Malware Analysis Report

2024-10-23 21:31

Sample ID 240731-k35l1a1hrf
Target Ff2 external.zip
SHA256 07569cd953006587d716ee60b284baf1d77bfbd77706395b2c3b504d76267380
Tags
revengerat guest discovery macro macro_on_action persistence stealer trojan upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

07569cd953006587d716ee60b284baf1d77bfbd77706395b2c3b504d76267380

Threat Level: Known bad

The file Ff2 external.zip was found to be: Known bad.

Malicious Activity Summary

revengerat guest discovery macro macro_on_action persistence stealer trojan upx

RevengeRAT

RevengeRat Executable

Downloads MZ/PE file

Contacts a large (1382) amount of remote hosts

Office macro that triggers on suspicious action

Executes dropped EXE

UPX packed file

Drops startup file

Uses the VBS compiler for execution

Legitimate hosting services abused for malware hosting/C2

Adds Run key to start application

Drops file in System32 directory

Suspicious use of SetThreadContext

Drops file in Windows directory

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Browser Information Discovery

Scheduled Task/Job: Scheduled Task

Modifies registry class

Suspicious use of SetWindowsHookEx

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

Suspicious behavior: GetForegroundWindowSpam

NTFS ADS

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-31 09:08

Signatures

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-07-31 09:08

Reported

2024-07-31 09:08

Platform

win7-20240708-en

Max time kernel

0s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-07-31 09:08

Reported

2024-07-31 09:08

Platform

win10v2004-20240730-en

Max time kernel

0s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-31 09:08

Reported

2024-07-31 09:38

Platform

win7-20240704-en

Max time kernel

1564s

Max time network

1566s

Command Line

C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\Ff2 external.zip"

Signatures

N/A

Processes

C:\Windows\Explorer.exe

C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\Ff2 external.zip"

C:\Windows\explorer.exe

"C:\Windows\explorer.exe"

Network

N/A

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-31 09:08

Reported

2024-07-31 09:19

Platform

win10v2004-20240730-en

Max time kernel

564s

Max time network

660s

Command Line

C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\Ff2 external.zip"

Signatures

RevengeRAT

trojan revengerat

RevengeRat Executable

stealer
Description Indicator Process Target
N/A N/A N/A N/A

Contacts a large (1382) amount of remote hosts

discovery

Downloads MZ/PE file

Office macro that triggers on suspicious action

macro macro_on_action
Description Indicator Process Target
N/A N/A N/A N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe\:SmartScreen:$DATA C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Uses the VBS compiler for execution

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3089151618-2647890268-2710988337-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\svchost.exe" C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A 0.tcp.ngrok.io N/A N/A
N/A 0.tcp.ngrok.io N/A N/A
N/A 0.tcp.ngrok.io N/A N/A
N/A discord.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A 0.tcp.ngrok.io N/A N/A
N/A 0.tcp.ngrok.io N/A N/A
N/A discord.com N/A N/A
N/A 0.tcp.ngrok.io N/A N/A
N/A 0.tcp.ngrok.io N/A N/A
N/A 0.tcp.ngrok.io N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A 0.tcp.ngrok.io N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\WINDOWS\SysWOW64\MSDRM\MSOIRMPROTECTOR.XLS C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File created C:\Windows\SysWOW64\wsock32.ska C:\Users\Admin\Downloads\Happy99.exe N/A
File opened for modification C:\Windows\SysWOW64\wsock32.dll C:\Users\Admin\Downloads\Happy99.exe N/A
File created C:\Windows\SysWOW64\ZippedFiles.a.exe C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File created C:\WINDOWS\SysWOW64\MSDRM\MSOIRMPROTECTOR.DOC C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File created C:\WINDOWS\SysWOW64\MSDRM\MSOIRMPROTECTOR.PPT C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File created C:\WINDOWS\SysWOW64\RASCTRNM.H C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File created C:\Windows\SysWOW64\Ska.exe C:\Users\Admin\Downloads\Happy99.exe N/A
File opened for modification C:\Windows\SysWOW64\Ska.exe C:\Users\Admin\Downloads\Happy99.exe N/A
File created C:\Windows\SysWOW64\Ska.exe:SmartScreen:$DATA C:\Users\Admin\Downloads\Happy99.exe N/A
File created C:\Windows\SysWOW64\Ska.dll C:\Users\Admin\Downloads\Happy99.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\INCLUDE\JDWPTRANSPORT.H C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\INCLUDE\WIN32\BRIDGE\ACCESSBRIDGECALLBACKS.H C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\INCLUDE\WIN32\BRIDGE\ACCESSBRIDGECALLS.C C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\INCLUDE\WIN32\BRIDGE\ACCESSBRIDGEPACKAGES.H C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\SAMPLES\SOLVSAMP.XLS C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\INCLUDE\JAWT.H C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\1033\PROTTPLN.DOC C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\1033\PROTTPLV.DOC C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\INCLUDE\JVMTI.H C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\INCLUDE\JNI.H C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\1033\PROTTPLN.PPT C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\1033\PROTTPLV.XLS C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\INCLUDE\CLASSFILE_CONSTANTS.H C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\INCLUDE\WIN32\BRIDGE\ACCESSBRIDGECALLS.H C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\INCLUDE\WIN32\JAWT_MD.H C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\INCLUDE\WIN32\JNI_MD.H C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\1033\PROTTPLN.XLS C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\1033\PROTTPLV.PPT C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\INCLUDE\JVMTICMLR.H C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\WINDOWS\WINSXS\X86_NETFX-ASPNET_STATE_PERF_H_B03F5F7F11D50A3A_10.0.19041.1_NONE_A71B18B9B7240FD3\ASPNET_STATE_PERF.H C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File created C:\WINDOWS\INF\SMSVCHOST 4.0.0.0\_SMSVCHOSTPERFCOUNTERS.H C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File created C:\WINDOWS\INF\UGATHERER\GSRVCTR.H C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File opened for modification C:\WINDOWS\INF\WMIAPRPL\WMIAPRPL.H C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File created C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-IIS-W3SVC_31BF3856AD364E35_10.0.19041.1_NONE_74075B27A8B0FC6F\W3CTRS.H C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File created C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-R..T-OFFICE-PROTECTORS_31BF3856AD364E35_10.0.19041.1_NONE_C3BC3DBD94DA3C61\MSOIRMPROTECTOR.PPT C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File created C:\WINDOWS\WINSXS\AMD64_WINDOWSSEARCHENGINE_31BF3856AD364E35_7.0.19041.1151_NONE_EC390BD802A1C630\GSRVCTR.H C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File created C:\WINDOWS\WINSXS\WOW64_MICROSOFT-WINDOWS-R..T-OFFICE-PROTECTORS_31BF3856AD364E35_10.0.19041.1_NONE_CE10E80FC93AFE5C\MSOIRMPROTECTOR.PPT C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File created C:\WINDOWS\INF\.NET CLR NETWORKING 4.0.0.0\_NETWORKINGPERFCOUNTERS.H C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File created C:\WINDOWS\WINSXS\X86_NETFX-ASPNET_PERF_H_B03F5F7F11D50A3A_10.0.19041.1_NONE_7CC3A8E15363EB05\ASPNET_PERF.H C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File created C:\WINDOWS\INF\BITS\BITSCTR.H C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File created C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-S..MMAINTENANCESERVICE_31BF3856AD364E35_10.0.19041.1_NONE_F33EFFCE7F94D952\READYBOOSTPERFCOUNTERS.H C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File created C:\WINDOWS\WINSXS\AMD64_NETFX-ASPNET-NONWOW64-SHARED_B03F5F7F11D50A3A_4.0.19041.1_NONE_D66D07DACAC85E2D\ASPNET_PERF.H C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File created C:\WINDOWS\WINSXS\AMD64_WCF-M_TX_BRIDGE_PERF_C_H_31BF3856AD364E35_10.0.19041.1_NONE_6A2A49572AB90F30\_TRANSACTIONBRIDGEPERFCOUNTERS.H C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File created C:\WINDOWS\INF\.NET CLR DATA\_DATAPERFCOUNTERS.H C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File created C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\ASPNET_PERF.H C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File created C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\ASPNET_PERF.H C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File created \??\c:\windows\jk.bat C:\Users\Admin\Downloads\Bugsoft.exe N/A
File created C:\WINDOWS\INF\RDYBOOST\READYBOOSTPERFCOUNTERS.H C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File opened for modification C:\WINDOWS\INF\SERVICEMODELSERVICE 3.0.0.0\_SERVICEMODELSERVICEPERFCOUNTERS.H C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File created C:\WINDOWS\WINSXS\AMD64_NETFX4-_NETWORKINGPERFCOUNTERS_H_B03F5F7F11D50A3A_4.0.15805.0_NONE_5D7FB023EC33EF8B\_NETWORKINGPERFCOUNTERS.H C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File created C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-BITS-PERF-V1-COUNTERS_31BF3856AD364E35_10.0.19041.1_NONE_17C681FDED11FC67\BITSCTR.H C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File created C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-T..RVICES-PERFCOUNTERS_31BF3856AD364E35_10.0.19041.1_NONE_00C2FFD3E29A5ADE\TSLABELS.H C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File created C:\WINDOWS\INF\.NET MEMORY CACHE 4.0\NETMEMORYCACHE.H C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File created C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-TAPICORE_31BF3856AD364E35_10.0.19041.746_NONE_C2332356A565DF1C\PERFCTR.H C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File created C:\WINDOWS\WINSXS\AMD64_NETFX4-TRANSACTIONBRIDGEPERFCOUNTERS_B03F5F7F11D50A3A_4.0.15805.0_NONE_6B0477B0FB9004FA\_TRANSACTIONBRIDGEPERFCOUNTERS.H C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File created C:\WINDOWS\WINSXS\AMD64_NETFX4-_DATAORACLEC.._SHARED12_NEUTRAL_H_B03F5F7F11D50A3A_4.0.15805.0_NONE_3B8D4DACC2EA6B71\_DATAORACLECLIENTPERFCOUNTERS_SHARED12_NEUTRAL.H C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File created C:\WINDOWS\WINSXS\AMD64_NETFX4-_DATAPERFCOU.._SHARED12_NEUTRAL_H_B03F5F7F11D50A3A_4.0.15805.0_NONE_24ED4511DCC3019E\_DATAPERFCOUNTERS.H C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File created C:\WINDOWS\WINSXS\AMD64_NETFX4-_DATAPERFCOU.._SHARED12_NEUTRAL_H_B03F5F7F11D50A3A_4.0.15805.0_NONE_24ED4511DCC3019E\_DATAPERFCOUNTERS_SHARED12_NEUTRAL.H C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File created C:\WINDOWS\WINSXS\WOW64_MICROSOFT-WINDOWS-R..T-OFFICE-PROTECTORS_31BF3856AD364E35_10.0.19041.746_NONE_F619255888ACBCA6\MSOIRMPROTECTOR.PPT C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File created C:\WINDOWS\WINSXS\X86_NETFX4-ASPNET_STATE_PERF_H_B03F5F7F11D50A3A_4.0.15805.0_NONE_0C5E324537CBCE25\ASPNET_STATE_PERF.H C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File created C:\WINDOWS\INF\.NETFRAMEWORK\CORPERFMONSYMBOLS.H C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File created C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-TAPICORE_31BF3856AD364E35_10.0.19041.1_NONE_9A2AE60DE5F420D2\PERFCTR.H C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File opened for modification \??\c:\windows\mail.vbs C:\Users\Admin\Downloads\Bugsoft.exe N/A
File created C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-IIS-ASPBINARIES_31BF3856AD364E35_10.0.19041.1_NONE_42755BCB06D24EA8\AXCTRNM.H C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File created C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-R..T-OFFICE-PROTECTORS_31BF3856AD364E35_10.0.19041.1_NONE_C3BC3DBD94DA3C61\MSOIRMPROTECTOR.DOC C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File created C:\WINDOWS\INF\WINDOWS WORKFLOW FOUNDATION 4.0.0.0\PERFCOUNTERS.H C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File created C:\WINDOWS\INF\TAPISRV\PERFCTR.H C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File created C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\ASPNET_STATE_PERF.H C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File created C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-RASBASE_31BF3856AD364E35_10.0.19041.1_NONE_C3D1756519CCCB94\RASCTRNM.H C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File created C:\WINDOWS\WINSXS\AMD64_NETFX4-ASPNET_STATE_PERF_H_B03F5F7F11D50A3A_4.0.15805.0_NONE_C4B0FB6E234FA51F\ASPNET_STATE_PERF.H C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File created C:\WINDOWS\INF\LSM\LAGCOUNTERDEF.H C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File created C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\ASPNET_STATE_PERF.H C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File created C:\WINDOWS\WINSXS\AMD64_WINDOWSSEARCHENGINE_31BF3856AD364E35_7.0.19041.264_NONE_8BD2F5FC0C992E06\GTHRCTR.H C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File created C:\WINDOWS\WINSXS\X86_WWF-CPERFCNT_31BF3856AD364E35_10.0.19041.1_NONE_796F8F9AE78775E8\PERFCOUNTERS.H C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File opened for modification \??\c:\windows\jk.bat C:\Users\Admin\Downloads\Bugsoft.exe N/A
File created C:\WINDOWS\WINSXS\AMD64_WCF-M_SVC_MOD_SVC_PERF_H_31BF3856AD364E35_10.0.19041.1_NONE_51277F142F1F9414\_SERVICEMODELSERVICEPERFCOUNTERS.H C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File created C:\WINDOWS\INF\MSDTC BRIDGE 4.0.0.0\_TRANSACTIONBRIDGEPERFCOUNTERS.H C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File opened for modification C:\WINDOWS\INF\WINDOWS WORKFLOW FOUNDATION 3.0.0.0\PERFCOUNTERS.H C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File created C:\WINDOWS\WINSXS\AMD64_NETFX-ASPNET_PERF_H_B03F5F7F11D50A3A_10.0.19041.1_NONE_3516720A3EE7C1FF\ASPNET_PERF.H C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File created C:\WINDOWS\WINSXS\AMD64_WINDOWSSEARCHENGINE_31BF3856AD364E35_7.0.19041.264_NONE_8BD2F5FC0C992E06\GSRVCTR.H C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File created C:\WINDOWS\WINSXS\X86_NETFX4-ASPNET_PERF_H_B03F5F7F11D50A3A_4.0.15805.0_NONE_E031B46CF0C9371D\ASPNET_PERF.H C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File created C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\ASPNET_STATE_PERF.H C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File created C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\ASPNET_PERF.H C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File created C:\WINDOWS\WINSXS\AMD64_NETFX4-SMSVCHOSTPERFCOUNTERS_B03F5F7F11D50A3A_4.0.15805.0_NONE_2B4BA3FABCE2B249\_SMSVCHOSTPERFCOUNTERS.H C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File created C:\WINDOWS\WINSXS\AMD64_WINDOWSSEARCHENGINE_31BF3856AD364E35_7.0.19041.264_NONE_8BD2F5FC0C992E06\IDXCNTRS.H C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File created C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-R..T-OFFICE-PROTECTORS_31BF3856AD364E35_10.0.19041.746_NONE_EBC47B06544BFAAB\MSOIRMPROTECTOR.PPT C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File created C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-C..GEMENT-PERFCOUNTERS_31BF3856AD364E35_10.0.19041.1_NONE_DB48407B484FA757\MSDTCPRF.H C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File created C:\WINDOWS\INF\USBHUB\USBPERFSYM.H C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File created C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-R..T-OFFICE-PROTECTORS_31BF3856AD364E35_10.0.19041.746_NONE_EBC47B06544BFAAB\MSOIRMPROTECTOR.DOC C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File created C:\WINDOWS\WINSXS\WOW64_MICROSOFT-WINDOWS-R..T-OFFICE-PROTECTORS_31BF3856AD364E35_10.0.19041.1_NONE_CE10E80FC93AFE5C\MSOIRMPROTECTOR.XLS C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File created C:\WINDOWS\WINSXS\WOW64_MICROSOFT-WINDOWS-R..T-OFFICE-PROTECTORS_31BF3856AD364E35_10.0.19041.746_NONE_F619255888ACBCA6\MSOIRMPROTECTOR.XLS C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File created C:\WINDOWS\WINSXS\AMD64_NETFX4-_NETWORKINGPERFCOUNTERS_V2_H_B03F5F7F11D50A3A_4.0.15805.0_NONE_9D7F19400A8AEE7C\_NETWORKINGPERFCOUNTERS_V2.H C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
File created C:\WINDOWS\INF\.NET DATA PROVIDER FOR ORACLE\_DATAORACLECLIENTPERFCOUNTERS_SHARED12_NEUTRAL.H C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Happy99.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Bugsoft.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Bugsoft.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\NakedWife.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3089151618-2647890268-2710988337-1000\{6D51CBBD-9A79-4C84-B75B-F28993804AF8} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3089151618-2647890268-2710988337-1000_Classes\Local Settings C:\Users\Admin\Downloads\ZippedFiles.a.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 689444.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 754449.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 172535.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\svchost\svchost.exe\:SmartScreen:$DATA C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 89688.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 132963.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 121108.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Users\Admin\AppData\Local\Temp\NakedWife.exe\:SmartScreen:$DATA C:\Users\Admin\Downloads\NakedWife.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 688646.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 58201.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 232451.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Users\Admin\AppData\Roaming\svchost.exe\:SmartScreen:$DATA C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe N/A

