Analysis Overview
SHA256
8a8762536fbbd093b02ed8e6d698b8831575206d3d2f0b9d4a06a770ff95785f
Threat Level: Known bad
The file hitho.lua was found to be: Known bad.
Malicious Activity Summary
WarzoneRat, AveMaria
xmrig
Modifies system executable filetype association
Quasar RAT
Suspicious use of NtCreateProcessExOtherParentProcess
Quasar payload
XMRig Miner payload
Modifies Windows Firewall
Downloads MZ/PE file
Registers COM server for autorun
Executes dropped EXE
Loads dropped DLL
Drops startup file
Reads user/profile data of web browsers
Checks computer location settings
Reads data files stored by FTP clients
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
Adds Run key to start application
Checks installed software on the system
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Modifies registry class
Modifies Internet Explorer settings
Enumerates system info in registry
Suspicious behavior: GetForegroundWindowSpam
Checks processor information in registry
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Creates scheduled task(s)
Checks SCSI registry key(s)
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2023-01-13 03:15
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2023-01-13 03:15
Reported
2023-01-13 03:45
Platform
win10v2004-20220812-en
Max time kernel
1802s
Max time network
1804s
Command Line
Signatures
Modifies system executable filetype association
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR32\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA} | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\ | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}" | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA} | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\ | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR32 | C:\Program Files\WinRAR\uninstall.exe | N/A |
Quasar RAT
Quasar payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious use of NtCreateProcessExOtherParentProcess
| Description | Indicator | Process | Target |
| PID 5476 created 4736 | N/A | C:\Windows\system32\Taskmgr.exe | C:\Users\Admin\Downloads\why.exe |
| PID 5476 created 4736 | N/A | C:\Windows\system32\Taskmgr.exe | C:\Users\Admin\Downloads\why.exe |
| PID 5476 created 704 | N/A | C:\Windows\system32\Taskmgr.exe | C:\Users\Admin\Downloads\wat.exe |
| PID 5476 created 704 | N/A | C:\Windows\system32\Taskmgr.exe | C:\Users\Admin\Downloads\wat.exe |
WarzoneRat, AveMaria
xmrig
XMRig Miner payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Downloads MZ/PE file
Executes dropped EXE
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}\InProcServer32 | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}\InProcServer32\ = "C:\\Program Files\\WinRAR\\rarext.dll" | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}\InProcServer32\ThreadingModel = "Apartment" | C:\Program Files\WinRAR\uninstall.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\Quasar 1.3 modified by Deos\Quasarx.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\Quasar 1.3 modified by Deos\Quasarx.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation | C:\Program Files\WinRAR\WinRAR.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\VayneRat\Vayne Ratx.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\VayneRat\Vayne Ratx.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\ded.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\SaherBlueEagle_Splitter[RAT]\BlueEagleSplitterx.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\winrar-x64-611.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\VayneRat\Vayne Ratx.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\Shia Hacker School -Rat v1.0\shia hacker -ratx.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\SaherBlueEagle_Splitter[RAT]\BlueEagleSplitter.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\WARZONE 1.2 Cracked\WARZONE RAT 1.2x.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wat.exe | C:\Users\Admin\Downloads\wat.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\why.exe | C:\Users\Admin\Downloads\why.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\why.exe | C:\Users\Admin\Downloads\why.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wat.exe | C:\Users\Admin\Downloads\wat.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wat.exe | C:\Users\Admin\Downloads\wat.exe | N/A |
Loads dropped DLL
Reads data files stored by FTP clients
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Windows\CurrentVersion\Run | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Windows\CurrentVersion\Run | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Google App Update = "C:\\ProgramData\\services.exe" | C:\Users\Admin\Downloads\Notable.exe | N/A |
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ip-api.com | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSStmp.log | C:\Windows\System32\svchost.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk | C:\Windows\System32\svchost.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config.json | C:\Users\Admin\Desktop\Quasar 1.3 modified by Deos\Quasarx.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk | C:\Windows\System32\svchost.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00001.jrs | C:\Windows\System32\svchost.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.jfm | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jtx | C:\Windows\System32\svchost.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00002.jrs | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\TiWorker.exe | C:\Users\Admin\Desktop\Quasar 1.3 modified by Deos\Quasarx.exe | N/A |
| File created | C:\Windows\SysWOW64\config.json | C:\Users\Admin\Desktop\Quasar 1.3 modified by Deos\Quasarx.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\MicrosoftWindows.xml | C:\Users\Admin\Desktop\Quasar 1.3 modified by Deos\Quasarx.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jcp | C:\Windows\System32\svchost.exe | N/A |
| File created | C:\Windows\SysWOW64\TiWorker.exe | C:\Users\Admin\Desktop\Quasar 1.3 modified by Deos\Quasarx.exe | N/A |
| File created | C:\Windows\SysWOW64\MicrosoftWindows.xml | C:\Users\Admin\Desktop\Quasar 1.3 modified by Deos\Quasarx.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat | C:\Windows\System32\svchost.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\WinRAR\Default64.SFX | C:\Users\Admin\Downloads\winrar-x64-611.exe | N/A |
| File created | C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-64.png | C:\Users\Admin\Downloads\winrar-x64-611.exe | N/A |
| File created | C:\Program Files\WinRAR\__tmp_rar_sfx_access_check_240754109 | C:\Users\Admin\Downloads\winrar-x64-611.exe | N/A |
| File opened for modification | C:\Program Files\WinRAR\License.txt | C:\Users\Admin\Downloads\winrar-x64-611.exe | N/A |
| File created | C:\Program Files\WinRAR\WhatsNew.txt | C:\Users\Admin\Downloads\winrar-x64-611.exe | N/A |
| File created | C:\Program Files\WinRAR\RarFiles.lst | C:\Users\Admin\Downloads\winrar-x64-611.exe | N/A |
| File opened for modification | C:\Program Files\WinRAR\Resources.pri | C:\Users\Admin\Downloads\winrar-x64-611.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir1360_128786915\ChromeRecovery.exe | C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\WinRAR\Order.htm | C:\Users\Admin\Downloads\winrar-x64-611.exe | N/A |
| File opened for modification | C:\Program Files\WinRAR\Rar.exe | C:\Users\Admin\Downloads\winrar-x64-611.exe | N/A |
| File created | C:\Program Files\WinRAR\7zxa.dll | C:\Users\Admin\Downloads\winrar-x64-611.exe | N/A |
| File opened for modification | C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-48.png | C:\Users\Admin\Downloads\winrar-x64-611.exe | N/A |
| File opened for modification | C:\Program Files\WinRAR\WinRAR.chm | C:\Users\Admin\Downloads\winrar-x64-611.exe | N/A |
| File created | C:\Program Files\WinRAR\Zip64.SFX | C:\Users\Admin\Downloads\winrar-x64-611.exe | N/A |
| File created | C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir1360_128786915\ChromeRecoveryCRX.crx | C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe | N/A |
| File created | C:\Program Files\WinRAR\Rar.txt | C:\Users\Admin\Downloads\winrar-x64-611.exe | N/A |
| File created | C:\Program Files\WinRAR\UnRAR.exe | C:\Users\Admin\Downloads\winrar-x64-611.exe | N/A |
| File opened for modification | C:\Program Files\WinRAR\UnRAR.exe | C:\Users\Admin\Downloads\winrar-x64-611.exe | N/A |
| File created | C:\Program Files\WinRAR\License.txt | C:\Users\Admin\Downloads\winrar-x64-611.exe | N/A |
| File created | C:\Program Files\WinRAR\RarExt32.dll | C:\Users\Admin\Downloads\winrar-x64-611.exe | N/A |
| File opened for modification | C:\Program Files\WinRAR\RarExt32.dll | C:\Users\Admin\Downloads\winrar-x64-611.exe | N/A |
| File created | C:\Program Files\WinRAR\Default.SFX | C:\Users\Admin\Downloads\winrar-x64-611.exe | N/A |
| File created | C:\Program Files\WinRAR\WinCon.SFX | C:\Users\Admin\Downloads\winrar-x64-611.exe | N/A |
| File created | C:\Program Files\WinRAR\WinCon64.SFX | C:\Users\Admin\Downloads\winrar-x64-611.exe | N/A |
| File created | C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir1360_128786915\ChromeRecovery.exe | C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\WinRAR\Rar.txt | C:\Users\Admin\Downloads\winrar-x64-611.exe | N/A |
| File opened for modification | C:\Program Files\WinRAR\WhatsNew.txt | C:\Users\Admin\Downloads\winrar-x64-611.exe | N/A |
| File opened for modification | C:\Program Files\WinRAR\RarFiles.lst | C:\Users\Admin\Downloads\winrar-x64-611.exe | N/A |
