***********************************************

* _ _ _ _ *
* / \ / \ / \ / \ *
* ( M | E | T | A ) *
* \_/ \_/ \_/ \_/ *
* *
* Telegram: https://t.me/metastealer_bot *
***********************************************

ID: 3688, Name: csrss.exe, CommandLine:

===============
ID: 4272, Name: winlogon.exe, CommandLine: C:\Windows\System32\WinLogon.exe -
SpecialSession
===============
ID: 4724, Name: dwm.exe, CommandLine: -hiberboot
===============
ID: 9392, Name: nvxdsync.exe, CommandLine: "C:\Program Files\NVIDIA Corporation\
Display\nvxdsync.exe"
===============
ID: 984, Name: nvvsvc.exe, CommandLine: C:\Windows\system32\nvvsvc.exe -session
===============
ID: 6412, Name: NS.exe, CommandLine: "C:\Program Files (x86)\Norton Security\
Engine\22.5.0.124\NS.exe" /c /a /s UserSession2
===============
ID: 5528, Name: taskhostex.exe, CommandLine: taskhostex.exe
===============
ID: 2052, Name: BoostSpeed.exe, CommandLine: "C:\Program Files (x86)\Auslogics\
Auslogics BoostSpeed\BoostSpeed.exe" -UseTray
===============
ID: 6908, Name: RtkNGUI64.exe, CommandLine: "C:\Program Files\Realtek\Audio\HDA\
RtkNGUI64.exe" -s
===============
ID: 9528, Name: eguiProxy.exe, CommandLine: "C:\Program Files\ESET\ESET Security\
eguiproxy.exe" /hide
===============
ID: 4368, Name: EPPCCMON.EXE, CommandLine: "C:\Program Files (x86)\EPSON Software\
Epson Printer Connection Checker\EPPCCMON.EXE"
===============
ID: 5840, Name: XperiaCompanionAgent.exe, CommandLine: "C:\Program Files (x86)\
Sony\Xperia Companion\XperiaCompanionAgent.exe"
===============
ID: 9584, Name: splwow64.exe, CommandLine: C:\Windows\splwow64.exe 8192
===============
ID: 9776, Name: E_YATIYXE.EXE, CommandLine: "C:\Windows\System32\spool\drivers\
x64\3\E_YATIYXE.EXE" /EPT "EPLTarget\P0000000000000001" /M "L3210 Series"
===============
ID: 9972, Name: PowerDVD12DMREngine.exe, CommandLine: "C:\Program Files (x86)\
CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe"
===============
ID: 5036, Name: PowerDVD12Agent.exe, CommandLine: "C:\Program Files (x86)\
CyberLink\PowerDVD12\PowerDVD12Agent.exe"
===============
ID: 3952, Name: MSIRegister.exe, CommandLine: "C:\MSI\MSIRegister\MSIRegister.exe"
===============
ID: 3172, Name: Super Charger.exe, CommandLine: "C:\Program Files (x86)\MSI\Super
Charger\Super Charger.exe"
===============
ID: 9836, Name: winampa.exe, CommandLine: "C:\Program Files (x86)\Winamp\
winampa.exe"
===============
ID: 6252, Name: FUFAXRCV.exe, CommandLine: "C:\Program Files (x86)\EPSON Software\
FAX Utility\FUFAXRCV.exe"
===============
ID: 6992, Name: EEventManager.exe, CommandLine: "C:\Program Files (x86)\EPSON
Software\Event Manager\EEventManager.exe"
===============
ID: 3052, Name: realsched.exe, CommandLine: "C:\Program Files (x86)\Real\
RealPlayer\Update\realsched.exe" -osboot
===============
ID: 6916, Name: rpsystray.exe, CommandLine: "C:\Program Files (x86)\Real\
RealPlayer\RPDS\Bin\rpsystray.exe"
===============
ID: 4564, Name: rpbgdownloader.exe, CommandLine: "C:\program files (x86)\real\
realplayer\RPBGDownloader.exe"
===============
ID: 8668, Name: chrome.exe, CommandLine: "C:\Program Files (x86)\Google\Chrome\
Application\chrome.exe"
===============
ID: 5496, Name: chrome.exe, CommandLine: "C:\Program Files (x86)\Google\Chrome\
Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\MCC\
AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-
annotation=ptype=crashpad-handler "--database=C:\Users\MCC\AppData\Local\Google\
Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\MCC\AppData\Local\Google\Chrome\
User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --
annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=109.0.5414.129 --
initial-client-
data=0xa4,0xa8,0xac,0x80,0xb0,0x7ff9273f6b58,0x7ff9273f6b68,0x7ff9273f6b78
===============
ID: 9384, Name: chrome.exe, CommandLine: "C:\Program Files (x86)\Google\Chrome\
Application\chrome.exe" --type=gpu-process --gpu-
preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAA
AAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAA
AOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-
handle=1312 --field-trial-
handle=1352,i,9396411294573025354,10866420090067150848,131072 /prefetch:2
===============
ID: 5336, Name: chrome.exe, CommandLine: "C:\Program Files (x86)\Google\Chrome\
Application\chrome.exe" --type=utility --utility-sub-
type=network.mojom.NetworkService --lang=es --service-sandbox-type=none --mojo-
platform-channel-handle=1560 --field-trial-
handle=1352,i,9396411294573025354,10866420090067150848,131072 /prefetch:8
===============
ID: 9564, Name: chrome.exe, CommandLine: "C:\Program Files (x86)\Google\Chrome\
Application\chrome.exe" --type=utility --utility-sub-
type=storage.mojom.StorageService --lang=es --service-sandbox-type=service --mojo-
platform-channel-handle=1772 --field-trial-
handle=1352,i,9396411294573025354,10866420090067150848,131072 /prefetch:8
===============
ID: 6452, Name: chrome.exe, CommandLine: "C:\Program Files (x86)\Google\Chrome\
Application\chrome.exe" --type=renderer --extension-process --lang=es --device-
scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --
renderer-client-id=5 --time-ticks-at-unix-epoch=-1679512287393023 --launch-time-
ticks=2399506657837 --mojo-platform-channel-handle=3248 --field-trial-
handle=1352,i,9396411294573025354,10866420090067150848,131072 /prefetch:1
===============
ID: 6772, Name: chrome.exe, CommandLine: "C:\Program Files (x86)\Google\Chrome\
Application\chrome.exe" --type=renderer --lang=es --device-scale-factor=1 --num-
raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --
time-ticks-at-unix-epoch=-1679512287393023 --launch-time-ticks=2399512116209 --
mojo-platform-channel-handle=4944 --field-trial-
handle=1352,i,9396411294573025354,10866420090067150848,131072 /prefetch:1
===============
ID: 1888, Name: chrome.exe, CommandLine: "C:\Program Files (x86)\Google\Chrome\
Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService
--lang=es --service-sandbox-type=audio --mojo-platform-channel-handle=4300 --field-
trial-handle=1352,i,9396411294573025354,10866420090067150848,131072 /prefetch:8
===============
ID: 9096, Name: chrome.exe, CommandLine: "C:\Program Files (x86)\Google\Chrome\
Application\chrome.exe" --type=renderer --lang=es --device-scale-factor=1 --num-
raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --
time-ticks-at-unix-epoch=-1679512287393023 --launch-time-ticks=2399630753798 --
mojo-platform-channel-handle=2568 --field-trial-
handle=1352,i,9396411294573025354,10866420090067150848,131072 /prefetch:1
===============
ID: 6996, Name: RuntimeBroker.exe, CommandLine: C:\Windows\System32\
RuntimeBroker.exe -Embedding
===============
ID: 3528, Name: chrome.exe, CommandLine: "C:\Program Files (x86)\Google\Chrome\
Application\chrome.exe" --type=renderer --lang=es --device-scale-factor=1 --num-
raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=164 --
time-ticks-at-unix-epoch=-1679512287393023 --launch-time-ticks=2407453908845 --
mojo-platform-channel-handle=7628 --field-trial-
handle=1352,i,9396411294573025354,10866420090067150848,131072 /prefetch:1
===============
ID: 10184, Name: downloader2.exe, CommandLine: /restart
===============
ID: 940, Name: chrome.exe, CommandLine: "C:\Program Files (x86)\Google\Chrome\
Application\chrome.exe" --type=renderer --lang=es --device-scale-factor=1 --num-
raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=177 --
time-ticks-at-unix-epoch=-1679512287393023 --launch-time-ticks=2417668757176 --
mojo-platform-channel-handle=7408 --field-trial-
handle=1352,i,9396411294573025354,10866420090067150848,131072 /prefetch:1
===============
ID: 4120, Name: chrome.exe, CommandLine: "C:\Program Files (x86)\Google\Chrome\
Application\chrome.exe" --type=renderer --lang=es --device-scale-factor=1 --num-
raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=192 --
time-ticks-at-unix-epoch=-1679512287393023 --launch-time-ticks=2419838172886 --
mojo-platform-channel-handle=7636 --field-trial-
handle=1352,i,9396411294573025354,10866420090067150848,131072 /prefetch:1
===============
ID: 5672, Name: dllhost.exe, CommandLine: C:\Windows\system32\DllHost.exe
/Processid:{53362C64-A296-4F2D-A2F8-FD984D08340B}
===============
ID: 3276, Name: A1IG9BOmGGHDKSwc6nalkM7x.exe, CommandLine: "C:\Users\MCC\Pictures\
Minor Policy\A1IG9BOmGGHDKSwc6nalkM7x.exe"
===============
ID: 5776, Name: ki609499.exe, CommandLine: C:\Users\MCC\AppData\Local\Temp\
IXP000.TMP\ki609499.exe
===============
ID: 6912, Name: ki576100.exe, CommandLine: C:\Users\MCC\AppData\Local\Temp\
IXP001.TMP\ki576100.exe
===============
ID: 8900, Name: ki045267.exe, CommandLine: C:\Users\MCC\AppData\Local\Temp\
IXP002.TMP\ki045267.exe
===============
ID: 988, Name: ki038746.exe, CommandLine: C:\Users\MCC\AppData\Local\Temp\
IXP003.TMP\ki038746.exe
===============
ID: 7676, Name: bu502586.exe, CommandLine: C:\Users\MCC\AppData\Local\Temp\
IXP004.TMP\bu502586.exe
===============
ID: 10192, Name: chrome.exe, CommandLine: "C:\Program Files (x86)\Google\Chrome\
Application\chrome.exe" --type=renderer --lang=es --device-scale-factor=1 --num-
raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=206 --
time-ticks-at-unix-epoch=-1679512287393023 --launch-time-ticks=2420291456859 --
mojo-platform-channel-handle=7252 --field-trial-
handle=1352,i,9396411294573025354,10866420090067150848,131072 /prefetch:1
===============
ID: 7776, Name: li90i.exe, CommandLine: "C:\Users\MCC\AppData\Roaming\hxdQf5\
li90i.exe"
===============
ID: 1428, Name: AppLaunch.exe, CommandLine: "C:\\Windows\\Microsoft.NET\\
Framework\\v4.0.30319\\AppLaunch.exe"
===============
ID: 1400, Name: svcservice.exe, CommandLine: "C:\Users\MCC\AppData\Roaming\
telemetry\svcservice.exe"
===============
ID: 6816, Name: YfrgZHCXmzhzN9_odiPXYqB2.exe, CommandLine: "C:\Users\MCC\Pictures\
Minor Policy\YfrgZHCXmzhzN9_odiPXYqB2.exe"
===============
ID: 6284, Name: AppLaunch.exe, CommandLine: "C:\\Windows\\Microsoft.NET\\
Framework\\v4.0.30319\\AppLaunch.exe"
===============
ID: 3228, Name: Install.exe, CommandLine: .\Install.exe
===============
ID: 6488, Name: chrome.exe, CommandLine: "C:\Program Files (x86)\Google\Chrome\
Application\chrome.exe" --type=renderer --lang=es --device-scale-factor=1 --num-
raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=207 --
time-ticks-at-unix-epoch=-1679512287393023 --launch-time-ticks=2420562225579 --
mojo-platform-channel-handle=6780 --field-trial-
handle=1352,i,9396411294573025354,10866420090067150848,131072 /prefetch:1
===============
ID: 6548, Name: Install.exe, CommandLine: .\Install.exe /S /site_id "525403"
===============
ID: 10436, Name: explorer.exe, CommandLine: explorer.exe
===============
ID: 10704, Name: WerFault.exe, CommandLine: werfault.exe /h /shared Global\
3098c9e679824149a9eb8cf87f94f9a1 /t 9068 /p 8668
===============
ID: 10848, Name: powershell.exe, CommandLine: "C:\Windows\System32\
WindowsPowerShell\v1.0\powershell.EXE" -WindowStyle Hidden -EncodedCommand
cwB0AGEAcgB0AC0AcAByAG8AYwBlAHMAcwAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZAB
lAG4AIABnAHAAdQBwAGQAYQB0AGUALgBlAHgAZQAgAC8AZgBvAHIAYwBlAA==
===============
ID: 11216, Name: csrss.exe, CommandLine: C:\Windows\rss\csrss.exe
===============
ID: 11508, Name: injector.exe, CommandLine: C:\Users\MCC\AppData\Local\Temp\csrss\
injector\injector.exe taskmgr.exe C:\Users\MCC\AppData\Local\Temp\csrss\injector\
NtQuerySystemInformationHook.dll
===============
ID: 11524, Name: conhost.exe, CommandLine: \??\C:\Windows\system32\conhost.exe 0x4
===============
ID: 11628, Name: patch.exe, CommandLine: "C:\Users\MCC\AppData\Local\Temp\csrss\
patch.exe"
===============
ID: 11752, Name: conhost.exe, CommandLine: \??\C:\Windows\system32\conhost.exe 0x4