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\Bugsoft.exe N/A
N/A N/A C:\Users\Admin\Downloads\Bugsoft.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4016 wrote to memory of 220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 4620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 4620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 4620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 4620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 4620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 4620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 4620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 4620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 4620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 4620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 4620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 4620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 4620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 4620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 4620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 4620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 4620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 4620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 4620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 4620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 4620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 4620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 4620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 4620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 4620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 4620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 4620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 4620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 4620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 4620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 4620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 4620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 4620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 4620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 4620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 4620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 4620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 4620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 4620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 4620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 3372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 3372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Windows\Explorer.exe

C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\Ff2 external.zip"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\BlockCopy.vbs" C:\Users\Admin\Desktop\CheckpointTrace.docx

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc610146f8,0x7ffc61014708,0x7ffc61014718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2516 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3572 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3572 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=212 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4512 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x4f4 0x2fc

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5848 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2984 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6440 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2960 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5168 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7140 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6432 /prefetch:8

C:\Users\Admin\Downloads\RevengeRAT.exe

"C:\Users\Admin\Downloads\RevengeRAT.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6408 /prefetch:2

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7132 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6588 /prefetch:8

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\zipw1abo.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESFA07.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc8CAACB8FE1984209A5B4AB13BE6FC6A.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\ioqf4x0k.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESFAC3.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcCFB7D68EBD324713A3816F68378EFD6F.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\e9em0fiw.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESFB4F.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc4B5FE0CD4834A4AA2B8AC25E27AD6D.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\5lgx21s2.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESFBDC.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc577095179CB4E3F89238E21B43426E1.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\kfzd4tp6.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESFC59.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc471EC9589E9041DA938235B8C96A291.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\cpwaqokg.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESFD05.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc82544E8F6EEE4DFCA8EA41323ED37DC.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\05z0t5y3.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESFD92.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcAA2A0314759E482DBFD94CE4D7CCB5F3.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\x1wzdic1.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESFE1E.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc69088ECA8DF24CDBA336DAC63A4E415D.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\gaganipx.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESFE9B.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc5D416A6EB1DD4B7A871846AFCE73A2EE.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\a9i4mknw.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESFF47.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc2C92A8ECE6BA4D25B81E415CB61DC65.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\fh7xohwh.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESFFC4.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc543DA58F67E24C8BA18CDF526B1FDE2E.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\uvr6jrzj.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES51.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc1F3F22DB85B54EEEA41DA2C7AC74241.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\ykadfsoq.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESCE.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc7EFF837849346598F1F4BFCB2393F6.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\nt2edsru.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES15A.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcDEF8892737494ACF87F5A4783438B41.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\pdbml_qh.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1D7.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcFACACB7D31694C4BB526D9C83E8C3EB.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\dqnhre3o.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES254.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc1A31C5A56CC9498395B25E60F0CB572D.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\vodvxlzj.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES2F1.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc7ECA3DCBE94E4FAAA5E6EEC4FB6370.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\2x-gemiy.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES35E.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc44144D3B1F074559BEC887B7D5AFC570.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\m3tk2lcp.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3DB.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc7473677CC2F4612B5EB7CB832EDBDDF.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\crl_v8ak.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES448.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc30E52DCB8C3B41D29D7AF886C657151C.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\5tjbk7xq.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES4D5.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc30C0EC75176F490B96413B2486C642CB.TMP"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 /prefetch:8