| File created | C:\Program Files\WinRAR\Uninstall.lst | C:\Users\Admin\Downloads\winrar-x64-611.exe | N/A |
| File created | C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir1360_128786915\_metadata\verified_contents.json | C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe | N/A |
| File created | C:\Program Files\WinRAR\Uninstall.exe | C:\Users\Admin\Downloads\winrar-x64-611.exe | N/A |
| File opened for modification | C:\Program Files\WinRAR\7zxa.dll | C:\Users\Admin\Downloads\winrar-x64-611.exe | N/A |
| File created | C:\Program Files\WinRAR\Zip.SFX | C:\Users\Admin\Downloads\winrar-x64-611.exe | N/A |
| File opened for modification | C:\Program Files\WinRAR\Zip64.SFX | C:\Users\Admin\Downloads\winrar-x64-611.exe | N/A |
| File opened for modification | C:\Program Files\WinRAR | C:\Users\Admin\Downloads\winrar-x64-611.exe | N/A |
| File created | C:\Program Files\WinRAR\Descript.ion | C:\Users\Admin\Downloads\winrar-x64-611.exe | N/A |
| File opened for modification | C:\Program Files\WinRAR\ReadMe.txt | C:\Users\Admin\Downloads\winrar-x64-611.exe | N/A |
| File created | C:\Program Files\WinRAR\WinRAR.exe | C:\Users\Admin\Downloads\winrar-x64-611.exe | N/A |
| File created | C:\Program Files\WinRAR\Resources.pri | C:\Users\Admin\Downloads\winrar-x64-611.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir1360_128786915\manifest.json | C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe | N/A |
| File created | C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-32.png | C:\Users\Admin\Downloads\winrar-x64-611.exe | N/A |
| File created | C:\Program Files\WinRAR\rarnew.dat | C:\Program Files\WinRAR\uninstall.exe | N/A |
| File opened for modification | C:\Program Files\WinRAR\Uninstall.exe | C:\Users\Admin\Downloads\winrar-x64-611.exe | N/A |
| File created | C:\Program Files\WinRAR\RarExt.dll | C:\Users\Admin\Downloads\winrar-x64-611.exe | N/A |
| File opened for modification | C:\Program Files\WinRAR\Zip.SFX | C:\Users\Admin\Downloads\winrar-x64-611.exe | N/A |
| File opened for modification | C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-32.png | C:\Users\Admin\Downloads\winrar-x64-611.exe | N/A |
| File opened for modification | C:\Program Files\WinRAR\Uninstall.lst | C:\Users\Admin\Downloads\winrar-x64-611.exe | N/A |
| File created | C:\Program Files\WinRAR\Rar.exe | C:\Users\Admin\Downloads\winrar-x64-611.exe | N/A |
| File created | C:\Program Files\WinRAR\RarExtInstaller.exe | C:\Users\Admin\Downloads\winrar-x64-611.exe | N/A |
| File opened for modification | C:\Program Files\WinRAR\WinRAR.exe | C:\Users\Admin\Downloads\winrar-x64-611.exe | N/A |
| File created | C:\Program Files\WinRAR\Default64.SFX | C:\Users\Admin\Downloads\winrar-x64-611.exe | N/A |
| File opened for modification | C:\Program Files\WinRAR\WinCon.SFX | C:\Users\Admin\Downloads\winrar-x64-611.exe | N/A |
| File created | C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-48.png | C:\Users\Admin\Downloads\winrar-x64-611.exe | N/A |
| File opened for modification | C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-64.png | C:\Users\Admin\Downloads\winrar-x64-611.exe | N/A |
| File created | C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir1360_128786915\manifest.json | C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe | N/A |
| File created | C:\Program Files\WinRAR\ReadMe.txt | C:\Users\Admin\Downloads\winrar-x64-611.exe | N/A |
| File created | C:\Program Files\WinRAR\RarExtPackage.msix | C:\Users\Admin\Downloads\winrar-x64-611.exe | N/A |
| File opened for modification | C:\Program Files\WinRAR\WinCon64.SFX | C:\Users\Admin\Downloads\winrar-x64-611.exe | N/A |
| File opened for modification | C:\Program Files\WinRAR\Descript.ion | C:\Users\Admin\Downloads\winrar-x64-611.exe | N/A |
| File opened for modification | C:\Program Files\WinRAR\RarExt.dll | C:\Users\Admin\Downloads\winrar-x64-611.exe | N/A |
| File opened for modification | C:\Program Files\WinRAR\Default.SFX | C:\Users\Admin\Downloads\winrar-x64-611.exe | N/A |
| File created | C:\Program Files\WinRAR\WinRAR.chm | C:\Users\Admin\Downloads\winrar-x64-611.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir1360_128786915\_metadata\verified_contents.json | C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe | N/A |
| File created | C:\Program Files\WinRAR\Order.htm | C:\Users\Admin\Downloads\winrar-x64-611.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\AppCompat\Programs\Amcache.hve.tmp | C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\Taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\Taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\Taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" | C:\Program Files\WinRAR\WinRAR.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\WinRAR\WinRAR.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\WinRAR\WinRAR.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\IESettingSync | C:\Program Files\WinRAR\WinRAR.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Users\Admin\Desktop\Shia Hacker School -Rat v1.0\shia hacker -rat.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Users\Admin\AppData\Local\Temp\Blueeagle_Splitter.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}\ = "WinRAR" | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.r02\ = "WinRAR" | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shell\open\command | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Users\Admin\Desktop\Quasar 1.3 modified by Deos\Quasar.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 | C:\Windows\system32\Taskmgr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA} | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.r27\ = "WinRAR" | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.bz\ = "WinRAR" | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Users\Admin\Desktop\Quasar 1.3 modified by Deos\Quasar.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257" | C:\Users\Admin\AppData\Local\Temp\Blueeagle_Splitter.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}\InProcServer32\ = "C:\\Program Files\\WinRAR\\rarext.dll" | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.bz | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\ = "WinRAR archive" | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000004000000030000000200000001000000ffffffff | C:\Users\Admin\Desktop\Shia Hacker School -Rat v1.0\shia hacker -rat.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0" | C:\Users\Admin\Desktop\Shia Hacker School -Rat v1.0\shia hacker -rat.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Windows\system32\Taskmgr.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\1\NodeSlot = "12" | C:\Users\Admin\Desktop\WARZONE 1.2 Cracked\WARZONE RAT 1.2.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" | C:\Users\Admin\Desktop\Quasar 1.3 modified by Deos\Quasar.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Users\Admin\Desktop\WARZONE 1.2 Cracked\WARZONE RAT 1.2.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff | C:\Users\Admin\Desktop\WARZONE 1.2 Cracked\WARZONE RAT 1.2.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" | C:\Users\Admin\Desktop\WARZONE 1.2 Cracked\WARZONE RAT 1.2.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.rar | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shell\open\command | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Users\Admin\Desktop\Shia Hacker School -Rat v1.0\shia hacker -rat.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 000000000500000004000000030000000200000001000000ffffffff | C:\Users\Admin\AppData\Local\Temp\Blueeagle_Splitter.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.r28 | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.001 | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Users\Admin\Desktop\Quasar 1.3 modified by Deos\Quasar.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3 | C:\Users\Admin\Desktop\Quasar 1.3 modified by Deos\Quasar.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" | C:\Users\Admin\Desktop\Quasar 1.3 modified by Deos\Quasar.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\3 = 14002e80922b16d365937a46956b92703aca08af0000 | C:\Users\Admin\Desktop\Shia Hacker School -Rat v1.0\shia hacker -rat.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1" | C:\Users\Admin\Desktop\Shia Hacker School -Rat v1.0\shia hacker -rat.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.r04 | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.r14\ = "WinRAR" | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" | C:\Users\Admin\Desktop\Quasar 1.3 modified by Deos\Quasar.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\3 | C:\Users\Admin\Desktop\Shia Hacker School -Rat v1.0\shia hacker -rat.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\ContextMenuHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA} | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinRAR\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}" | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.r15\ = "WinRAR" | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" | C:\Users\Admin\Desktop\Shia Hacker School -Rat v1.0\shia hacker -rat.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" | C:\Users\Admin\Desktop\Shia Hacker School -Rat v1.0\shia hacker -rat.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0" | C:\Users\Admin\AppData\Local\Temp\Blueeagle_Splitter.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Users\Admin\AppData\Local\Temp\Blueeagle_Splitter.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 000000000500000004000000030000000200000001000000ffffffff | C:\Windows\system32\Taskmgr.