c47db4b213166caaa34aa14 |
| SHA1 | 1d7480b9eb69bd48c355772b0a15db964b0c4370 |
| SHA256 | 79887176d9d887150a62172e3c3aea565b6e53cf8f85710afd1c9d1cd944dbbf |
| SHA512 | fb14f80a45a55909505982571c054d6e9838fa628cc832688acaf0d27a59f0e3ba8c4cf11665f8262cd83f6bc9f4f261e702b4195725868566d28df677889f19 |
C:\Users\Admin\Downloads\download-mini-kms-activator-ultimate-3623 (1).html
| MD5 | e07f561fea46e235ab65c0747bcc8820 |
| SHA1 | f59e408c6bd591c150002133a40fce09a7196a84 |
| SHA256 | 7c345d4f6f90f8ac48bfc07cb91015a8cfc5f882f2b98a8116a2b0d79ba3df8d |
| SHA512 | 7282baf21fc51af2db0eafa722984787b61cb28967a29c757ccc68f4e9e88ab3595777556524b25f7f790ed08048c25a307f14c9b304c674e0be578d4206726e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b252335851711b1ab4829bbcfa5de422 |
| SHA1 | 79f689e078dbef2a33e752bd2450c1983eb24cdd |
| SHA256 | 9aac0f9174dd0c2d4cc369fdfac0850058e94917302618b31814303dd7f22616 |
| SHA512 | c66e9c21a0d3adf8a4fcf66a2a25a954f8a6fc3e21f5cd0ff64a8e617e9afcca5e14d293c2cc2bcaaf14b9d8019e0f4a26f8cc5a5dd364a6f822eedbcbbdf6db |
memory/2888-3268-0x0000000000400000-0x0000000000454000-memory.dmp
memory/4476-3269-0x0000000000400000-0x0000000000454000-memory.dmp
memory/6400-3296-0x0000000000400000-0x0000000000454000-memory.dmp
memory/1508-3297-0x0000000000400000-0x0000000000454000-memory.dmp
memory/5008-3298-0x0000000000400000-0x0000000000454000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 3839c4b7f9e660add44a58ca711639eb |
| SHA1 | 98c1e9c76550a5f028be355792fcdd739834eae5 |
| SHA256 | b6b6268b480d890003c8f6a561001bfea792d2db2ed556ed6b33407007fc960a |
| SHA512 | 66bac4c3e0eb6e665f8ced5acb0b7c7a39fad84aa55733100dab7cde7063857f3ae753b2ac508d351a9ad8b6be3b1e74611e7db7e6a60e261409497864ba7ede |
memory/5008-3397-0x0000000000400000-0x0000000000454000-memory.dmp
memory/7144-3414-0x0000000000400000-0x0000000000454000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000aa
| MD5 | 208962e0f3533d703b9b2ce12e8bd1fc |
| SHA1 | 3c1f06656568ae121e084128e6d64a8577bda3d1 |
| SHA256 | ae7f8271daa1fde4c317b641e1e26576b340208384bd0cf2f262ec266b8de20b |
| SHA512 | d2aca232d2205700f9689cda1bd0710381ce82e1259975cd7784bc120602465fedc5d8fc9aa369cf1001caf3835499830dd68aa3b2515f85ea434dac1be92b6d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000ae
| MD5 | 4b5a84aaf1c9485e060c503a0ff8cadb |
| SHA1 | 574ea2698c03ae9477db2ea3baf460ee32f1a7ea |
| SHA256 | 3c4a1bb7ce3234407184f0d80cc4dec075e4ad616b44dcc5778e1cfb1bc24019 |
| SHA512 | 05196036c41398616c077925fc4bf252e81f11b6ebef8745047d75cb2c8b80441b8c3593f4d5b2617089e9f3d8d957f9edcdf8e43993661a277be8f4b6a32111 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000af
| MD5 | 87e8230a9ca3f0c5ccfa56f70276e2f2 |
| SHA1 | eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7 |
| SHA256 | e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9 |
| SHA512 | 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8 |
memory/6400-3521-0x0000000000400000-0x0000000000454000-memory.dmp
memory/2888-3541-0x0000000000400000-0x0000000000454000-memory.dmp
C:\Users\Admin\Downloads\mini-kms-activator-ultimate-3623-10088.html
| MD5 | 7677529a05f8f6759c4a20627e88c314 |
| SHA1 | 1f6d3d1c213d6a3ab05ac598bf6ff2945b2df260 |
| SHA256 | 7ceb4d66f0acfc6408c12147d16a3cd1ed9abd986b98990fda43ddaa14a53807 |
| SHA512 | 0ee9ed64cdf774b19759c75e82bef185b2e6ff7de02720b004918fbcf6d537d0a73c1c830b46ea1ca6efd57ec2c1897167f952d5c6a87f8fdc387dc40dc841e3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 7515da7d7ebb5eead7c91ca5fd8a89fb |
| SHA1 | 198dd04e12582a6007a98efc2d3ba28a18aca7fc |
| SHA256 | 1a0f9dc3b7053792aa32ac0b6e85a25654c80ff8d7eb0fbcd34b57a319adb28d |
| SHA512 | 5baac9f8381f0e1dc2d011fefdc83b0b08a351ae132b6572b2c70bae26663a7d374fad6437930c568d4d00e8bd29bb5be957cfede42b239aa25c2d58192d7eec |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b5cea9f0035d8bcfe3fc527874686971 |
| SHA1 | ebe573fd1c538791b51f72f3a2256f804143490c |
| SHA256 | c62de0cf0893740123bd871710c5dd8a7222a36af6ff3df80fbf82a5bf927615 |
| SHA512 | b9781c0adfb7158189cb5d5ded475296364d83379e8427ba94b75e085424af178943c2f1c6ab60deb31268b131c2680b4adbd0c08ab608d9ce4a473fbacab842 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e2e72feb3f28140a6bc37ff181dfcf83 |
| SHA1 | f0fad28f1756741e204cbebe1437e63a25751603 |
| SHA256 | ee00242afe78b4e4cbc10e14a08558649cd4619283abd8a94974c2d0b0f13dde |
| SHA512 | 2d2befb4e67d16532b20cc3a5f3810a7f39a6a86f914db55dc6eca077b2c6b8e85464f4184b4dd308e69ea6c1e0c419f0d8134ddc737ad1a3555f2af9d68f8ff |
memory/6400-3658-0x0000000000400000-0x0000000000454000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 9454ebc66e2405b4fed8284940d8d9a8 |
| SHA1 | aaabeabd95e9087f0896292d3e11d3d1052895b0 |
| SHA256 | 3b651bec5a9f7c25c2012b0fb64c7d33e589710a6f58828f0284db1a2df83b23 |
| SHA512 | abd8675e3ca4841948a5f949880dc4cd544f8e6ecba48e5c3545fac547616fe004e5e32f469b127b53dcbd62139c38d79086631bb327c38bd8a0613f17ef268d |
memory/5008-3758-0x0000000000400000-0x0000000000454000-memory.dmp
memory/7144-3785-0x0000000000400000-0x0000000000454000-memory.dmp
memory/4476-3813-0x0000000000400000-0x0000000000454000-memory.dmp
memory/1508-3814-0x0000000000400000-0x0000000000454000-memory.dmp
memory/6400-3841-0x0000000000400000-0x0000000000454000-memory.dmp
memory/7144-3869-0x0000000000400000-0x0000000000454000-memory.dmp
memory/4476-3897-0x0000000000400000-0x0000000000454000-memory.dmp