C:\Users\Admin\Downloads\Bugsoft.exe

"C:\Users\Admin\Downloads\Bugsoft.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c c:\windows\jk.bat

C:\Users\Admin\Downloads\Bugsoft.exe

"C:\Users\Admin\Downloads\Bugsoft.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c c:\windows\jk.bat

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe

"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /sc minute /mo 1 /tn "svchost" /tr "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\rnqb-qsa.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESAB17.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcC73E526AA5EB4ECD8D4A9FAFC896F883.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\sbvpuf9_.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESAC11.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcE1F53F1B29F0434CBA4B7AAB0711F4C.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\_formspm.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESAC8E.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcC301ED2B54124E57A7E6E97B6535DF8B.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\3lq___5y.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESAD1B.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcA337FD03A05D421688F422743463513.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\ummcewa4.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESAD88.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcB962F834D0CC46ADBD3810B3527E210.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\6ghzzrie.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESAE44.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc9DABEED49CAE4E5D812EA6783B65E857.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\urfq0jxi.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESAEC1.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc1187AAAA16A4DE0A8977FEE25EA28C2.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\cdqiykbk.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESAF3E.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcE3012802D13D496E85394AA4C824461.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\nwiyfwps.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESAFCB.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc365C6485FC68408099581AFD59DA8024.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\p0_jgulp.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESB048.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcB6957BCF14014614BA28B77C5A208249.TMP"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7052 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1836 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7164 /prefetch:8

C:\Users\Admin\Downloads\Happy99.exe

"C:\Users\Admin\Downloads\Happy99.exe"

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe

"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6440 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7044 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3688 /prefetch:8

C:\Users\Admin\Downloads\NakedWife.exe

"C:\Users\Admin\Downloads\NakedWife.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6124 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5052 /prefetch:8

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe

"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6764 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6224 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6204 /prefetch:8

C:\Users\Admin\Downloads\ZippedFiles.a.exe

"C:\Users\Admin\Downloads\ZippedFiles.a.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6436 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7108 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6312 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6556 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4948 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7436 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7512 /prefetch:8

C:\Users\Admin\Downloads\EternalRocks.exe

"C:\Users\Admin\Downloads\EternalRocks.exe"

C:\Users\Admin\Downloads\EternalRocks.exe

"C:\Users\Admin\Downloads\EternalRocks.exe"

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe

"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7552 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7096 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7216 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7600 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7136 /prefetch:8

C:\Users\Admin\Downloads\Blaster.A.exe

"C:\Users\Admin\Downloads\Blaster.A.exe"

C:\Users\Admin\Downloads\Blaster.E.exe

"C:\Users\Admin\Downloads\Blaster.E.exe"

C:\Users\Admin\Downloads\Blaster.A.exe

"C:\Users\Admin\Downloads\Blaster.A.exe"

C:\Users\Admin\Downloads\Blaster.E.exe

"C:\Users\Admin\Downloads\Blaster.E.exe"

C:\Users\Admin\Downloads\Blaster.E.exe

"C:\Users\Admin\Downloads\Blaster.E.exe"

C:\Users\Admin\Downloads\Blaster.A.exe

"C:\Users\Admin\Downloads\Blaster.A.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6764 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7152 /prefetch:8

C:\Users\Admin\Downloads\Fagot.a.exe

"C:\Users\Admin\Downloads\Fagot.a.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3356 /prefetch:2