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Downloads" | C:\Users\Admin\Desktop\WARZONE 1.2 Cracked\WARZONE RAT 1.2.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.r25\ = "WinRAR" | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings | C:\Users\Admin\Desktop\Quasar 1.3 modified by Deos\Quasar.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Program Files\WinRAR\WinRAR.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Users\Admin\AppData\Local\Temp\Blueeagle_Splitter.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\ | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.r21 | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\DefaultIcon | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Program Files\WinRAR\WinRAR.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Program Files\WinRAR\WinRAR.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" | C:\Users\Admin\AppData\Local\Temp\Blueeagle_Splitter.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings | C:\Windows\system32\Taskmgr.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202020202 | C:\Users\Admin\Desktop\WARZONE 1.2 Cracked\WARZONE RAT 1.2.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" | C:\Users\Admin\Desktop\WARZONE 1.2 Cracked\WARZONE RAT 1.2.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.7z\ = "WinRAR" | C:\Program Files\WinRAR\uninstall.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\WinRAR\WinRAR.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Quasar 1.3 modified by Deos\Quasar.exe | N/A |
| N/A | N/A | C:\Program Files\WinRAR\WinRAR.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\VayneRat\Vayne Rat.exe | N/A |
| N/A | N/A | C:\Program Files\WinRAR\WinRAR.exe | N/A |
| N/A | N/A | C:\Program Files\WinRAR\WinRAR.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Shia Hacker School -Rat v1.0\shia hacker -rat.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Shia Hacker School -Rat v1.0\shia hacker -rat.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Blueeagle_Splitter.exe | N/A |
| N/A | N/A | C:\Windows\system32\Taskmgr.exe | N/A |
| N/A | N/A | C:\Program Files\WinRAR\WinRAR.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\WARZONE 1.2 Cracked\WARZONE RAT 1.2.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\hitho.lua
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbaa074f50,0x7ffbaa074f60,0x7ffbaa074f70
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1604 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1980 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2260 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2932 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3136 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3756 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4436 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4616 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4592 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4904 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5168 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5244 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4516 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4580 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4920 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4944 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3256 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4432 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5484 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3680 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2104 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5296 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5196 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x324 0x4c8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3028 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4624 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5756 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2380 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4604 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5492 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4448 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5696 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5860 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3756 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5552 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6184 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4792 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6952 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6328 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6908 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6444 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6964 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6632 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2628 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6608 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6480 /prefetch:8
C:\Users\Admin\Downloads\winrar-x64-611.exe
"C:\Users\Admin\Downloads\winrar-x64-611.exe"
C:\Program Files\WinRAR\uninstall.exe
"C:\Program Files\WinRAR\uninstall.exe" /setup
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5952 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 /prefetch:8
C:\Program Files\WinRAR\WinRAR.exe
"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\Admin\Downloads\Quasar 1.3 modified by Deos.zip"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6808 /prefetch:8
C:\Users\Admin\Desktop\Quasar 1.3 modified by Deos\Quasarx.exe
"C:\Users\Admin\Desktop\Quasar 1.3 modified by Deos\Quasarx.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c schtasks /End /TN "Microsoft\Windows\MUI\WindowsUpdate" & schtasks /End /TN "WindowsUpdate" & exit
C:\Windows\system32\schtasks.exe
schtasks /End /TN "Microsoft\Windows\MUI\WindowsUpdate"
C:\Windows\system32\schtasks.exe
schtasks /End /TN "WindowsUpdate"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c schtasks /Delete /TN "WindowsUpdate" /F & exit
C:\Windows\system32\schtasks.exe
schtasks /Delete /TN "WindowsUpdate" /F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c netsh advfirewall firewall add rule name="System" dir=out action=allow program="%windir%\SysWOW64\TiWorker.exe" enable=yes & exit
C:\Windows\system32\netsh.exe
netsh advfirewall firewall add rule name="System" dir=out action=allow program="C:\Windows\SysWOW64\TiWorker.exe" enable=yes
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c netsh advfirewall firewall add rule name="System" dir=in action=allow program="%windir%\SysWOW64\TiWorker.exe" enable=yes & exit
C:\Windows\system32\netsh.exe
netsh advfirewall firewall add rule name="System" dir=in action=allow program="C:\Windows\SysWOW64\TiWorker.exe" enable=yes
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c schtasks /Create /XML "%windir%\SysWOW64\MicrosoftWindows.xml" /TN "Microsoft\Windows\MUI\WindowsUpdate" /F & exit
C:\Windows\system32\schtasks.exe
schtasks /Create /XML "C:\Windows\SysWOW64\MicrosoftWindows.xml" /TN "Microsoft\Windows\MUI\WindowsUpdate" /F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c schtasks /Change /TN "Microsoft\Windows\MUI\WindowsUpdate" /TR "%windir%\SysWOW64\TiWorker.exe" & schtasks /Run /TN "Microsoft\Windows\MUI\WindowsUpdate" & exit
C:\Windows\system32\schtasks.exe
schtasks /Change /TN "Microsoft\Windows\MUI\WindowsUpdate" /TR "C:\Windows\SysWOW64\TiWorker.exe"
C:\Windows\system32\schtasks.exe
schtasks /Run /TN "Microsoft\Windows\MUI\WindowsUpdate"
C:\Windows\SysWOW64\TiWorker.exe
C:\Windows\SysWOW64\TiWorker.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c certutil –addstore –f root MicrosoftWindows.crt & exit
C:\Windows\system32\certutil.exe
certutil –addstore –f root MicrosoftWindows.crt
C:\Users\Admin\Desktop\Quasar 1.3 modified by Deos\Quasar.exe
"C:\Users\Admin\Desktop\Quasar 1.3 modified by Deos\Quasar.exe"
C:\Users\Admin\Desktop\Quasar 1.3 modified by Deos\Quasarx.exe
"C:\Users\Admin\Desktop\Quasar 1.3 modified by Deos\Quasarx.exe"
C:\Users\Admin\Desktop\Quasar 1.3 modified by Deos\Quasar.exe
"C:\Users\Admin\Desktop\Quasar 1.3 modified by Deos\Quasar.exe"
C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\Quasar 1.3 modified by Deos\Screenshot.png" /ForceBootstrapPaint3D
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5160 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5056 /prefetch:8
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5472 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2980 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6912 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6204 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4600 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7140 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7132 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6036 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6592 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4744 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5284 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7160 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5860 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5464 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5984 /prefetch:8
C:\Users\Admin\Downloads\Client-built.exe
"C:\Users\Admin\Downloads\Client-built.exe"
C:\Windows\SysWOW64\schtasks.exe
"schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\Downloads\Client-built.exe" /rl HIGHEST /f
C:\Users\Admin\AppData\Roaming\SubDir\Client.exe