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2468 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 15.173.189.20.in-addr.arpa udp
GB 184.28.176.58:443 www.bing.com tcp
US 8.8.8.8:53 58.176.28.184.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 discord.com udp
US 162.159.128.233:80 discord.com tcp
US 162.159.128.233:80 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 8.8.8.8:53 cdn.discordapp.com udp
US 8.8.8.8:53 cdn.prod.website-files.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 cdn.localizeapi.com udp
US 162.159.133.233:443 cdn.discordapp.com tcp
US 104.18.29.203:443 cdn.prod.website-files.com tcp
US 172.67.41.53:443 cdn.localizeapi.com tcp
US 8.8.8.8:53 apps.identrust.com udp
GB 23.200.147.41:80 apps.identrust.com tcp
US 8.8.8.8:53 d3e54v103j8qbb.cloudfront.net udp
GB 18.245.246.151:443 d3e54v103j8qbb.cloudfront.net tcp
US 8.8.8.8:53 assets.website-files.com udp
ES 18.172.213.106:443 assets.website-files.com tcp
ES 18.172.213.106:443 assets.website-files.com tcp
ES 18.172.213.106:443 assets.website-files.com tcp
ES 18.172.213.106:443 assets.website-files.com tcp
ES 18.172.213.106:443 assets.website-files.com tcp
US 8.8.8.8:53 233.128.159.162.in-addr.arpa udp
US 8.8.8.8:53 67.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 233.133.159.162.in-addr.arpa udp
US 8.8.8.8:53 203.29.18.104.in-addr.arpa udp
US 8.8.8.8:53 234.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 41.147.200.23.in-addr.arpa udp
US 8.8.8.8:53 151.246.245.18.in-addr.arpa udp
US 8.8.8.8:53 53.41.67.172.in-addr.arpa udp
US 104.18.29.203:443 cdn.prod.website-files.com tcp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 8.8.8.8:53 106.213.172.18.in-addr.arpa udp
US 172.64.155.119:443 geolocation.onetrust.com tcp
US 8.8.8.8:53 6.39.156.108.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
FR 142.250.75.238:443 www.youtube.com tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
FR 142.250.75.238:443 www.youtube.com udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 119.155.64.172.in-addr.arpa udp
US 8.8.8.8:53 238.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 168.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 sentry.io udp
US 35.186.247.156:443 sentry.io tcp
US 8.8.8.8:53 156.247.186.35.in-addr.arpa udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 184.28.176.90:443 th.bing.com tcp
GB 184.28.176.112:443 th.bing.com tcp
GB 184.28.176.112:443 th.bing.com tcp
GB 184.28.176.90:443 th.bing.com tcp
US 8.8.8.8:53 90.176.28.184.in-addr.arpa udp
US 8.8.8.8:53 112.176.28.184.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
IE 20.190.159.71:443 login.microsoftonline.com tcp
US 8.8.8.8:53 services.bingapis.com udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 80.5.107.13.in-addr.arpa udp
US 104.18.33.89:443 www2.bing.com tcp
US 104.18.33.89:443 www2.bing.com tcp
US 8.8.8.8:53 89.33.18.104.in-addr.arpa udp
US 104.18.33.89:443 www2.bing.com tcp
US 104.18.33.89:443 www2.bing.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.111.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 185.199.111.133:443 user-images.githubusercontent.com tcp
US 104.18.33.89:443 www2.bing.com tcp
US 104.18.33.89:443 www2.bing.com tcp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 154.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 185.199.110.154:443 github.githubassets.com tcp
US 140.82.113.22:443 collector.github.com tcp
US 8.8.8.8:53 api.github.com udp
US 140.82.113.22:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 22.113.82.140.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 133.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 0.tcp.ngrok.io udp
US 3.134.39.220:19521 0.tcp.ngrok.io tcp
US 3.134.39.220:19521 0.tcp.ngrok.io tcp
US 3.134.39.220:19521 0.tcp.ngrok.io tcp
US 3.134.39.220:19521 0.tcp.ngrok.io tcp
GB 20.26.156.210:443 api.github.com tcp
US 3.134.39.220:19521 0.tcp.ngrok.io tcp
US 3.134.39.220:19521 0.tcp.ngrok.io tcp
US 3.134.39.220:19521 0.tcp.ngrok.io tcp
US 3.134.39.220:19521 0.tcp.ngrok.io tcp
US 3.134.39.220:19521 0.tcp.ngrok.io tcp
US 3.134.39.220:19521 0.tcp.ngrok.io tcp
US 3.134.39.220:19521 0.tcp.ngrok.io tcp
US 8.8.8.8:53 0.tcp.ngrok.io udp
US 3.13.191.225:19521 0.tcp.ngrok.io tcp
US 3.13.191.225:19521 0.tcp.ngrok.io tcp
US 3.13.191.225:19521 0.tcp.ngrok.io tcp
US 3.13.191.225:19521 0.tcp.ngrok.io tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 3.13.191.225:19521 0.tcp.ngrok.io tcp
US 3.13.191.225:19521 0.tcp.ngrok.io tcp
US 3.13.191.225:19521 0.tcp.ngrok.io tcp
US 8.8.8.8:53 0.tcp.ngrok.io udp
US 3.14.182.203:19521 0.tcp.ngrok.io tcp
US 3.14.182.203:19521 0.tcp.ngrok.io tcp
US 3.14.182.203:19521 0.tcp.ngrok.io tcp
US 3.14.182.203:19521 0.tcp.ngrok.io tcp
US 3.14.182.203:19521 0.tcp.ngrok.io tcp
US 3.14.182.203:19521 0.tcp.ngrok.io tcp
US 3.14.182.203:19521 0.tcp.ngrok.io tcp
US 3.14.182.203:19521 0.tcp.ngrok.io tcp
US 3.14.182.203:19521 0.tcp.ngrok.io tcp
US 8.8.8.8:53 0.tcp.ngrok.io udp
US 3.17.7.232:19521 0.tcp.ngrok.io tcp
US 3.17.7.232:19521 0.tcp.ngrok.io tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 3.17.7.232:19521 0.tcp.ngrok.io tcp
US 3.17.7.232:19521 0.tcp.ngrok.io tcp
US 3.17.7.232:19521 0.tcp.ngrok.io tcp
US 3.17.7.232:19521 0.tcp.ngrok.io tcp
US 3.17.7.232:19521 0.tcp.ngrok.io tcp
US 3.17.7.232:19521 0.tcp.ngrok.io tcp
US 3.17.7.232:19521 0.tcp.ngrok.io tcp
US 3.17.7.232:19521 0.tcp.ngrok.io tcp
US 8.8.8.8:53 0.tcp.ngrok.io udp
US 3.22.30.40:19521 0.tcp.ngrok.io tcp
US 3.22.30.40:19521 0.tcp.ngrok.io tcp
US 3.22.30.40:19521 0.tcp.ngrok.io tcp
US 3.22.30.40:19521 0.tcp.ngrok.io tcp
US 3.22.30.40:19521 0.tcp.ngrok.io tcp
US 3.22.30.40:19521 0.tcp.ngrok.io tcp
US 3.22.30.40:19521 0.tcp.ngrok.io tcp
US 3.22.30.40:19521 0.tcp.ngrok.io tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 3.22.30.40:19521 0.tcp.ngrok.io tcp
US 3.22.30.40:19521 0.tcp.ngrok.io tcp
US 3.22.30.40:19521 0.tcp.ngrok.io tcp
US 8.8.8.8:53 0.tcp.ngrok.io udp
US 3.134.39.220:19521 0.tcp.ngrok.io tcp
US 3.134.39.220:19521 0.tcp.ngrok.io tcp
US 8.8.8.8:53 0.tcp.ngrok.io udp
US 3.17.7.232:19521 0.tcp.ngrok.io tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 0.tcp.ngrok.io udp
US 3.134.125.175:19521 0.tcp.ngrok.io tcp
US 3.134.125.175:19521 0.tcp.ngrok.io tcp
US 3.134.125.175:19521 0.tcp.ngrok.io tcp
US 3.134.125.175:19521 0.tcp.ngrok.io tcp
US 3.134.125.175:19521 0.tcp.ngrok.io tcp
TR 5.47.122.1:135 tcp
TR 5.47.122.2:135 tcp
TR 5.47.122.3:135 tcp
TR 5.47.122.4:135 tcp
US 8.8.8.8:53 windowsupdate.com udp
TR 5.47.122.5:135 tcp
TR 5.47.122.6:135 tcp
TR 5.47.122.7:135 tcp
TR 5.47.122.8:135 tcp
TR 5.47.122.9:135 tcp
TR 5.47.122.10:135 tcp
TR 5.47.122.11:135 tcp
TR 5.47.122.12:135 tcp
TR 5.47.122.13:135 tcp
TR 5.47.122.14:135 tcp
TR 5.47.122.15:135 tcp
TR 5.47.122.16:135 tcp
TR 5.47.122.17:135 tcp
TR 5.47.122.18:135 tcp
TR 5.47.122.19:135 tcp
TR 5.47.122.20:135 tcp
US 3.134.125.175:19521 0.tcp.ngrok.io tcp
US 71.172.229.1:135 tcp
US 71.172.229.2:135 tcp
US 71.172.229.3:135 tcp
US 71.172.229.4:135 tcp
US 71.172.229.5:135 tcp
US 71.172.229.6:135 tcp
US 71.172.229.7:135 tcp
US 71.172.229.8:135 tcp
US 71.172.229.9:135 tcp
US 71.172.229.10:135 tcp
US 71.172.229.11:135 tcp
US 71.172.229.12:135 tcp
US 71.172.229.13:135 tcp
US 71.172.229.14:135 tcp
US 71.172.229.15:135 tcp
US 71.172.229.16:135 tcp
US 71.172.229.17:135 tcp
US 71.172.229.18:135 tcp
US 71.172.229.19:135 tcp
US 71.172.229.20:135 tcp
US 8.8.8.8:53 kimble.org udp
TR 5.47.122.21:135 tcp
TR 5.47.122.22:135 tcp
TR 5.47.122.23:135 tcp
TR 5.47.122.24:135 tcp
TR 5.47.122.25:135 tcp
TR 5.47.122.26:135 tcp
TR 5.47.122.27:135 tcp
TR 5.47.122.28:135 tcp
TR 5.47.122.29:135 tcp
TR 5.47.122.30:135 tcp
TR 5.47.122.31:135 tcp
TR 5.47.122.32:135 tcp
TR 5.47.122.33:135 tcp
TR 5.47.122.34:135 tcp
TR 5.47.122.35:135 tcp
TR 5.47.122.36:135 tcp
TR 5.47.122.37:135 tcp
TR 5.47.122.38:135 tcp
TR 5.47.122.39:135 tcp
TR 5.47.122.40:135 tcp
US 71.172.229.21:135 tcp
US 71.172.229.22:135 tcp
US 71.172.229.23:135 tcp
US 71.172.229.24:135 tcp
US 71.172.229.25:135 tcp
US 71.172.229.26:135 tcp
US 71.172.229.27:135 tcp
US 71.172.229.28:135 tcp
US 71.172.229.29:135 tcp
US 71.172.229.30:135 tcp
US 71.172.229.31:135 tcp
US 71.172.229.32:135 tcp
US 71.172.229.33:135 tcp
US 71.172.229.34:135 tcp
US 71.172.229.35:135 tcp
US 71.172.229.36:135 tcp
US 71.172.229.37:135 tcp
US 71.172.229.38:135 tcp
US 71.172.229.39:135 tcp
US 71.172.229.40:135 tcp
TR 5.47.122.41:135 tcp
TR 5.47.122.42:135 tcp
TR 5.47.122.43:135 tcp
TR 5.47.122.44:135 tcp
TR 5.47.122.45:135 tcp
TR 5.47.122.46:135 tcp
TR 5.47.122.47:135 tcp
TR 5.47.122.48:135 tcp
TR 5.47.122.49:135 tcp
TR 5.47.122.50:135 tcp
TR 5.47.122.51:135 tcp
TR 5.47.122.52:135 tcp
TR 5.47.122.53:135 tcp
TR 5.47.122.54:135 tcp
TR 5.47.122.55:135 tcp
TR 5.47.122.56:135 tcp
TR 5.47.122.57:135 tcp
TR 5.47.122.58:135 tcp
TR 5.47.122.59:135 tcp
TR 5.47.122.60:135 tcp
US 71.172.229.41:135 tcp
US 71.172.229.42:135 tcp
US 71.172.229.43:135 tcp
US 71.172.229.44:135 tcp
US 71.172.229.45:135 tcp
US 71.172.229.46:135 tcp
US 71.172.229.47:135 tcp
US 71.172.229.48:135 tcp
US 71.172.229.49:135 tcp
US 71.172.229.50:135 tcp
US 71.172.229.51:135 tcp
US 71.172.229.52:135 tcp
US 71.172.229.53:135 tcp
US 71.172.229.54:135 tcp
US 71.172.229.55:135 tcp
US 71.172.229.56:135 tcp
US 71.172.229.57:135 tcp
US 71.172.229.58:135 tcp
US 71.172.229.59:135 tcp
US 71.172.229.60:135 tcp
TR 5.47.122.61:135 tcp
TR 5.47.122.62:135 tcp
TR 5.47.122.63:135 tcp
TR 5.47.122.64:135 tcp
TR 5.47.122.65:135 tcp
TR 5.47.122.66:135 tcp
TR 5.47.122.67:135 tcp
TR 5.47.122.68:135 tcp
TR 5.47.122.69:135 tcp
TR 5.47.122.70:135 tcp
TR 5.47.122.71:135 tcp
TR 5.47.122.72:135 tcp
TR 5.47.122.73:135 tcp
TR 5.47.122.74:135 tcp
TR 5.47.122.75:135 tcp
TR 5.47.122.76:135 tcp
TR 5.47.122.77:135 tcp
TR 5.47.122.78:135 tcp
TR 5.47.122.79:135 tcp
TR 5.47.122.80:135 tcp
US 3.134.125.175:19521 0.tcp.ngrok.io tcp
US 71.172.229.61:135 tcp
US 71.172.229.62:135 tcp
US 71.172.229.63:135 tcp
US 71.172.229.64:135 tcp
US 71.172.229.65:135 tcp
US 71.172.229.66:135 tcp
US 71.172.229.67:135 tcp
US 71.172.229.68:135 tcp
US 71.172.229.69:135 tcp
US 71.172.229.70:135 tcp
US 71.172.229.71:135 tcp
US 71.172.229.72:135 tcp
US 71.172.229.73:135 tcp
US 71.172.229.74:135 tcp
US 71.172.229.75:135 tcp
US 71.172.229.76:135 tcp
US 71.172.229.77:135 tcp
US 71.172.229.78:135 tcp
US 71.172.229.79:135 tcp
US 71.172.229.80:135 tcp
TR 5.47.122.81:135 tcp
TR 5.47.122.82:135 tcp
TR 5.47.122.83:135 tcp
TR 5.47.122.84:135 tcp
TR 5.47.122.85:135 tcp
TR 5.47.122.86:135 tcp
TR 5.47.122.87:135 tcp
TR 5.47.122.88:135 tcp
TR 5.47.122.89:135 tcp
TR 5.47.122.90:135 tcp
TR 5.47.122.91:135 tcp
TR 5.47.122.92:135 tcp
TR 5.47.122.93:135 tcp
TR 5.47.122.94:135 tcp
TR 5.47.122.95:135 tcp
TR 5.47.122.96:135 tcp
TR 5.47.122.97:135 tcp
TR 5.47.122.98:135 tcp
TR 5.47.122.99:135 tcp
TR 5.47.122.100:135 tcp
US 71.172.229.81:135 tcp
US 71.172.229.82:135 tcp
US 71.172.229.83:135 tcp
US 71.172.229.84:135 tcp
US 71.172.229.85:135 tcp
US 71.172.229.86:135 tcp
US 71.172.229.87:135 tcp
US 71.172.229.88:135 tcp
US 71.172.229.89:135 tcp
US 71.172.229.90:135 tcp
US 71.172.229.91:135 tcp
US 71.172.229.92:135 tcp
US 71.172.229.93:135 tcp
US 71.172.229.94:135 tcp
US 71.172.229.95:135 tcp
US 71.172.229.96:135 tcp
US 71.172.229.97:135 tcp
US 71.172.229.98:135 tcp
US 71.172.229.99:135 tcp
US 71.172.229.100:135 tcp
TR 5.47.122.101:135 tcp
TR 5.47.122.102:135 tcp
TR 5.47.122.103:135 tcp
TR 5.47.122.104:135 tcp
TR 5.47.122.105:135 tcp
TR 5.47.122.106:135 tcp
TR 5.47.122.107:135 tcp
TR 5.47.122.108:135 tcp
TR 5.47.122.109:135 tcp
TR 5.47.122.110:135 tcp
TR 5.47.122.111:135 tcp
TR 5.47.122.112:135 tcp
TR 5.47.122.113:135 tcp
TR 5.47.122.114:135 tcp
TR 5.47.122.115:135 tcp
TR 5.47.122.116:135 tcp
TR 5.47.122.117:135 tcp
TR 5.47.122.118:135 tcp
TR 5.47.122.119:135 tcp
TR 5.47.122.120:135 tcp
US 71.172.229.101:135 tcp
US 71.172.229.102:135 tcp
US 71.172.229.103:135 tcp
US 71.172.229.104:135 tcp
US 71.172.229.105:135 tcp
US 71.172.229.106:135 tcp
US 71.172.229.107:135 tcp
US 71.172.229.108:135 tcp
US 71.172.229.109:135 tcp
US 71.172.229.110:135 tcp
US 71.172.229.111:135 tcp
US 71.172.229.112:135 tcp
US 71.172.229.113:135 tcp
US 71.172.229.114:135 tcp
US 71.172.229.115:135 tcp
US 71.172.229.116:135 tcp
US 71.172.229.117:135 tcp
US 71.172.229.118:135 tcp
US 71.172.229.119:135 tcp
US 71.172.229.120:135 tcp
TR 5.47.122.121:135 tcp
TR 5.47.122.122:135 tcp
TR 5.47.122.123:135 tcp
TR 5.47.122.124:135 tcp
TR 5.47.122.125:135 tcp
TR 5.47.122.126:135 tcp
TR 5.47.122.127:135 tcp
TR 5.47.122.128:135 tcp
TR 5.47.122.129:135 tcp
TR 5.47.122.130:135 tcp
TR 5.47.122.131:135 tcp
TR 5.47.122.132:135 tcp
TR 5.47.122.133:135 tcp
TR 5.47.122.134:135 tcp
TR 5.47.122.135:135 tcp
TR 5.47.122.136:135 tcp
TR 5.47.122.137:135 tcp
TR 5.47.122.138:135 tcp
TR 5.47.122.139:135 tcp
TR 5.47.122.140:135 tcp
US 3.134.125.175:19521 0.tcp.ngrok.io tcp
US 71.172.229.121:135 tcp
US 71.172.229.122:135 tcp
US 71.172.229.123:135 tcp
US 71.172.229.124:135 tcp
US 71.172.229.125:135 tcp
US 71.172.229.126:135 tcp
US 71.172.229.127:135 tcp
US 71.172.229.128:135 tcp
US 71.172.229.129:135 tcp
US 71.172.229.130:135 tcp
US 71.172.229.131:135 tcp
US 71.172.229.132:135 tcp
US 71.172.229.133:135 tcp
US 71.172.229.134:135 tcp
US 71.172.229.135:135 tcp
US 71.172.229.136:135 tcp
US 71.172.229.137:135 tcp
US 71.172.229.138:135 tcp
US 71.172.229.139:135 tcp
US 71.172.229.140:135 tcp
TR 5.47.122.141:135 tcp
TR 5.47.122.142:135 tcp
TR 5.47.122.143:135 tcp
TR 5.47.122.144:135 tcp
TR 5.47.122.145:135 tcp
TR 5.47.122.146:135 tcp
TR 5.47.122.147:135 tcp
TR 5.47.122.148:135 tcp
TR 5.47.122.149:135 tcp
TR 5.47.122.150:135 tcp
TR 5.47.122.151:135 tcp
TR 5.47.122.152:135 tcp
TR 5.47.122.153:135 tcp
TR 5.47.122.154:135 tcp
TR 5.47.122.155:135 tcp
TR 5.47.122.156:135 tcp
TR 5.47.122.157:135 tcp
TR 5.47.122.158:135 tcp
TR 5.47.122.159:135 tcp
TR 5.47.122.160:135 tcp
US 71.172.229.141:135 tcp
US 71.172.229.142:135 tcp
US 71.172.229.143:135 tcp
US 71.172.229.144:135 tcp
US 71.172.229.145:135 tcp
US 71.172.229.146:135 tcp
US 71.172.229.147:135 tcp
US 71.172.229.148:135 tcp
US 71.172.229.149:135 tcp
US 71.172.229.150:135 tcp
US 71.172.229.151:135 tcp
US 71.172.229.152:135 tcp
US 71.172.229.153:135 tcp
US 71.172.229.154:135 tcp
US 71.172.229.155:135 tcp
US 71.172.229.156:135 tcp