"C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"
C:\Windows\SysWOW64\schtasks.exe
"schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6812 /prefetch:8
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3004 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5912 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6092 /prefetch:8
C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7016 /prefetch:8
C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir1360_128786915\ChromeRecovery.exe
"C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir1360_128786915\ChromeRecovery.exe" --appguid={8A69D345-D564-463c-AFF1-A69D9E530F96} --browser-version=89.0.4389.114 --sessionid={d05485f9-0ca8-4147-b0df-34c3d819f7df} --system
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6276 /prefetch:8
C:\Program Files\WinRAR\WinRAR.exe
"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\Admin\Downloads\MeGa-RAT-Pack-master.zip"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6240 /prefetch:8
C:\Program Files\WinRAR\WinRAR.exe
"C:\Program Files\WinRAR\WinRAR.exe" C:\Users\Admin\AppData\Local\Temp\Rar$DIa4940.44300\VayneRat.zip
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6376 /prefetch:8
C:\Users\Admin\Desktop\VayneRat\Vayne Ratx.exe
"C:\Users\Admin\Desktop\VayneRat\Vayne Ratx.exe"
C:\Users\Admin\Desktop\VayneRat\Vayne Rat.exe
"C:\Users\Admin\Desktop\VayneRat\Vayne Rat.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1572,4316888642968382152,9698418959292873117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5452 /prefetch:8
C:\Users\Admin\Desktop\VayneRat\Vayne Ratx.exe
"C:\Users\Admin\Desktop\VayneRat\Vayne Ratx.exe"
C:\Users\Admin\Desktop\VayneRat\Vayne Rat.exe
"C:\Users\Admin\Desktop\VayneRat\Vayne Rat.exe"
C:\Users\Admin\Desktop\VayneRat\Vayne Rat.exe
"C:\Users\Admin\Desktop\VayneRat\Vayne Rat.exe"
C:\Users\Admin\Desktop\VayneRat\armsvc.exe
"C:\Users\Admin\Desktop\VayneRat\armsvc.exe"
C:\Users\Admin\Desktop\VayneRat\Vayne Ratx.exe
"C:\Users\Admin\Desktop\VayneRat\Vayne Ratx.exe"
C:\Users\Admin\Desktop\VayneRat\Vayne Rat.exe
"C:\Users\Admin\Desktop\VayneRat\Vayne Rat.exe"
C:\Program Files\WinRAR\WinRAR.exe
"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\Admin\AppData\Local\Temp\Rar$DIa4940.20707\Shia Hacker School -Rat v1.0.zip"
C:\Program Files\WinRAR\WinRAR.exe
"C:\Program Files\WinRAR\WinRAR.exe" C:\Users\Admin\AppData\Local\Temp\Rar$DIa4940.21868\SaherBlueEagle_Splitter[RAT].zip
C:\Users\Admin\Desktop\Shia Hacker School -Rat v1.0\shia hacker -ratx.exe
"C:\Users\Admin\Desktop\Shia Hacker School -Rat v1.0\shia hacker -ratx.exe"
C:\Users\Admin\Desktop\Shia Hacker School -Rat v1.0\shia hacker -rat.exe
"C:\Users\Admin\Desktop\Shia Hacker School -Rat v1.0\shia hacker -rat.exe"
C:\Users\Admin\Downloads\ded.exe
"C:\Users\Admin\Downloads\ded.exe"
C:\Users\Admin\AppData\Roaming\Microsoft\svchost.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\svchost.exe"
C:\Users\Admin\Desktop\Shia Hacker School -Rat v1.0\shia hacker -rat.exe
"C:\Users\Admin\Desktop\Shia Hacker School -Rat v1.0\shia hacker -rat.exe"
C:\Users\Admin\Downloads\dedd.exe
"C:\Users\Admin\Downloads\dedd.exe"
C:\Users\Admin\Desktop\SaherBlueEagle_Splitter[RAT]\BlueEagleSplitterx.exe
"C:\Users\Admin\Desktop\SaherBlueEagle_Splitter[RAT]\BlueEagleSplitterx.exe"
C:\Users\Admin\Desktop\SaherBlueEagle_Splitter[RAT]\BlueEagleSplitter.exe
C:\Users\Admin\Desktop\SaherBlueEagle_Splitter[RAT]\BlueEagleSplitter.exe
C:\Users\Admin\AppData\Local\Temp\Blueeagle_Splitter.exe
"C:\Users\Admin\AppData\Local\Temp\Blueeagle_Splitter.exe"
C:\Users\Admin\Downloads\wat.exe
"C:\Users\Admin\Downloads\wat.exe"
C:\Users\Admin\Downloads\wat.exe
"C:\Users\Admin\Downloads\wat.exe"
C:\Users\Admin\Downloads\why.exe
"C:\Users\Admin\Downloads\why.exe"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
dw20.exe -x -s 3164
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
C:\Windows\system32\Taskmgr.exe
taskmgr.exe
C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\23dd2da8fb00448b98fd6e5d3e5bfe8c /t 1936 /p 4736
C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\19c5f1e2fcb9468ca6ed09581754f3d0 /t 4500 /p 704
C:\Program Files\WinRAR\WinRAR.exe
"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\Admin\AppData\Local\Temp\Rar$DIa4940.37987\WARZONE 1.2 Cracked.zip"
C:\Users\Admin\Desktop\WARZONE 1.2 Cracked\WARZONE RAT 1.2x.exe
"C:\Users\Admin\Desktop\WARZONE 1.2 Cracked\WARZONE RAT 1.2x.exe"
C:\Users\Admin\Desktop\WARZONE 1.2 Cracked\WARZONE RAT 1.2.exe
"C:\Users\Admin\Desktop\WARZONE 1.2 Cracked\WARZONE RAT 1.2.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://xakfor.net/forum/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffba88d46f8,0x7ffba88d4708,0x7ffba88d4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,11728857712244453322,5817232458252506304,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,11728857712244453322,5817232458252506304,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,11728857712244453322,5817232458252506304,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11728857712244453322,5817232458252506304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11728857712244453322,5817232458252506304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2128,11728857712244453322,5817232458252506304,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4904 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11728857712244453322,5817232458252506304,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://xakfor.net/forum/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffba88d46f8,0x7ffba88d4708,0x7ffba88d4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2272,8365253307317037100,3192445141293994984,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2280 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2272,8365253307317037100,3192445141293994984,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2272,8365253307317037100,3192445141293994984,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,8365253307317037100,3192445141293994984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,8365253307317037100,3192445141293994984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2272,8365253307317037100,3192445141293994984,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4340 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,8365253307317037100,3192445141293994984,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,8365253307317037100,3192445141293994984,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4568 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,8365253307317037100,3192445141293994984,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4292 /prefetch:1
C:\Users\Admin\Downloads\Notable.exe
"C:\Users\Admin\Downloads\Notable.exe"
C:\ProgramData\services.exe
"C:\ProgramData\services.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| N/A | 8.8.8.8:53 | accounts.google.com | udp |
| N/A | 8.8.8.8:53 | clients2.google.com | udp |
| N/A | 142.251.36.45:443 | accounts.google.com | tcp |
| N/A | 142.250.179.174:443 | clients2.google.com | tcp |
| N/A | 8.8.8.8:53 | edgedl.me.gvt1.com | udp |
| N/A | 34.104.35.123:80 | edgedl.me.gvt1.com | tcp |
| N/A | 8.8.8.8:53 | apis.google.com | udp |
| N/A | 216.58.208.110:443 | apis.google.com | tcp |
| N/A | 8.8.8.8:53 | dns.google | udp |
| N/A | 8.8.8.8:443 | dns.google | tcp |
| N/A | 8.8.8.8:443 | dns.google | tcp |
| N/A | 20.189.173.1:443 | tcp | |
| N/A | 8.8.8.8:443 | dns.google | udp |
| N/A | 216.58.208.110:443 | apis.google.com | udp |
| N/A | 142.251.36.14:443 | play.google.com | tcp |
| N/A | 142.251.36.14:443 | udp | |
| N/A | 216.58.208.99:443 | ssl.gstatic.com | tcp |
| N/A | 140.82.114.4:443 | tcp | |
| N/A | 140.82.114.4:443 | github.com | tcp |
| N/A | 8.8.8.8:443 | dns.google | tcp |
| N/A | 185.199.108.154:443 | github.githubassets.com | tcp |
| N/A | 185.199.108.154:443 | tcp | |
| N/A | 185.199.108.154:443 | tcp | |
| N/A | 185.199.110.133:443 | avatars.githubusercontent.com | tcp |
| N/A | 142.250.179.202:443 | content-autofill.googleapis.com | tcp |
| N/A | 140.82.114.22:443 | collector.github.com | tcp |
| N/A | 185.199.108.154:443 | github.githubassets.com | tcp |
| N/A | 140.82.114.5:443 | api.github.com | tcp |
| N/A | 142.250.179.202:443 | udp | |
| N/A | 209.197.3.8:80 | tcp | |
| N/A | 209.197.3.8:80 | tcp | |
| N/A | 209.197.3.8:80 | tcp | |
| N/A | 104.80.225.205:443 | tcp | |
| N/A | 142.251.36.14:443 | encrypted-tbn0.gstatic.com | tcp |
| N/A | 142.251.36.14:443 | tcp | |
| N/A | 142.251.36.14:443 | udp | |
| N/A | 142.251.36.54:443 | tcp | |
| N/A | 142.251.36.45:443 | accounts.google.com | udp |
| N/A | 142.250.179.162:443 | googleads.g.doubleclick.net | tcp |
| N/A | 142.250.179.162:443 | udp | |
| N/A | 142.250.179.202:443 | udp | |
| N/A | 209.197.3.8:80 | tcp | |
| N/A | 142.251.36.54:443 | udp | |
| N/A | 142.251.36.1:443 | tcp | |
| N/A | 142.251.36.1:443 | tcp | |
| N/A | 142.251.36.1:443 | tcp | |
| N/A | 142.251.36.1:443 | tcp | |
| N/A | 142.251.39.110:443 | suggestqueries-clients6.youtube.com | tcp |
| N/A | 142.251.39.110:443 | udp | |
| N/A | 142.251.36.1:443 | udp | |
| N/A | 142.251.39.110:443 | udp | |
| N/A | 142.251.36.6:443 | static.doubleclick.net | tcp |
| N/A | 8.8.8.8:443 | dns.google | udp |
| N/A | 142.250.179.163:443 | update.googleapis.com | tcp |
| N/A | 8.8.8.8:53 | edgedl.me.gvt1.com | udp |
| N/A | 34.104.35.123:80 | edgedl.me.gvt1.com | tcp |
| N/A | 142.250.179.142:443 | youtube.com | tcp |
| N/A | 142.250.187.227:443 | beacons.gcp.gvt2.com | tcp |
| N/A | 172.217.132.102:443 | rr1---sn-5hne6nsy.googlevideo.com | tcp |