US 71.172.229.157:135 tcp
US 71.172.229.158:135 tcp
US 71.172.229.159:135 tcp
US 71.172.229.160:135 tcp
TR 5.47.122.161:135 tcp
TR 5.47.122.162:135 tcp
TR 5.47.122.163:135 tcp
TR 5.47.122.164:135 tcp
TR 5.47.122.165:135 tcp
TR 5.47.122.166:135 tcp
TR 5.47.122.167:135 tcp
TR 5.47.122.168:135 tcp
TR 5.47.122.169:135 tcp
TR 5.47.122.170:135 tcp
TR 5.47.122.171:135 tcp
TR 5.47.122.172:135 tcp
TR 5.47.122.173:135 tcp
TR 5.47.122.174:135 tcp
TR 5.47.122.175:135 tcp
TR 5.47.122.176:135 tcp
TR 5.47.122.177:135 tcp
TR 5.47.122.178:135 tcp
TR 5.47.122.179:135 tcp
TR 5.47.122.180:135 tcp
US 71.172.229.161:135 tcp
US 71.172.229.162:135 tcp
US 71.172.229.163:135 tcp
US 71.172.229.164:135 tcp
US 71.172.229.165:135 tcp
US 71.172.229.166:135 tcp
US 71.172.229.167:135 tcp
US 71.172.229.168:135 tcp
US 71.172.229.169:135 tcp
US 71.172.229.170:135 tcp
US 71.172.229.171:135 tcp
US 71.172.229.172:135 tcp
US 71.172.229.173:135 tcp
US 71.172.229.174:135 tcp
US 71.172.229.175:135 tcp
US 71.172.229.176:135 tcp
US 71.172.229.177:135 tcp
US 71.172.229.178:135 tcp
US 71.172.229.179:135 tcp
US 71.172.229.180:135 tcp
TR 5.47.122.181:135 tcp
TR 5.47.122.182:135 tcp
TR 5.47.122.183:135 tcp
TR 5.47.122.184:135 tcp
TR 5.47.122.185:135 tcp
TR 5.47.122.186:135 tcp
TR 5.47.122.187:135 tcp
TR 5.47.122.188:135 tcp
TR 5.47.122.189:135 tcp
TR 5.47.122.190:135 tcp
TR 5.47.122.191:135 tcp
TR 5.47.122.192:135 tcp
TR 5.47.122.193:135 tcp
TR 5.47.122.194:135 tcp
TR 5.47.122.195:135 tcp
TR 5.47.122.196:135 tcp
TR 5.47.122.197:135 tcp
TR 5.47.122.198:135 tcp
TR 5.47.122.199:135 tcp
TR 5.47.122.200:135 tcp
US 3.134.125.175:19521 0.tcp.ngrok.io tcp
US 71.172.229.181:135 tcp
US 71.172.229.182:135 tcp
US 71.172.229.183:135 tcp
US 71.172.229.184:135 tcp
US 71.172.229.185:135 tcp
US 71.172.229.186:135 tcp
US 71.172.229.187:135 tcp
US 71.172.229.188:135 tcp
US 71.172.229.189:135 tcp
US 71.172.229.190:135 tcp
US 71.172.229.191:135 tcp
US 71.172.229.192:135 tcp
US 71.172.229.193:135 tcp
US 71.172.229.194:135 tcp
US 71.172.229.195:135 tcp
US 71.172.229.196:135 tcp
US 71.172.229.197:135 tcp
US 71.172.229.198:135 tcp
US 71.172.229.199:135 tcp
US 71.172.229.200:135 tcp
TR 5.47.122.201:135 tcp
TR 5.47.122.202:135 tcp
TR 5.47.122.203:135 tcp
TR 5.47.122.204:135 tcp
TR 5.47.122.205:135 tcp
TR 5.47.122.206:135 tcp
TR 5.47.122.207:135 tcp
TR 5.47.122.208:135 tcp
TR 5.47.122.209:135 tcp
TR 5.47.122.210:135 tcp
TR 5.47.122.211:135 tcp
TR 5.47.122.212:135 tcp
TR 5.47.122.213:135 tcp
TR 5.47.122.214:135 tcp
TR 5.47.122.215:135 tcp
TR 5.47.122.216:135 tcp
TR 5.47.122.217:135 tcp
TR 5.47.122.218:135 tcp
TR 5.47.122.219:135 tcp
TR 5.47.122.220:135 tcp
US 71.172.229.201:135 tcp
US 71.172.229.202:135 tcp
US 71.172.229.203:135 tcp
US 71.172.229.204:135 tcp
US 71.172.229.205:135 tcp
US 71.172.229.206:135 tcp
US 71.172.229.207:135 tcp
US 71.172.229.208:135 tcp
US 71.172.229.209:135 tcp
US 71.172.229.210:135 tcp
US 71.172.229.211:135 tcp
US 71.172.229.212:135 tcp
US 71.172.229.213:135 tcp
US 71.172.229.214:135 tcp
US 71.172.229.215:135 tcp
US 71.172.229.216:135 tcp
US 71.172.229.217:135 tcp
US 71.172.229.218:135 tcp
US 71.172.229.219:135 tcp
US 71.172.229.220:135 tcp
TR 5.47.122.221:135 tcp
TR 5.47.122.222:135 tcp
TR 5.47.122.223:135 tcp
TR 5.47.122.224:135 tcp
TR 5.47.122.225:135 tcp
TR 5.47.122.226:135 tcp
TR 5.47.122.227:135 tcp
TR 5.47.122.228:135 tcp
TR 5.47.122.229:135 tcp
TR 5.47.122.230:135 tcp
TR 5.47.122.231:135 tcp
TR 5.47.122.232:135 tcp
TR 5.47.122.233:135 tcp
TR 5.47.122.234:135 tcp
TR 5.47.122.235:135 tcp
TR 5.47.122.236:135 tcp
TR 5.47.122.237:135 tcp
TR 5.47.122.238:135 tcp
TR 5.47.122.239:135 tcp
TR 5.47.122.240:135 tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 71.172.229.221:135 tcp
US 71.172.229.222:135 tcp
US 71.172.229.223:135 tcp
US 71.172.229.224:135 tcp
US 71.172.229.225:135 tcp
US 71.172.229.226:135 tcp
US 71.172.229.227:135 tcp
US 71.172.229.228:135 tcp
US 71.172.229.229:135 tcp
US 71.172.229.230:135 tcp
US 71.172.229.231:135 tcp
US 71.172.229.232:135 tcp
US 71.172.229.233:135 tcp
US 71.172.229.234:135 tcp
US 71.172.229.235:135 tcp
US 71.172.229.236:135 tcp
US 71.172.229.237:135 tcp
US 71.172.229.238:135 tcp
US 71.172.229.239:135 tcp
US 71.172.229.240:135 tcp
TR 5.47.122.241:135 tcp
TR 5.47.122.242:135 tcp
TR 5.47.122.243:135 tcp
TR 5.47.122.244:135 tcp
TR 5.47.122.245:135 tcp
TR 5.47.122.246:135 tcp
TR 5.47.122.247:135 tcp
TR 5.47.122.248:135 tcp
TR 5.47.122.249:135 tcp
TR 5.47.122.250:135 tcp
TR 5.47.122.251:135 tcp
TR 5.47.122.252:135 tcp
TR 5.47.122.253:135 tcp
TR 5.47.122.254:135 tcp
TR 5.47.122.255:135 tcp
TR 5.47.123.0:135 tcp
TR 5.47.123.1:135 tcp
TR 5.47.123.2:135 tcp
TR 5.47.123.3:135 tcp
TR 5.47.123.4:135 tcp
US 3.134.125.175:19521 0.tcp.ngrok.io tcp
US 71.172.229.241:135 tcp
US 71.172.229.242:135 tcp
US 71.172.229.243:135 tcp
US 71.172.229.244:135 tcp
US 71.172.229.245:135 tcp
US 71.172.229.246:135 tcp
US 71.172.229.247:135 tcp
US 71.172.229.248:135 tcp
US 71.172.229.249:135 tcp
US 71.172.229.250:135 tcp
US 71.172.229.251:135 tcp
US 71.172.229.252:135 tcp
US 71.172.229.253:135 tcp
US 71.172.229.254:135 tcp
US 71.172.229.255:135 tcp
US 71.172.230.0:135 tcp
US 71.172.230.1:135 tcp
US 71.172.230.2:135 tcp
US 71.172.230.3:135 tcp
US 71.172.230.4:135 tcp
TR 5.47.123.5:135 tcp
TR 5.47.123.6:135 tcp
TR 5.47.123.7:135 tcp
TR 5.47.123.8:135 tcp
TR 5.47.123.9:135 tcp
TR 5.47.123.10:135 tcp
TR 5.47.123.11:135 tcp
TR 5.47.123.12:135 tcp
TR 5.47.123.13:135 tcp
TR 5.47.123.14:135 tcp
TR 5.47.123.15:135 tcp
TR 5.47.123.16:135 tcp
TR 5.47.123.17:135 tcp
TR 5.47.123.18:135 tcp
TR 5.47.123.19:135 tcp
TR 5.47.123.20:135 tcp
TR 5.47.123.21:135 tcp
TR 5.47.123.22:135 tcp
TR 5.47.123.23:135 tcp
TR 5.47.123.24:135 tcp
US 71.172.230.5:135 tcp
US 71.172.230.6:135 tcp
US 71.172.230.7:135 tcp
US 71.172.230.8:135 tcp
US 71.172.230.9:135 tcp
US 71.172.230.10:135 tcp
US 71.172.230.11:135 tcp
US 71.172.230.12:135 tcp
US 71.172.230.13:135 tcp
US 71.172.230.14:135 tcp
US 71.172.230.15:135 tcp
US 71.172.230.16:135 tcp
US 71.172.230.17:135 tcp
US 71.172.230.18:135 tcp
US 71.172.230.19:135 tcp
US 71.172.230.20:135 tcp
US 71.172.230.21:135 tcp
US 71.172.230.22:135 tcp
US 71.172.230.23:135 tcp
US 71.172.230.24:135 tcp
TR 5.47.123.25:135 tcp
TR 5.47.123.26:135 tcp
TR 5.47.123.27:135 tcp
TR 5.47.123.28:135 tcp
TR 5.47.123.29:135 tcp
TR 5.47.123.30:135 tcp
TR 5.47.123.31:135 tcp
TR 5.47.123.32:135 tcp
TR 5.47.123.33:135 tcp
TR 5.47.123.34:135 tcp
TR 5.47.123.35:135 tcp
TR 5.47.123.36:135 tcp
TR 5.47.123.37:135 tcp
TR 5.47.123.38:135 tcp
TR 5.47.123.39:135 tcp
TR 5.47.123.40:135 tcp
TR 5.47.123.41:135 tcp
TR 5.47.123.42:135 tcp
TR 5.47.123.43:135 tcp
TR 5.47.123.44:135 tcp
US 71.172.230.25:135 tcp
US 71.172.230.26:135 tcp
US 71.172.230.27:135 tcp
US 71.172.230.28:135 tcp
US 71.172.230.29:135 tcp
US 71.172.230.30:135 tcp
US 71.172.230.31:135 tcp
US 71.172.230.32:135 tcp
US 71.172.230.33:135 tcp
US 71.172.230.34:135 tcp
US 71.172.230.35:135 tcp
US 71.172.230.36:135 tcp
US 71.172.230.37:135 tcp
US 71.172.230.38:135 tcp
US 71.172.230.39:135 tcp
US 71.172.230.40:135 tcp
US 71.172.230.41:135 tcp
US 71.172.230.42:135 tcp
US 71.172.230.43:135 tcp
US 71.172.230.44:135 tcp
TR 5.47.123.45:135 tcp