| N/A | 172.217.132.102:443 | udp | |
| N/A | 142.250.179.163:443 | udp | |
| N/A | 8.8.8.8:443 | dns.google | tcp |
| N/A | 8.8.8.8:443 | dns.google | udp |
| N/A | 142.250.179.170:443 | safebrowsing.googleapis.com | tcp |
| N/A | 142.251.36.14:443 | udp | |
| N/A | 142.251.36.14:443 | udp | |
| N/A | 142.250.179.170:443 | udp | |
| N/A | 142.251.36.45:443 | accounts.google.com | udp |
| N/A | 8.8.8.8:443 | dns.google | udp |
| N/A | 142.250.187.227:443 | udp | |
| N/A | 142.250.179.202:443 | udp | |
| N/A | 140.82.113.9:443 | codeload.github.com | tcp |
| N/A | 216.58.208.99:443 | beacons3.gvt2.com | tcp |
| N/A | 216.58.208.99:443 | udp | |
| N/A | 142.251.36.1:443 | udp | |
| N/A | 51.195.68.163:443 | www.win-rar.com | tcp |
| N/A | 8.8.8.8:53 | apps.identrust.com | udp |
| N/A | 2.19.126.218:80 | apps.identrust.com | tcp |
| N/A | 142.250.179.202:443 | udp | |
| N/A | 51.195.68.163:443 | www.win-rar.com | tcp |
| N/A | 142.251.36.14:443 | udp | |
| N/A | 8.8.8.8:443 | dns.google | udp |
| N/A | 142.250.179.163:443 | udp | |
| N/A | 8.8.8.8:443 | dns.google | udp |
| N/A | 142.250.179.206:443 | sb-ssl.google.com | tcp |
| N/A | 13.107.21.200:443 | tcp | |
| N/A | 142.251.36.45:443 | accounts.google.com | udp |
| N/A | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| N/A | 142.250.179.206:443 | udp | |
| N/A | 8.8.8.8:443 | dns.google | udp |
| N/A | 142.250.179.142:443 | tcp | |
| N/A | 8.8.8.8:53 | notifier.win-rar.com | udp |
| N/A | 51.195.68.173:443 | notifier.win-rar.com | tcp |
| N/A | 51.195.68.173:443 | notifier.win-rar.com | tcp |
| N/A | 216.58.208.99:443 | udp | |
| N/A | 172.217.25.3:443 | beacons2.gvt2.com | tcp |
| N/A | 172.217.25.3:443 | tcp | |
| N/A | 172.217.25.3:443 | udp | |
| N/A | 142.250.179.163:443 | udp | |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 10.127.0.1:5351 | udp | |
| N/A | 10.127.0.1:5351 | udp | |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 142.250.179.206:443 | udp | |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:443 | dns.google | udp |
| N/A | 142.250.200.3:443 | beacons.gvt2.com | tcp |
| N/A | 142.250.200.3:443 | udp | |
| N/A | 142.250.187.227:443 | udp | |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 142.250.179.163:443 | udp | |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 34.104.35.123:80 | edgedl.me.gvt1.com | tcp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 142.250.179.163:443 | udp | |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:443 | dns.google | udp |
| N/A | 142.251.36.14:443 | udp | |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 216.58.208.99:443 | udp | |
| N/A | 142.251.36.42:443 | udp | |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 142.250.179.194:443 | udp | |
| N/A | 142.251.36.14:443 | udp | |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 34.104.35.123:80 | edgedl.me.gvt1.com | tcp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 142.250.179.163:443 | udp | |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | ip-api.com | udp |
| N/A | 208.95.112.1:80 | ip-api.com | tcp |
| N/A | 208.95.112.1:80 | ip-api.com | tcp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 127.0.0.1:9018 | tcp | |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 34.104.35.123:80 | edgedl.me.gvt1.com | tcp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | dns.google | udp |
| N/A | 8.8.4.4:443 | dns.google | udp |
| N/A | 142.250.179.163:443 | udp | |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 127.0.0.1:9018 | tcp | |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 34.104.35.123:80 | edgedl.me.gvt1.com | tcp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 142.250.179.163:443 | udp | |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.4.4:443 | dns.google | udp |
| N/A | 216.58.208.99:443 | udp | |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 142.250.179.163:443 | udp | |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 192.168.1.1:99 | tcp | |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.4.4:443 | dns.google | tcp |
| N/A | 8.8.4.4:443 | dns.google | udp |
| N/A | 216.58.208.99:443 | tcp | |
| N/A | 216.58.208.99:443 | udp | |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 127.0.0.1:6881 | tcp | |
| N/A | 127.0.0.1:6881 | tcp | |
| N/A | 127.0.0.1:6881 | tcp | |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 127.0.0.1:6881 | tcp | |
| N/A | 127.0.0.1:6881 | tcp | |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 127.0.0.1:6881 | tcp | |
| N/A | 127.0.0.1:6881 | tcp | |
| N/A | 127.0.0.1:6881 | tcp | |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 127.0.0.1:6881 | tcp | |
| N/A | 127.0.0.1:6881 | tcp | |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 127.0.0.1:6881 | tcp | |
| N/A | 127.0.0.1:6881 | tcp | |
| N/A | 127.0.0.1:6881 | tcp | |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 127.0.0.1:6881 | tcp | |
| N/A | 127.0.0.1:6881 | tcp | |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 127.0.0.1:6881 | tcp | |
| N/A | 127.0.0.1:6881 | tcp | |
| N/A | 127.0.0.1:6881 | tcp | |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 127.0.0.1:6881 | tcp | |
| N/A | 127.0.0.1:6881 | tcp | |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 127.0.0.1:6881 | tcp | |
| N/A | 127.0.0.1:6881 | tcp | |
| N/A | 127.0.0.1:6881 | tcp | |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 127.0.0.1:6881 | tcp | |
| N/A | 127.0.0.1:6881 | tcp | |
| N/A | 127.0.0.1:6881 | tcp | |
| N/A | 127.0.0.1:6881 | tcp | |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 127.0.0.1:6881 | tcp | |
| N/A | 127.0.0.1:6881 | tcp | |
| N/A | 127.0.0.1:6881 | tcp | |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 127.0.0.1:6881 | tcp | |
| N/A | 127.0.0.1:6881 | tcp | |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 127.0.0.1:6881 | tcp | |
| N/A | 127.0.0.1:6881 | tcp | |
| N/A | 127.0.0.1:6881 | tcp | |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 127.0.0.1:6881 | tcp | |
| N/A | 127.0.0.1:6881 | tcp | |
| N/A | 127.0.0.1:6881 | tcp | |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 127.0.0.1:6881 | tcp | |
| N/A | 127.0.0.1:6881 | tcp | |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 127.0.0.1:6881 | tcp | |
| N/A | 127.0.0.1:6881 | tcp | |
| N/A | 127.0.0.1:6881 | tcp | |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 127.0.0.1:6881 | tcp | |
| N/A | 127.0.0.1:6881 | tcp | |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 127.0.0.1:6881 | tcp | |
| N/A | 127.0.0.1:6881 | tcp | |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 127.0.0.1:6881 | tcp | |
| N/A | 127.0.0.1:6881 | tcp | |
| N/A | 127.0.0.1:6881 | tcp | |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 127.0.0.1:6881 | tcp | |
| N/A | 127.0.0.1:6881 | tcp | |
| N/A | 127.0.0.1:6881 | tcp | |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 127.0.0.1:6881 | tcp | |
| N/A | 127.0.0.1:6881 | tcp | |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 127.0.0.1:49957 | tcp | |
| N/A | 127.0.0.1:6881 | tcp | |
| N/A | 127.0.0.1:6881 | tcp | |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 127.0.0.1:6881 | tcp | |
| N/A | 127.0.0.1:6881 | tcp | |
| N/A | 127.0.0.1:6881 | tcp | |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 127.0.0.1:6881 | tcp | |
| N/A | 127.0.0.1:6881 | tcp | |
| N/A | 127.0.0.1:6881 | tcp | |
| N/A | 127.0.0.1:6881 | tcp | |
| N/A | 127.0.0.1:6881 | tcp | |
| N/A | 127.0.0.1:6881 | tcp | |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 127.0.0.1:6881 | tcp | |
| N/A | 127.0.0.1:6881 | tcp | |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 127.0.0.1:6881 | tcp | |
| N/A | 127.0.0.1:6881 | tcp | |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 127.0.0.1:6881 | tcp | |
| N/A | 127.0.0.1:6881 | tcp | |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 127.0.0.1:6881 | tcp | |
| N/A | 127.0.0.1:6881 | tcp | |
| N/A | 127.0.0.1:6881 | tcp | |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 127.0.0.1:6881 | tcp | |
| N/A | 127.0.0.1:6881 | tcp | |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 127.0.0.1:6881 | tcp | |
| N/A | 127.0.0.1:6881 | tcp | |
| N/A | 127.0.0.1:6881 | tcp | |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | sparehost.hopto.org | udp |
| N/A | 8.8.8.8:53 | cybersaher.ddns.net | udp |
| N/A | 8.8.8.8:53 | cybersaher.ddns.net | udp |
| N/A | 8.8.8.8:53 | sparehost.hopto.org | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | sparehost.hopto.org | udp |
| N/A | 8.8.8.8:53 | cybersaher.ddns.net | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | sparehost.hopto.org | udp |
| N/A | 8.8.8.8:53 | cybersaher.ddns.net | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | sparehost.hopto.org | udp |
| N/A | 8.8.8.8:53 | cybersaher.ddns.net | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | cybersaher.ddns.net | udp |
| N/A | 8.8.8.8:53 | sparehost.hopto.org | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | cybersaher.ddns.net | udp |
| N/A | 8.8.8.8:53 | sparehost.hopto.org | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | sparehost.hopto.org | udp |
| N/A | 8.8.8.8:53 | cybersaher.ddns.net | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | sparehost.hopto.org | udp |
| N/A | 8.8.8.8:53 | cybersaher.ddns.net | udp |
| N/A | 8.8.8.8:53 | cybersaher.ddns.net | udp |
| N/A | 8.8.8.8:53 | sparehost.hopto.org | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | cybersaher.ddns.net | udp |
| N/A | 8.8.8.8:53 | sparehost.hopto.org | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | cybersaher.ddns.net | udp |