TR 5.47.123.46:135 tcp
TR 5.47.123.47:135 tcp
TR 5.47.123.48:135 tcp
TR 5.47.123.49:135 tcp
TR 5.47.123.50:135 tcp
TR 5.47.123.51:135 tcp
TR 5.47.123.52:135 tcp
TR 5.47.123.53:135 tcp
TR 5.47.123.54:135 tcp
TR 5.47.123.55:135 tcp
TR 5.47.123.56:135 tcp
TR 5.47.123.57:135 tcp
TR 5.47.123.58:135 tcp
TR 5.47.123.59:135 tcp
TR 5.47.123.60:135 tcp
TR 5.47.123.61:135 tcp
TR 5.47.123.62:135 tcp
TR 5.47.123.63:135 tcp
TR 5.47.123.64:135 tcp
US 3.134.125.175:19521 0.tcp.ngrok.io tcp
US 71.172.230.45:135 tcp
US 71.172.230.46:135 tcp
US 71.172.230.47:135 tcp
US 71.172.230.48:135 tcp
US 71.172.230.49:135 tcp
US 71.172.230.50:135 tcp
US 71.172.230.51:135 tcp
US 71.172.230.52:135 tcp
US 71.172.230.53:135 tcp
US 71.172.230.54:135 tcp
US 71.172.230.55:135 tcp
US 71.172.230.56:135 tcp
US 71.172.230.57:135 tcp
US 71.172.230.58:135 tcp
US 71.172.230.59:135 tcp
US 71.172.230.60:135 tcp
US 71.172.230.61:135 tcp
US 71.172.230.62:135 tcp
US 71.172.230.63:135 tcp
US 71.172.230.64:135 tcp
TR 5.47.123.65:135 tcp
TR 5.47.123.66:135 tcp
TR 5.47.123.67:135 tcp
TR 5.47.123.68:135 tcp
TR 5.47.123.69:135 tcp
TR 5.47.123.70:135 tcp
TR 5.47.123.71:135 tcp
TR 5.47.123.72:135 tcp
TR 5.47.123.73:135 tcp
TR 5.47.123.74:135 tcp
TR 5.47.123.75:135 tcp
TR 5.47.123.76:135 tcp
TR 5.47.123.77:135 tcp
TR 5.47.123.78:135 tcp
TR 5.47.123.79:135 tcp
TR 5.47.123.80:135 tcp
TR 5.47.123.81:135 tcp
TR 5.47.123.82:135 tcp
TR 5.47.123.83:135 tcp
TR 5.47.123.84:135 tcp
US 71.172.230.65:135 tcp
US 71.172.230.66:135 tcp
US 71.172.230.67:135 tcp
US 71.172.230.68:135 tcp
US 71.172.230.69:135 tcp
US 71.172.230.70:135 tcp
US 71.172.230.71:135 tcp
US 71.172.230.72:135 tcp
US 71.172.230.73:135 tcp
US 71.172.230.74:135 tcp
US 71.172.230.75:135 tcp
US 71.172.230.76:135 tcp
US 71.172.230.77:135 tcp
US 71.172.230.78:135 tcp
US 71.172.230.79:135 tcp
US 71.172.230.80:135 tcp
US 71.172.230.81:135 tcp
US 71.172.230.82:135 tcp
US 71.172.230.83:135 tcp
US 71.172.230.84:135 tcp
TR 5.47.123.85:135 tcp
TR 5.47.123.86:135 tcp
TR 5.47.123.87:135 tcp
TR 5.47.123.88:135 tcp
TR 5.47.123.89:135 tcp
TR 5.47.123.90:135 tcp
TR 5.47.123.91:135 tcp
TR 5.47.123.92:135 tcp
TR 5.47.123.93:135 tcp
TR 5.47.123.94:135 tcp
TR 5.47.123.95:135 tcp
TR 5.47.123.96:135 tcp
TR 5.47.123.97:135 tcp
TR 5.47.123.98:135 tcp
TR 5.47.123.99:135 tcp
TR 5.47.123.100:135 tcp
TR 5.47.123.101:135 tcp
TR 5.47.123.102:135 tcp
TR 5.47.123.103:135 tcp
TR 5.47.123.104:135 tcp
US 71.172.230.85:135 tcp
US 71.172.230.86:135 tcp
US 71.172.230.87:135 tcp
US 71.172.230.88:135 tcp
US 71.172.230.89:135 tcp
US 71.172.230.90:135 tcp
US 71.172.230.91:135 tcp
US 71.172.230.92:135 tcp
US 71.172.230.93:135 tcp
US 71.172.230.94:135 tcp
US 71.172.230.95:135 tcp
US 71.172.230.96:135 tcp
US 71.172.230.97:135 tcp
US 71.172.230.98:135 tcp
US 71.172.230.99:135 tcp
US 71.172.230.100:135 tcp
US 71.172.230.101:135 tcp
US 71.172.230.102:135 tcp
US 71.172.230.103:135 tcp
US 71.172.230.104:135 tcp
TR 5.47.123.105:135 tcp
TR 5.47.123.106:135 tcp
TR 5.47.123.107:135 tcp
TR 5.47.123.108:135 tcp
TR 5.47.123.109:135 tcp
TR 5.47.123.110:135 tcp
TR 5.47.123.111:135 tcp
TR 5.47.123.112:135 tcp
TR 5.47.123.113:135 tcp
TR 5.47.123.114:135 tcp
TR 5.47.123.115:135 tcp
TR 5.47.123.116:135 tcp
TR 5.47.123.117:135 tcp
TR 5.47.123.118:135 tcp
TR 5.47.123.119:135 tcp
TR 5.47.123.120:135 tcp
TR 5.47.123.121:135 tcp
TR 5.47.123.122:135 tcp
TR 5.47.123.123:135 tcp
TR 5.47.123.124:135 tcp
US 3.134.125.175:19521 0.tcp.ngrok.io tcp
US 71.172.230.105:135 tcp
US 71.172.230.106:135 tcp
US 71.172.230.107:135 tcp
US 71.172.230.108:135 tcp
US 71.172.230.109:135 tcp
US 71.172.230.110:135 tcp
US 71.172.230.111:135 tcp
US 71.172.230.112:135 tcp
US 71.172.230.113:135 tcp
US 71.172.230.114:135 tcp
US 71.172.230.115:135 tcp
US 71.172.230.116:135 tcp
US 71.172.230.117:135 tcp
US 71.172.230.118:135 tcp
US 71.172.230.119:135 tcp
US 71.172.230.120:135 tcp
US 71.172.230.121:135 tcp
US 71.172.230.122:135 tcp
US 71.172.230.123:135 tcp
US 71.172.230.124:135 tcp
TR 5.47.123.125:135 tcp
TR 5.47.123.126:135 tcp
TR 5.47.123.127:135 tcp
TR 5.47.123.128:135 tcp
TR 5.47.123.129:135 tcp
TR 5.47.123.130:135 tcp
TR 5.47.123.131:135 tcp
TR 5.47.123.132:135 tcp
TR 5.47.123.133:135 tcp
TR 5.47.123.134:135 tcp
TR 5.47.123.135:135 tcp
TR 5.47.123.136:135 tcp
TR 5.47.123.137:135 tcp
TR 5.47.123.138:135 tcp
TR 5.47.123.139:135 tcp
TR 5.47.123.140:135 tcp
TR 5.47.123.141:135 tcp
TR 5.47.123.142:135 tcp
TR 5.47.123.143:135 tcp
TR 5.47.123.144:135 tcp
US 71.172.230.125:135 tcp
US 71.172.230.126:135 tcp
US 71.172.230.127:135 tcp
US 71.172.230.128:135 tcp
US 71.172.230.129:135 tcp
US 71.172.230.130:135 tcp
US 71.172.230.131:135 tcp
US 71.172.230.132:135 tcp
US 71.172.230.133:135 tcp
US 71.172.230.134:135 tcp
US 71.172.230.135:135 tcp
US 71.172.230.136:135 tcp
US 71.172.230.137:135 tcp
US 71.172.230.138:135 tcp
US 71.172.230.139:135 tcp
US 71.172.230.140:135 tcp
US 71.172.230.141:135 tcp
US 71.172.230.142:135 tcp
US 71.172.230.143:135 tcp
US 71.172.230.144:135 tcp
TR 5.47.123.145:135 tcp
TR 5.47.123.146:135 tcp
TR 5.47.123.147:135 tcp
TR 5.47.123.148:135 tcp
TR 5.47.123.149:135 tcp
TR 5.47.123.150:135 tcp
TR 5.47.123.151:135 tcp
TR 5.47.123.152:135 tcp
TR 5.47.123.153:135 tcp
TR 5.47.123.154:135 tcp
TR 5.47.123.155:135 tcp
TR 5.47.123.156:135 tcp
TR 5.47.123.157:135 tcp
TR 5.47.123.158:135 tcp
TR 5.47.123.159:135 tcp
TR 5.47.123.160:135 tcp
TR 5.47.123.161:135 tcp
TR 5.47.123.162:135 tcp
TR 5.47.123.163:135 tcp
TR 5.47.123.164:135 tcp
US 71.172.230.145:135 tcp
US 71.172.230.146:135 tcp
US 71.172.230.147:135 tcp
US 71.172.230.148:135 tcp
US 71.172.230.149:135 tcp
US 71.172.230.150:135 tcp
US 71.172.230.151:135 tcp
US 71.172.230.152:135 tcp
US 71.172.230.153:135 tcp
US 71.172.230.154:135 tcp
US 71.172.230.155:135 tcp
US 71.172.230.156:135 tcp
US 71.172.230.157:135 tcp
US 71.172.230.158:135 tcp
US 71.172.230.159:135 tcp
US 71.172.230.160:135 tcp
US 71.172.230.161:135 tcp
US 71.172.230.162:135 tcp
US 71.172.230.163:135 tcp
US 71.172.230.164:135 tcp
TR 5.47.123.165:135 tcp
TR 5.47.123.166:135 tcp
TR 5.47.123.167:135 tcp
TR 5.47.123.168:135 tcp
TR 5.47.123.169:135 tcp
TR 5.47.123.170:135 tcp
TR 5.47.123.171:135 tcp
TR 5.47.123.172:135 tcp
TR 5.47.123.173:135 tcp
TR 5.47.123.174:135 tcp
TR 5.47.123.175:135 tcp
TR 5.47.123.176:135 tcp
TR 5.47.123.177:135 tcp
TR 5.47.123.178:135 tcp
TR 5.47.123.179:135 tcp
TR 5.47.123.180:135 tcp
TR 5.47.123.181:135 tcp
TR 5.47.123.182:135 tcp
TR 5.47.123.183:135 tcp
TR 5.47.123.184:135 tcp
US 8.8.8.8:53 0.tcp.ngrok.io udp
US 3.13.191.225:19521 0.tcp.ngrok.io tcp
US 71.172.230.165:135 tcp
US 71.172.230.166:135 tcp
US 71.172.230.167:135 tcp
US 71.172.230.168:135 tcp
US 71.172.230.169:135 tcp
US 71.172.230.170:135 tcp
US 71.172.230.171:135 tcp
US 71.172.230.172:135 tcp
US 71.172.230.173:135 tcp
US 71.172.230.174:135 tcp
US 71.172.230.175:135 tcp
US 71.172.230.176:135 tcp
US 71.172.230.177:135 tcp
US 71.172.230.178:135 tcp
US 71.172.230.179:135 tcp
US 71.172.230.180:135 tcp
US 71.172.230.181:135 tcp
US 71.172.230.182:135 tcp
US 71.172.230.183:135 tcp
US 71.172.230.184:135 tcp
TR 5.47.123.185:135 tcp
TR 5.47.123.186:135 tcp
TR 5.47.123.187:135 tcp
TR 5.47.123.188:135 tcp