| N/A | 8.8.8.8:53 | sparehost.hopto.org | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | sparehost.hopto.org | udp |
| N/A | 8.8.8.8:53 | cybersaher.ddns.net | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | sparehost.hopto.org | udp |
| N/A | 8.8.8.8:53 | cybersaher.ddns.net | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | sparehost.hopto.org | udp |
| N/A | 8.8.8.8:53 | cybersaher.ddns.net | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | cybersaher.ddns.net | udp |
| N/A | 8.8.8.8:53 | sparehost.hopto.org | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | cybersaher.ddns.net | udp |
| N/A | 8.8.8.8:53 | sparehost.hopto.org | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | cybersaher.ddns.net | udp |
| N/A | 8.8.8.8:53 | sparehost.hopto.org | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | cybersaher.ddns.net | udp |
| N/A | 8.8.8.8:53 | sparehost.hopto.org | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | cybersaher.ddns.net | udp |
| N/A | 8.8.8.8:53 | sparehost.hopto.org | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | cybersaher.ddns.net | udp |
| N/A | 8.8.8.8:53 | sparehost.hopto.org | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | sparehost.hopto.org | udp |
| N/A | 8.8.8.8:53 | cybersaher.ddns.net | udp |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 8.8.8.8:53 | sparehost.hopto.org | udp |
| N/A | 8.8.8.8:53 | cybersaher.ddns.net | udp |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 8.8.8.8:53 | cybersaher.ddns.net | udp |
| N/A | 8.8.8.8:53 | sparehost.hopto.org | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 8.8.8.8:53 | cybersaher.ddns.net | udp |
| N/A | 8.8.8.8:53 | sparehost.hopto.org | udp |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | cybersaher.ddns.net | udp |
| N/A | 8.8.8.8:53 | sparehost.hopto.org | udp |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 8.8.8.8:53 | cybersaher.ddns.net | udp |
| N/A | 8.8.8.8:53 | sparehost.hopto.org | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | cybersaher.ddns.net | udp |
| N/A | 8.8.8.8:53 | sparehost.hopto.org | udp |
| N/A | 8.8.8.8:53 | sparehost.hopto.org | udp |
| N/A | 8.8.8.8:53 | cybersaher.ddns.net | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | cybersaher.ddns.net | udp |
| N/A | 8.8.8.8:53 | sparehost.hopto.org | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | sparehost.hopto.org | udp |
| N/A | 8.8.8.8:53 | cybersaher.ddns.net | udp |
| N/A | 8.8.8.8:53 | sparehost.hopto.org | udp |
| N/A | 8.8.8.8:53 | cybersaher.ddns.net | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 8.8.8.8:53 | cybersaher.ddns.net | udp |
| N/A | 8.8.8.8:53 | sparehost.hopto.org | udp |
| N/A | 8.8.8.8:53 | cybersaher.ddns.net | udp |
| N/A | 8.8.8.8:53 | sparehost.hopto.org | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | sparehost.hopto.org | udp |
| N/A | 8.8.8.8:53 | cybersaher.ddns.net | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | cybersaher.ddns.net | udp |
| N/A | 8.8.8.8:53 | sparehost.hopto.org | udp |
| N/A | 8.8.8.8:53 | sparehost.hopto.org | udp |
| N/A | 8.8.8.8:53 | cybersaher.ddns.net | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | sparehost.hopto.org | udp |
| N/A | 8.8.8.8:53 | cybersaher.ddns.net | udp |
| N/A | 8.8.8.8:53 | sparehost.hopto.org | udp |
| N/A | 8.8.8.8:53 | cybersaher.ddns.net | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | cybersaher.ddns.net | udp |
| N/A | 8.8.8.8:53 | sparehost.hopto.org | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | sparehost.hopto.org | udp |
| N/A | 8.8.8.8:53 | cybersaher.ddns.net | udp |
| N/A | 8.8.8.8:53 | sparehost.hopto.org | udp |
| N/A | 8.8.8.8:53 | cybersaher.ddns.net | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | cybersaher.ddns.net | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | cybersaher.ddns.net | udp |
| N/A | 8.8.8.8:53 | sparehost.hopto.org | udp |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 8.8.8.8:53 | sparehost.hopto.org | udp |
| N/A | 8.8.8.8:53 | cybersaher.ddns.net | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | sparehost.hopto.org | udp |
| N/A | 8.8.8.8:53 | cybersaher.ddns.net | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 13.107.21.200:443 | www.bing.com | tcp |
| N/A | 8.8.8.8:53 | r.bing.com | udp |
| N/A | 204.79.197.200:443 | r.bing.com | tcp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | teams-ring.msedge.net | udp |
| N/A | 52.113.196.254:443 | teams-ring.msedge.net | tcp |
| N/A | 8.8.8.8:53 | dual-s-ring.msedge.net | udp |
| N/A | 52.123.128.254:443 | dual-s-ring.msedge.net | tcp |
| N/A | 8.8.8.8:53 | s-ring.msedge.net | udp |
| N/A | 13.107.3.254:443 | s-ring.msedge.net | tcp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 127.0.0.1:1177 | tcp | |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | xakfor.net | udp |
| N/A | 81.171.28.44:443 | xakfor.net | tcp |
| N/A | 81.171.28.44:443 | xakfor.net | tcp |
| N/A | 204.79.197.200:443 | www.bing.com | tcp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | nav.smartscreen.microsoft.com | udp |
| N/A | 20.73.130.64:443 | nav.smartscreen.microsoft.com | tcp |
| N/A | 20.73.130.64:443 | nav.smartscreen.microsoft.com | tcp |
| N/A | 20.73.130.64:443 | nav.smartscreen.microsoft.com | tcp |
| N/A | 8.8.8.8:53 | mevarabon.com | udp |
| N/A | 52.116.53.152:443 | mevarabon.com | tcp |
| N/A | 20.73.130.64:443 | nav.smartscreen.microsoft.com | tcp |
| N/A | 8.8.8.8:53 | smartscreen-prod.microsoft.com | udp |
| N/A | 20.86.249.62:443 | smartscreen-prod.microsoft.com | tcp |
| N/A | 20.86.249.62:443 | smartscreen-prod.microsoft.com | tcp |
| N/A | 20.86.249.62:443 | smartscreen-prod.microsoft.com | tcp |
| N/A | 20.86.249.62:443 | smartscreen-prod.microsoft.com | tcp |
| N/A | 20.86.249.62:443 | smartscreen-prod.microsoft.com | tcp |
| N/A | 20.86.249.62:443 | smartscreen-prod.microsoft.com | tcp |
| N/A | 8.8.8.8:53 | get.saferurl.net | udp |
| N/A | 188.114.97.0:443 | get.saferurl.net | tcp |
| N/A | 8.8.8.8:53 | dns.google | udp |
| N/A | 8.8.4.4:443 | dns.google | tcp |
| N/A | 8.8.4.4:443 | dns.google | tcp |
| N/A | 8.8.4.4:443 | dns.google | udp |
| N/A | 188.114.96.0:443 | get.saferurl.net | udp |
| N/A | 20.73.130.64:443 | nav.smartscreen.microsoft.com | tcp |
| N/A | 157.240.247.35:443 | tcp | |
| N/A | 142.251.36.45:443 | accounts.google.com | tcp |
| N/A | 142.251.36.45:443 | accounts.google.com | udp |
| N/A | 204.79.197.200:443 | www.bing.com | tcp |
| N/A | 81.171.28.44:443 | xakfor.net | tcp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | nav.smartscreen.microsoft.com | udp |
| N/A | 20.86.249.62:443 | nav.smartscreen.microsoft.com | tcp |
| N/A | 20.86.249.62:443 | nav.smartscreen.microsoft.com | tcp |
| N/A | 20.86.249.62:443 | nav.smartscreen.microsoft.com | tcp |
| N/A | 8.8.8.8:53 | track.vcdc.com | udp |
| N/A | 167.233.8.197:443 | track.vcdc.com | tcp |
| N/A | 20.86.249.62:443 | nav.smartscreen.microsoft.com | tcp |
| N/A | 20.86.249.62:443 | nav.smartscreen.microsoft.com | tcp |
| N/A | 8.8.8.8:53 | xml-v4.gipostart-1.co | udp |
| N/A | 173.239.53.32:80 | xml-v4.gipostart-1.co | tcp |
| N/A | 173.239.53.32:80 | xml-v4.gipostart-1.co | tcp |
| N/A | 20.86.249.62:443 | nav.smartscreen.microsoft.com | tcp |
| N/A | 8.8.8.8:53 | norts.org | udp |
| N/A | 162.55.244.120:443 | norts.org | tcp |
| N/A | 20.86.249.62:443 | nav.smartscreen.microsoft.com | tcp |
| N/A | 8.8.8.8:53 | coldact.click | udp |
| N/A | 188.114.96.0:443 | coldact.click | tcp |
| N/A | 20.86.249.62:443 | nav.smartscreen.microsoft.com | tcp |
| N/A | 188.114.96.0:443 | coldact.click | udp |
| N/A | 8.8.8.8:53 | code.jquery.com | udp |
| N/A | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| N/A | 69.16.175.42:443 | code.jquery.com | tcp |
| N/A | 104.16.85.20:443 | cdn.jsdelivr.net | tcp |
| N/A | 8.8.8.8:53 | cdn.pushflow.net | udp |
| N/A | 104.21.234.208:443 | cdn.pushflow.net | tcp |
| N/A | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| N/A | 20.86.249.62:443 | nav.smartscreen.microsoft.com | tcp |
| N/A | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| N/A | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| N/A | 8.8.4.4:443 | dns.google | tcp |
| N/A | 8.8.4.4:443 | dns.google | udp |
| N/A | 8.8.4.4:443 | dns.google | tcp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
| N/A | 8.8.8.8:53 | pool.minexmr.com | udp |
Files
C:\Users\Admin\Desktop\ConvertToWait.dotx
| MD5 | dc9af1a85a3f51d5a294a55936229cd9 |
| SHA1 | e44cfac85f6ed161e6c7f6fede27128f4f851ea8 |
| SHA256 | 9dad52c89afe5a4b188bec9ae2c53e6ed8deb628810e1cf0ef6e529de8258498 |
| SHA512 | cd199eb93482b86bd38a6e9d4216212db224fa67f34e502aa6a4733bc53a9d287ec80efec1c9798fc0f93e4401334a7b7e9d8a63efd1b33aec45e01c9c7e994e |
C:\Users\Admin\Desktop\CopyExit.vb
| MD5 | a4a49b0e9abc43e5b92713da4fe788ed |
| SHA1 | a748cb7a1f5b9a914158a0d2dab4cb63bc98032b |
| SHA256 | 12898ae9bc4db182a00c6fa488da457ea03af3f5b9bfc01a7eab2fa09c053189 |
| SHA512 | d6423fde06151f798c3293832a82ae3d86cde7fa3d9cc9ec5afb5c847bca0e783f39abbe86fefb0f3eef308cbc5938d83171da5ff9081ac32860886dd9aaeae9 |
C:\Users\Admin\Desktop\DismountGrant.dll
| MD5 | c1e08bbefb136c347079e36b4afdac88 |
| SHA1 | 17d922c887d1e3a350f56657c55d229bcafb3238 |
| SHA256 | 499a4925d80e0fbb008f4b7ad92226352b6b0faa1fa8988976b9c51df0b3875a |
| SHA512 | 5dafaead13365d2d520e878d0ce7f235c45bc11914cafcc783c1c45513b8bb000a354826a5e7aeef54820b24a84d8014b161b266527249117336d49e34a25845 |
C:\Users\Admin\Desktop\DenyUpdate.mpeg
| MD5 | 0997bef510a35e9a3d1c89c508f3a98b |
| SHA1 | b1dfba42e10c63682eb208cde413003e6072abbf |
| SHA256 | a31bdb13f44bd6e365c6b575de93fa0b88e2df662e1c4bcfeff27adc9835fa0a |
| SHA512 | 92271983fbea3482e088621f95ab73ad819bc4f592c5b082b6466ffe06c9f35b4fdd86543be18524491c9216eda2673afd86c8598721e825b9f39e8ece675cd1 |
C:\Users\Admin\Desktop\MoveGroup.xhtml
| MD5 | 6a6c66f6059a37be386206df81303a63 |
| SHA1 | f5f17a59a49a167ad4aa7498a96529e5c21db3da |
| SHA256 | eff34fd34e4c54692aadf8f3e7b931f697fd9ad1d4494944329391449cf30272 |
| SHA512 | d0af526381e55b1cf82cbf66902310825adf067f164f86627a4388e40aa75cf31629a8ea98c67aa1cae047e5533984eef53b685932b243ed9bffd5542ea2c0fc |
C:\Users\Admin\Desktop\ResetJoin.xhtml
| MD5 | bbbbae6860f0475c9ad659acad9d569e |
| SHA1 | 9de8bd7f37d01192133864f5225a2239ee1aa19e |
| SHA256 | cee4cdeac7ef85e2f5124efaeb4cd8a43deaf54014ed8b490d3210e06344427c |
| SHA512 | d709dc6a41e0058f318fcd65c9803200dd833a6dff620f38cd0ea8e5d4f238897fde1c1ec10c0a8bc0850e300ae06ee6d1ec9c286ff216ff019c2db83ae92e2c |
C:\Users\Admin\Desktop\ResumeExpand.docm
| MD5 | 2c535d4d964758483c5b37c2ebf7b93b |
| SHA1 | 559c5b5a95f960afc4817114c11df2e86ac717f9 |
| SHA256 | 0f4332fe0eeb0bf11f88409e866139fe4e4cf0d00b1f264c59230399eafbda13 |
| SHA512 | 5b872ec908228f80075d1b5670598731b2868241499f42df04d2d5cbf0a4f3ad7ea1f31a71a499fb540f09d8a522d233f8777abd41ee608dc2672fdf5ec4a99d |
C:\Users\Admin\Desktop\StartOptimize.jtx
| MD5 | 3a14f4f7a8f8640d4b106fd0acd991bd |
| SHA1 | 3fdb65d3c5647d2a957de6d7770a0af818df2171 |
| SHA256 | c62eb6638b6fa2fc773ed62d90b5de4c94bedebd7f9b13262a859f69b5537b2d |
| SHA512 | 5307284b8e3d1c4357d73c9cdf37b04f5c59795e1d69bd34b72c52c46fc9384cca293919e1d283a12997bee9fa86d12a9ed8d794111411861e8dd85dc7f9370c |
C:\Users\Admin\Desktop\SplitSubmit.odp
| MD5 | 558d8e32685dcf92110154f78e773b37 |
| SHA1 | 71b23f41356ed5adf09094bd9f187e4b0ce432bd |
| SHA256 | 92644fb72426e94f88887d9eba28ceaad165e938cd9f7c791e33f3e0994b68db |
| SHA512 | 74f21f562fe80777500820727c5beebb32be622bf39db41a4ec3dcc5f34d6169a71799c6e92b881ba247a6b13f86488926a142bfdf3df9c58cc8e0e9d9968bb3 |
C:\Users\Admin\Desktop\UndoWatch.crw
| MD5 | e1863fff33f4a7bcc4e2793bb041a8a8 |
| SHA1 | b033eefb1bd6d8a8f818cf7736b1129032d7a43c |
| SHA256 | cdbf7def6a71ecd7bf419df12545e1a0fb85b930febe211455014c3f211724a7 |
| SHA512 | 74d05dc9f8976f79a61488f393632bf30e9dfd0ff9aa6109f268fdbfffa10fd9bced64166cb963c41a5c282e737f26d2f90b1f0d3dc72070aa4259ac112487f6 |
C:\Users\Admin\Desktop\OpenExport.doc
| MD5 | e693a6f7a85832e5e79377404236957c |
| SHA1 | 3dc4eb8a3a1af03d82cc9b6d82ccef33b779d8e8 |
| SHA256 | 15d4a0f95e231960dba3df9da1387305dcedbf0e0d29b47df1322cc5e89b805b |
| SHA512 | fda4e755bd64352a545e83b5f19e7d8d77bbcdcc24a31b73f4dc264157283054cdb7c7e59274dd69d5576109f9811624f960e2e2d40ad3af4e32d4478e808a44 |
C:\Users\Admin\Desktop\OpenFind.vstx
| MD5 | bcde1bb25aaf69d34526693ed3cb63de |
| SHA1 | 2b8a80223184efd4edc0f2350d7d1e233220173a |
| SHA256 | 763a1c157a044d133dd7aff25bb7f40b2de3ece3da7ee8a51b61f3103767b63a |
| SHA512 | 5a942631e56fbeee8788fc3538021d6b78fbbf4469701639ac7a068b911d684f658d5e8ca877bbfa452ea12f6f9ef3a490e894b4773e6a344d02bf900738cfde |
C:\Users\Admin\Desktop\SuspendExit.m3u
| MD5 | 8d23cf6716cc8a559557fcb4150f1cfa |
| SHA1 | ebc26329c2ece06bf6963a03736534a9d67bddc0 |
| SHA256 | c380036421fcbaf91ad0eb22dc5eb5deaf215601ab0fe8b72548fa82a349ac54 |
| SHA512 | 17186d3333e741b95f68779454ae4347c35c18b62b7a7e235007e4b9570370474ed0e28447b209c8e88892f4a0fb0e307ae9c41311a4426894c3a374ea9a6bfd |
C:\Users\Admin\Desktop\UnregisterMove.tiff
| MD5 | a4ae099563e458c9c27b678780cef715 |
| SHA1 | bd2d6b9523602d241f1b977c3530edb9951b55d6 |
| SHA256 | 48dea1d6027ff14b3717bdc471c317cdb92a9a0609fa2a9ed60dd9042243f44a |
| SHA512 | f5e49e4e8b068e2ce6720b7be28147600d4e009f1017f2ce72d80d3a3589d4f471a836610f6f6aedc5f9ae94d65f3481e12772ac7b7057f28dc43f42696fc5d2 |
C:\Users\Admin\Desktop\UnpublishMerge.cfg
| MD5 | f7e6ac77ffea61e7ec53af63f0e592d4 |
| SHA1 | 835a7f3c4b68b7509c69f8b01ad9d14ebf8672f5 |
| SHA256 | 64a9b75cdd59828919257f7922574cf529a40c9b0e33240c8162462fce3ff5d3 |
| SHA512 | f4c198a45718c3a13bf559c32ea6114ef39925400db32222a4c2f30f1e0fbb85cec7e0c120ffe2b93598123d8799b08d8f966640dd15520718d822dd93d412e8 |
C:\Users\Admin\Desktop\UnblockProtect.txt
| MD5 | 5bc7165a134f579ed2d310cec9a35c7e |
| SHA1 | ce7d7726a9a1d82929a92e70ec4b101a12c663bf |
| SHA256 | 453528615ca397c9015f6d5099802dec8d5da0adea48ca177641c77e0f8dbf0a |
| SHA512 | fcff1554956297fdbe4784eba89eaa565510c127efcf46043047dba44e5096a7ca651cb48213fa30a8ef836ca2af9e0ebfd12542a04831bdafc67cfbfb154c5c |
C:\Users\Admin\Desktop\StopSplit.dll
| MD5 | 54637253afa91d5ed5c35ce121ad0aa7 |
| SHA1 | 51d9fab15d0ba5d6775f8d0c8fade2af53311ffe |
| SHA256 | fded0a976afd0fcb9fc56c0c249f25b2a1a8f529c9a97b4b69e4b3cd710a9e0a |
| SHA512 | f6c2aaaefb65ea4d2764c09aa267ee7f0957065ed86e5426cec3f641a0a9cc1818162b855353a2720f50290792d129f45c8604444cc6abfee53f9c8e5cfde187 |
C:\Users\Admin\Desktop\ResetConvert.ogg
| MD5 | be636027f08a1eb98fd23aa342923072 |
| SHA1 | 42a2db89af936cc8de0c497a0b04c0fd35f26767 |
| SHA256 | 84ce77ae7afa8b8e971dc5d2e87a38d24966637c7aed4e54084de6518925b66f |
| SHA512 | f577e2f48f97261a27efbe30107d8406c518d043a0c5845d5e302e69ef70406ab1fa5cfb20cdaafcf709463286438a7ef59f2880c95b9c08fb7d2c20c778bd55 |
C:\Users\Admin\Desktop\RepairWait.css
| MD5 | a72608775e9b273ed20989bf825e2d82 |
| SHA1 | dbd5caa79f7b6c17f473540834bc0fbee59d4e05 |
| SHA256 | bfdb130708a386325217176ee4a1800f2f1fad461a61da732cef29225540ec96 |
| SHA512 | 1f50657c9bda934aa6388190c9bad78203b3861ba5e70445fbe8e17729e53bf47c2684b743a56011c7beb403dffa46775fdcc160eec2e104ee2c99c1df942e1f |
C:\Users\Admin\Desktop\RenameCheckpoint.txt
| MD5 | 8a9cae02a0887ac52493da61ab72355b |
| SHA1 | cfe05da54a268c53322e147201f2d7ee7f0d4536 |
| SHA256 | f0fda0d7e526ff4cc82fe8c013cc8467e2e0e917180c7623840005b1247e0922 |
| SHA512 | abe7c4b3d33bdb9ce2a096ee110a5be1d993ef709448ef51b9f97a3c95d9afc4997f2bab470088c8385ee1635620a476dccde7c877929ee41c5b2973b7f89bd0 |
C:\Users\Admin\Desktop\ReceiveUnlock.contact
| MD5 | 0a2a99eed1bb99045eb093a792b78948 |
| SHA1 | 2cce8c8522cffae99962187d70186784cac283b8 |
| SHA256 | 48a07dfb509f0b8787ac2f87eed4cd25a251e91dc20bd7c03a033ceb105955ea |
| SHA512 | a48a4ec8d0b70c34c9ffb47de7e63c224e764180125d72f24564e10c64edde7b64657c24e23ef6c412c430423eb51f8535008c9d6b2dd76d0fae8b6db9bd033e |
C:\Users\Admin\Desktop\PublishUnblock.TS
| MD5 | a1b9bec2353d4db71c438a70de19b985 |
| SHA1 | f791a4314560cad7c6cc211655f6df01ae613a30 |
| SHA256 | c420edc657a45fbd7dc0abf09e9f417d39868300bd49e3c1df381e5b0eae9cf5 |
| SHA512 | cdaf929bc3e5fbcda551b62378c7b6eecbb1ec0dfdd31ccc8855cbfca96f0c9d8964cb34f8e9a9e0b33e83313d8f1e7b9e30b6de9571210981da5fc82679fbdd |
C:\Users\Admin\Desktop\MergeAdd.3g2
| MD5 | ce90e53109f750cc2dc221e7eb864363 |
| SHA1 | c19443feff8c44db1e4a3d62e38533d2fdfdbbcf |
| SHA256 | f2e370702c05ad3e137a57b58543644c069c99f71b032004ce132f3f11966ad6 |
| SHA512 | 2455446aa24e1561a31eba73842db4214e4c2ddc694be70818876f28d83d3748410d757dbc57344a1a2378d198bc02de436c56eced4e72455dda48b8c7ecff5e |
C:\Users\Admin\Desktop\GroupDismount.jpg
| MD5 | 7392fda1b5836bf2ad76f8f826df2d41 |
| SHA1 | 820b9ff15638ef14f9552a479adb361378ec6791 |
| SHA256 | 7183e436980fadb6847f1ace46bf6eab6f2d00f5f951ed024ca3bdcf1b493759 |
| SHA512 | 4dedbc85f955db871ad399e2bdd86f378040ac8b55eb8dd8b774ea8894c7901dd158b9ff8e34192c5067a6dfc50b7076d2181210242c4d687f0fb66f04dd0e63 |
C:\Users\Admin\Desktop\DisconnectMerge.ps1
| MD5 | 5e69191648cd244533fe39a61baf611a |
| SHA1 | 757f5e7c24f8dbb883c4c6f5f70c3c467b86dd34 |
| SHA256 | 2a186eabfc1f4107e9c20ccda60500931c4f5e2405686c4a9c2c402e11b9cd92 |
| SHA512 | 09c31a8b76b2c3e68cdb115a74d93a5de1388ec1f9eb9832d6966728c484c3f4aad0770950ffa7667a37dd0220a9d1e96a17b9cdad2ea81a6b014a3691fca301 |
C:\Users\Admin\Desktop\ConfirmWatch.wmv
| MD5 | 47ad55b434d1699e1f56c3b4af5e1ea8 |
| SHA1 | fd51c452b725f5d8bb4cb0cb73f4597d95acd0c0 |
| SHA256 | f394c8c683290b47907ba28d271d7e599d94b98429dc9cacc1c383fdb4d80398 |
| SHA512 | 3a1f69f3a98f23f2a37e69f10833e804245c14ebe9212e828434e3941ba2ffe4492856b60719db2bed53af9bcf60607b80d51503181e748a054c73e72ba0ee2d |
C:\Users\Admin\Desktop\CompleteUnlock.docx
| MD5 | a779a0c9793c7ec344234be41527f7cd |
| SHA1 | f2f9ab4aa78fe61e1fea9e03f7c9aef5477cd26e |
| SHA256 | 799bf0d4729429b656c61f05aff1a02e8faf618be09294f7df4733b6955b5c27 |
| SHA512 | fc3c30f455f3089bc02448a9366897c8a5e6d2726d754a5b261efe6c7ba84f19aceaf6e92ee24acc913566fc64cb63ba7d10bebf0f4c85240212dbc446eddb83 |
\??\pipe\crashpad_3120_CNBMBEOLYASQLTSY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Caches
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/4024-161-0x0000000000000000-mapping.dmp
memory/664-163-0x0000000000000000-mapping.dmp
memory/3400-164-0x0000000000000000-mapping.dmp
memory/308-167-0x0000000000000000-mapping.dmp
memory/2216-168-0x0000000000000000-mapping.dmp
memory/4384-169-0x0000000000000000-mapping.dmp
memory/3088-170-0x0000000000000000-mapping.dmp
memory/2280-171-0x0000000000000000-mapping.dmp
memory/2168-172-0x0000000000000000-mapping.dmp
memory/2816-173-0x0000000000000000-mapping.dmp
memory/1296-174-0x0000000000000000-mapping.dmp
memory/3612-175-0x0000000000000000-mapping.dmp
memory/4940-176-0x0000000000000000-mapping.dmp
memory/2328-177-0x0000000000000000-mapping.dmp
memory/2880-178-0x0000000000000000-mapping.dmp
memory/3592-179-0x0000000000000000-mapping.dmp
memory/632-180-0x0000000000000000-mapping.dmp
memory/5088-182-0x0000000000400000-0x0000000000DCB000-memory.dmp
memory/5088-181-0x0000000000400000-0x0000000000DCB000-memory.dmp
memory/1260-183-0x0000000000000000-mapping.dmp
memory/5088-185-0x0000000000400000-0x0000000000DCB000-memory.dmp
memory/4188-184-0x0000000000000000-mapping.dmp
memory/5088-186-0x0000000000400000-0x0000000000DCB000-memory.dmp
memory/5088-187-0x0000000000400000-0x0000000000DCB000-memory.dmp
memory/5088-188-0x0000000000400000-0x0000000000DCB000-memory.dmp
memory/440-190-0x0000000000000000-mapping.dmp
memory/5088-189-0x0000000000400000-0x0000000000DCB000-memory.dmp
memory/440-191-0x00000000004C0000-0x0000000000632000-memory.dmp
memory/440-192-0x00007FFBA50D0000-0x00007FFBA5B91000-memory.dmp
memory/5088-193-0x0000000000400000-0x0000000000DCB000-memory.dmp
memory/5088-194-0x0000000000400000-0x0000000000DCB000-memory.dmp
memory/440-195-0x0000000000F10000-0x0000000000F4E000-memory.dmp
memory/2236-196-0x0000000000000000-mapping.dmp
memory/440-197-0x000000001EA90000-0x000000001EAA0000-memory.dmp
memory/2236-198-0x00007FFBA50D0000-0x00007FFBA5B91000-memory.dmp
memory/5088-199-0x0000000000400000-0x0000000000DCB000-memory.dmp
memory/5088-200-0x0000000000400000-0x0000000000DCB000-memory.dmp
memory/700-202-0x00000171411A0000-0x00000171411B0000-memory.dmp
memory/700-201-0x0000017141160000-0x0000017141170000-memory.dmp
memory/440-203-0x00007FFBA50D0000-0x00007FFBA5B91000-memory.dmp
memory/2236-204-0x00007FFBA50D0000-0x00007FFBA5B91000-memory.dmp
memory/2236-205-0x0000000021EA0000-0x0000000021EEC000-memory.dmp
memory/2236-206-0x000000001B710000-0x000000001B72A000-memory.dmp
memory/4508-207-0x0000000000CA0000-0x0000000000CFE000-memory.dmp
memory/4508-208-0x0000000005B80000-0x0000000006124000-memory.dmp
memory/4508-209-0x0000000005740000-0x00000000057D2000-memory.dmp
memory/4508-210-0x00000000056C0000-0x0000000005726000-memory.dmp
memory/4508-211-0x00000000064D0000-0x00000000064E2000-memory.dmp
memory/4508-212-0x0000000006900000-0x000000000693C000-memory.dmp
memory/4532-213-0x0000000000000000-mapping.dmp
memory/996-214-0x0000000000000000-mapping.dmp
memory/2320-215-0x0000000000000000-mapping.dmp
memory/996-216-0x0000000006BB0000-0x0000000006BBA000-memory.dmp
memory/440-217-0x00007FFBA50D0000-0x00007FFBA5B91000-memory.dmp
memory/2236-218-0x000000001B139000-0x000000001B13F000-memory.dmp
memory/2236-219-0x000000001B139000-0x000000001B13F000-memory.dmp
memory/3436-220-0x0000000000000000-mapping.dmp
memory/2236-221-0x000000001B139000-0x000000001B13F000-memory.dmp
memory/2236-222-0x00007FFBA50D0000-0x00007FFBA5B91000-memory.dmp
memory/4940-223-0x0000000000000000-mapping.dmp
memory/3516-224-0x0000000000000000-mapping.dmp
memory/1360-225-0x0000000000000000-mapping.dmp
memory/1360-226-0x00000000004A0000-0x00000000006CC000-memory.dmp
memory/1360-227-0x0000000004F90000-0x0000000004FD0000-memory.dmp
memory/1588-228-0x0000000000000000-mapping.dmp
memory/1588-229-0x0000000008BB0000-0x0000000008BFC000-memory.dmp
memory/1588-230-0x00000000061C0000-0x00000000061CC000-memory.dmp
memory/4052-231-0x00007FFBA1690000-0x00007FFBA20C6000-memory.dmp
memory/1592-232-0x0000000000000000-mapping.dmp
memory/1400-233-0x0000000000000000-mapping.dmp
memory/5092-234-0x0000000000000000-mapping.dmp
memory/376-235-0x0000000000000000-mapping.dmp
memory/376-236-0x00007FFBA1690000-0x00007FFBA20C6000-memory.dmp
memory/2372-237-0x0000000074BA0000-0x0000000075151000-memory.dmp
memory/3808-238-0x0000000000000000-mapping.dmp
memory/2372-239-0x0000000074BA0000-0x0000000075151000-memory.dmp
memory/3808-240-0x0000000074BA0000-0x0000000075151000-memory.dmp
memory/3808-241-0x0000000074BA0000-0x0000000075151000-memory.dmp
memory/1000-242-0x00007FFBA1690000-0x00007FFBA20C6000-memory.dmp
memory/4008-243-0x0000000074BA0000-0x0000000075151000-memory.dmp
memory/4008-244-0x0000000074BA0000-0x0000000075151000-memory.dmp
memory/3808-245-0x0000000074BA0000-0x0000000075151000-memory.dmp
memory/308-246-0x0000000000000000-mapping.dmp
memory/308-247-0x00000000011A0000-0x000000000150A000-memory.dmp
memory/308-250-0x00000000011A0000-0x000000000150A000-memory.dmp
memory/308-251-0x00000000011A0000-0x000000000150A000-memory.dmp
memory/308-252-0x0000000074BA0000-0x0000000075151000-memory.dmp
memory/308-253-0x00000000011A0000-0x000000000150A000-memory.dmp
memory/308-254-0x00000000011A0000-0x000000000150A000-memory.dmp
memory/308-255-0x00000000011A0000-0x000000000150A000-memory.dmp
memory/308-256-0x00000000011A0000-0x000000000150A000-memory.dmp
memory/308-258-0x00000000011A0000-0x000000000150A000-memory.dmp
memory/308-259-0x00000000011A0000-0x000000000150A000-memory.dmp
memory/308-260-0x00000000011A0000-0x000000000150A000-memory.dmp
memory/308-257-0x00000000011A0000-0x000000000150A000-memory.dmp
memory/308-261-0x00000000011A0000-0x000000000150A000-memory.dmp
memory/308-262-0x00000000011A0000-0x000000000150A000-memory.dmp
memory/308-263-0x00000000011A0000-0x000000000150A000-memory.dmp
memory/308-264-0x00000000011A0000-0x000000000150A000-memory.dmp
memory/308-265-0x00000000011A0000-0x000000000150A000-memory.dmp
memory/308-266-0x00000000011A0000-0x000000000150A000-memory.dmp
memory/308-267-0x00000000011A0000-0x000000000150A000-memory.dmp
memory/308-269-0x00000000011A0000-0x000000000150A000-memory.dmp
memory/308-268-0x00000000011A0000-0x000000000150A000-memory.dmp
memory/308-270-0x00000000011A0000-0x000000000150A000-memory.dmp
memory/308-271-0x00000000011A0000-0x000000000150A000-memory.dmp
memory/308-272-0x00000000011A0000-0x000000000150A000-memory.dmp
memory/308-273-0x00000000011A0000-0x000000000150A000-memory.dmp
memory/308-274-0x00000000011A0000-0x000000000150A000-memory.dmp
memory/308-275-0x00000000011A0000-0x000000000150A000-memory.dmp
memory/308-276-0x00000000011A0000-0x000000000150A000-memory.dmp
memory/308-277-0x00000000011A0000-0x000000000150A000-memory.dmp
memory/308-279-0x00000000011A0000-0x000000000150A000-memory.dmp
memory/308-280-0x00000000011A0000-0x000000000150A000-memory.dmp
memory/308-278-0x00000000011A0000-0x000000000150A000-memory.dmp
memory/308-281-0x00000000011A0000-0x000000000150A000-memory.dmp
memory/308-282-0x00000000011A0000-0x000000000150A000-memory.dmp
memory/308-283-0x00000000011A0000-0x000000000150A000-memory.dmp
memory/308-284-0x00000000011A0000-0x000000000150A000-memory.dmp
memory/308-285-0x00000000011A0000-0x000000000150A000-memory.dmp
memory/308-286-0x00000000011A0000-0x000000000150A000-memory.dmp
memory/308-287-0x00000000011A0000-0x000000000150A000-memory.dmp
memory/308-288-0x00000000011A0000-0x000000000150A000-memory.dmp
memory/308-289-0x00000000011A0000-0x000000000150A000-memory.dmp
memory/308-290-0x00000000011A0000-0x000000000150A000-memory.dmp
memory/308-291-0x00000000011A0000-0x000000000150A000-memory.dmp
memory/308-292-0x00000000011A0000-0x000000000150A000-memory.dmp
memory/308-293-0x00000000011A0000-0x000000000150A000-memory.dmp
memory/308-294-0x00000000011A0000-0x000000000150A000-memory.dmp
memory/308-295-0x00000000011A0000-0x000000000150A000-memory.dmp
memory/308-296-0x00000000011A0000-0x000000000150A000-memory.dmp
memory/308-297-0x00000000011A0000-0x000000000150A000-memory.dmp
memory/308-298-0x00000000011A0000-0x000000000150A000-memory.dmp
memory/308-299-0x00000000011A0000-0x000000000150A000-memory.dmp
memory/4504-304-0x0000000000000000-mapping.dmp
memory/308-307-0x0000000074BA0000-0x0000000075151000-memory.dmp
memory/4504-338-0x0000000074BA0000-0x0000000075151000-memory.dmp
memory/4504-846-0x0000000074BA0000-0x0000000075151000-memory.dmp
memory/544-1537-0x0000000000000000-mapping.dmp
memory/4504-1538-0x0000000074BA0000-0x0000000075151000-memory.dmp
memory/5476-1539-0x0000000000000000-mapping.dmp
memory/6100-1540-0x0000000000000000-mapping.dmp
memory/3016-1541-0x0000000000000000-mapping.dmp
memory/3016-1542-0x0000000000C30000-0x000000000124A000-memory.dmp
memory/3016-1543-0x00000000056F0000-0x00000000056FC000-memory.dmp
memory/3016-1544-0x0000000005E30000-0x0000000005F14000-memory.dmp
memory/3016-1545-0x0000000009790000-0x0000000009CBC000-memory.dmp
memory/3016-1546-0x0000000005789000-0x000000000578F000-memory.dmp
memory/3016-1547-0x0000000008E60000-0x0000000009E60000-memory.dmp
memory/2208-1548-0x0000000000000000-mapping.dmp
memory/704-1549-0x0000000000000000-mapping.dmp
memory/552-1551-0x0000000000000000-mapping.dmp
memory/1804-1552-0x0000000000000000-mapping.dmp
memory/3016-1553-0x0000000005789000-0x000000000578F000-memory.dmp
memory/5368-1555-0x0000000000000000-mapping.dmp
memory/4292-1557-0x0000000000000000-mapping.dmp
memory/5036-1559-0x0000000000000000-mapping.dmp
memory/4920-1561-0x0000000000000000-mapping.dmp
memory/4916-1563-0x0000000000000000-mapping.dmp
memory/3016-1564-0x0000000008E60000-0x0000000009E60000-memory.dmp
memory/2152-1565-0x0000000000000000-mapping.dmp
memory/2340-1566-0x0000000000000000-mapping.dmp
memory/312-1568-0x0000000000000000-mapping.dmp
memory/4148-1569-0x0000000000000000-mapping.dmp
memory/1588-1571-0x0000000000000000-mapping.dmp
memory/5288-1573-0x0000000000000000-mapping.dmp
memory/5240-1575-0x0000000000000000-mapping.dmp
memory/6140-1577-0x0000000000000000-mapping.dmp
memory/4948-1579-0x0000000000000000-mapping.dmp
memory/3640-1581-0x0000000000000000-mapping.dmp
memory/5940-1583-0x0000000000000000-mapping.dmp
memory/3016-1584-0x0000000008E60000-0x0000000009E60000-memory.dmp
memory/3016-1585-0x0000000008E60000-0x0000000009E60000-memory.dmp
memory/3016-1586-0x0000000008E60000-0x0000000009E60000-memory.dmp
memory/3016-1587-0x0000000008E60000-0x0000000009E60000-memory.dmp
memory/3016-1588-0x0000000008E60000-0x0000000009E60000-memory.dmp
memory/3016-1589-0x0000000005787000-0x000000000578E000-memory.dmp
memory/3016-1590-0x0000000008E60000-0x0000000009E60000-memory.dmp
memory/3016-1591-0x0000000005787000-0x000000000578E000-memory.dmp
memory/3016-1592-0x0000000008E60000-0x0000000009E60000-memory.dmp
memory/3016-1593-0x0000000008E60000-0x0000000009E60000-memory.dmp
memory/3016-1594-0x0000000008E60000-0x0000000009E60000-memory.dmp
memory/3016-1595-0x0000000008E60000-0x0000000009E60000-memory.dmp
memory/2272-1596-0x0000000000000000-mapping.dmp