TR 5.47.123.189:135 tcp
TR 5.47.123.190:135 tcp
TR 5.47.123.191:135 tcp
TR 5.47.123.192:135 tcp
TR 5.47.123.193:135 tcp
TR 5.47.123.194:135 tcp
TR 5.47.123.195:135 tcp
TR 5.47.123.196:135 tcp
TR 5.47.123.197:135 tcp
TR 5.47.123.198:135 tcp
TR 5.47.123.199:135 tcp
TR 5.47.123.200:135 tcp
TR 5.47.123.201:135 tcp
TR 5.47.123.202:135 tcp
TR 5.47.123.203:135 tcp
TR 5.47.123.204:135 tcp
US 71.172.230.185:135 tcp
US 71.172.230.186:135 tcp
US 71.172.230.187:135 tcp
US 71.172.230.188:135 tcp
US 71.172.230.189:135 tcp
US 71.172.230.190:135 tcp
US 71.172.230.191:135 tcp
US 71.172.230.192:135 tcp
US 71.172.230.193:135 tcp
US 71.172.230.194:135 tcp
US 71.172.230.195:135 tcp
US 71.172.230.196:135 tcp
US 71.172.230.197:135 tcp
US 71.172.230.198:135 tcp
US 71.172.230.199:135 tcp
US 71.172.230.200:135 tcp
US 71.172.230.201:135 tcp
US 71.172.230.202:135 tcp
US 71.172.230.203:135 tcp
US 71.172.230.204:135 tcp
TR 5.47.123.205:135 tcp
TR 5.47.123.206:135 tcp
TR 5.47.123.207:135 tcp
TR 5.47.123.208:135 tcp
TR 5.47.123.209:135 tcp
TR 5.47.123.210:135 tcp
TR 5.47.123.211:135 tcp
TR 5.47.123.212:135 tcp
TR 5.47.123.213:135 tcp
TR 5.47.123.214:135 tcp
TR 5.47.123.215:135 tcp
TR 5.47.123.216:135 tcp
TR 5.47.123.217:135 tcp
TR 5.47.123.218:135 tcp
TR 5.47.123.219:135 tcp
TR 5.47.123.220:135 tcp
TR 5.47.123.221:135 tcp
TR 5.47.123.222:135 tcp
TR 5.47.123.223:135 tcp
TR 5.47.123.224:135 tcp
US 71.172.230.205:135 tcp
US 71.172.230.206:135 tcp
US 71.172.230.207:135 tcp
US 71.172.230.208:135 tcp
US 71.172.230.209:135 tcp
US 71.172.230.210:135 tcp
US 71.172.230.211:135 tcp
US 71.172.230.212:135 tcp
US 71.172.230.213:135 tcp
US 71.172.230.214:135 tcp
US 71.172.230.215:135 tcp
US 71.172.230.216:135 tcp
US 71.172.230.217:135 tcp
US 71.172.230.218:135 tcp
US 71.172.230.219:135 tcp
US 71.172.230.220:135 tcp
US 71.172.230.221:135 tcp
US 71.172.230.222:135 tcp
US 71.172.230.223:135 tcp
US 71.172.230.224:135 tcp
TR 5.47.123.225:135 tcp
TR 5.47.123.226:135 tcp
TR 5.47.123.227:135 tcp
TR 5.47.123.228:135 tcp
TR 5.47.123.229:135 tcp
TR 5.47.123.230:135 tcp
TR 5.47.123.231:135 tcp
TR 5.47.123.232:135 tcp
TR 5.47.123.233:135 tcp
TR 5.47.123.234:135 tcp
TR 5.47.123.235:135 tcp
TR 5.47.123.236:135 tcp
TR 5.47.123.237:135 tcp
TR 5.47.123.238:135 tcp
TR 5.47.123.239:135 tcp
TR 5.47.123.240:135 tcp
TR 5.47.123.241:135 tcp
TR 5.47.123.242:135 tcp
TR 5.47.123.243:135 tcp
TR 5.47.123.244:135 tcp
US 3.13.191.225:19521 0.tcp.ngrok.io tcp
US 71.172.230.225:135 tcp
US 71.172.230.226:135 tcp
US 71.172.230.227:135 tcp
US 71.172.230.228:135 tcp
US 71.172.230.229:135 tcp
US 71.172.230.230:135 tcp
US 71.172.230.231:135 tcp
US 71.172.230.232:135 tcp
US 71.172.230.233:135 tcp
US 71.172.230.234:135 tcp
US 71.172.230.235:135 tcp
US 71.172.230.236:135 tcp
US 71.172.230.237:135 tcp
US 71.172.230.238:135 tcp
US 71.172.230.239:135 tcp
US 71.172.230.240:135 tcp
US 71.172.230.241:135 tcp
US 71.172.230.242:135 tcp
US 71.172.230.243:135 tcp
US 71.172.230.244:135 tcp
TR 5.47.123.245:135 tcp
TR 5.47.123.246:135 tcp
TR 5.47.123.247:135 tcp
TR 5.47.123.248:135 tcp
TR 5.47.123.249:135 tcp
TR 5.47.123.250:135 tcp
TR 5.47.123.251:135 tcp
TR 5.47.123.252:135 tcp
TR 5.47.123.253:135 tcp
TR 5.47.123.254:135 tcp
TR 5.47.123.255:135 tcp
TR 5.47.124.0:135 tcp
TR 5.47.124.1:135 tcp
TR 5.47.124.2:135 tcp
TR 5.47.124.3:135 tcp
TR 5.47.124.4:135 tcp
TR 5.47.124.5:135 tcp
TR 5.47.124.6:135 tcp
TR 5.47.124.7:135 tcp
TR 5.47.124.8:135 tcp
US 71.172.230.245:135 tcp
US 71.172.230.246:135 tcp
US 71.172.230.247:135 tcp
US 71.172.230.248:135 tcp
US 71.172.230.249:135 tcp
US 71.172.230.250:135 tcp
US 71.172.230.251:135 tcp
US 71.172.230.252:135 tcp
US 71.172.230.253:135 tcp
US 71.172.230.254:135 tcp
US 71.172.230.255:135 tcp
US 71.172.231.0:135 tcp
US 71.172.231.1:135 tcp
US 71.172.231.2:135 tcp
US 71.172.231.3:135 tcp
US 71.172.231.4:135 tcp
US 71.172.231.5:135 tcp
US 71.172.231.6:135 tcp
US 71.172.231.7:135 tcp
US 71.172.231.8:135 tcp
TR 5.47.124.9:135 tcp
TR 5.47.124.10:135 tcp
TR 5.47.124.11:135 tcp
TR 5.47.124.12:135 tcp
TR 5.47.124.13:135 tcp
TR 5.47.124.14:135 tcp
TR 5.47.124.15:135 tcp
TR 5.47.124.16:135 tcp
TR 5.47.124.17:135 tcp
TR 5.47.124.18:135 tcp
TR 5.47.124.19:135 tcp
TR 5.47.124.20:135 tcp
TR 5.47.124.21:135 tcp
TR 5.47.124.22:135 tcp
TR 5.47.124.23:135 tcp
TR 5.47.124.24:135 tcp
TR 5.47.124.25:135 tcp
TR 5.47.124.26:135 tcp
TR 5.47.124.27:135 tcp
TR 5.47.124.28:135 tcp
US 71.172.231.9:135 tcp
US 71.172.231.10:135 tcp
US 71.172.231.11:135 tcp
US 71.172.231.12:135 tcp
US 71.172.231.13:135 tcp
US 71.172.231.14:135 tcp
US 71.172.231.15:135 tcp
US 71.172.231.16:135 tcp
US 71.172.231.17:135 tcp
US 71.172.231.18:135 tcp
US 71.172.231.19:135 tcp
US 71.172.231.20:135 tcp
US 71.172.231.21:135 tcp
US 71.172.231.22:135 tcp
US 71.172.231.23:135 tcp
US 71.172.231.24:135 tcp
US 71.172.231.25:135 tcp
US 71.172.231.26:135 tcp
US 71.172.231.27:135 tcp
US 71.172.231.28:135 tcp
TR 5.47.124.29:135 tcp
TR 5.47.124.30:135 tcp
TR 5.47.124.31:135 tcp
TR 5.47.124.32:135 tcp
TR 5.47.124.33:135 tcp
TR 5.47.124.34:135 tcp
TR 5.47.124.35:135 tcp
TR 5.47.124.36:135 tcp
TR 5.47.124.37:135 tcp
TR 5.47.124.38:135 tcp
TR 5.47.124.39:135 tcp
TR 5.47.124.40:135 tcp
TR 5.47.124.41:135 tcp
TR 5.47.124.42:135 tcp
TR 5.47.124.43:135 tcp
TR 5.47.124.44:135 tcp
TR 5.47.124.45:135 tcp
TR 5.47.124.46:135 tcp
TR 5.47.124.47:135 tcp
TR 5.47.124.48:135 tcp
US 3.13.191.225:19521 0.tcp.ngrok.io tcp
US 71.172.231.29:135 tcp
US 71.172.231.30:135 tcp
US 71.172.231.31:135 tcp
US 71.172.231.32:135 tcp
US 71.172.231.33:135 tcp
US 71.172.231.34:135 tcp
US 71.172.231.35:135 tcp
US 71.172.231.36:135 tcp
US 71.172.231.37:135 tcp
US 71.172.231.38:135 tcp
US 71.172.231.39:135 tcp
US 71.172.231.40:135 tcp
US 71.172.231.41:135 tcp
US 71.172.231.42:135 tcp
US 71.172.231.43:135 tcp
US 71.172.231.44:135 tcp
US 71.172.231.45:135 tcp
US 71.172.231.46:135 tcp
US 71.172.231.47:135 tcp
US 71.172.231.48:135 tcp
TR 5.47.124.49:135 tcp
TR 5.47.124.50:135 tcp
TR 5.47.124.51:135 tcp
TR 5.47.124.52:135 tcp
TR 5.47.124.53:135 tcp
TR 5.47.124.54:135 tcp
TR 5.47.124.55:135 tcp
TR 5.47.124.56:135 tcp
TR 5.47.124.57:135 tcp
TR 5.47.124.58:135 tcp
TR 5.47.124.59:135 tcp
TR 5.47.124.60:135 tcp
TR 5.47.124.61:135 tcp
TR 5.47.124.62:135 tcp
TR 5.47.124.63:135 tcp
TR 5.47.124.64:135 tcp
TR 5.47.124.65:135 tcp
TR 5.47.124.66:135 tcp
TR 5.47.124.67:135 tcp
TR 5.47.124.68:135 tcp
US 71.172.231.49:135 tcp
US 71.172.231.50:135 tcp
US 71.172.231.51:135 tcp
US 71.172.231.52:135 tcp
US 71.172.231.53:135 tcp
US 71.172.231.54:135 tcp
US 71.172.231.55:135 tcp
US 71.172.231.56:135 tcp
US 71.172.231.57:135 tcp
US 71.172.231.58:135 tcp
US 71.172.231.59:135 tcp
US 71.172.231.60:135 tcp
US 71.172.231.61:135 tcp
US 71.172.231.62:135 tcp
US 71.172.231.63:135 tcp
US 71.172.231.64:135 tcp
US 71.172.231.65:135 tcp
US 71.172.231.66:135 tcp
US 71.172.231.67:135 tcp
US 71.172.231.68:135 tcp
TR 5.47.124.69:135 tcp
TR 5.47.124.70:135 tcp
TR 5.47.124.71:135 tcp
TR 5.47.124.72:135 tcp
TR 5.47.124.73:135 tcp
TR 5.47.124.74:135 tcp
TR 5.47.124.75:135 tcp
TR 5.47.124.76:135 tcp
TR 5.47.124.77:135 tcp
TR 5.47.124.78:135 tcp
TR 5.47.124.79:135 tcp
TR 5.47.124.80:135 tcp
TR 5.47.124.81:135 tcp
TR 5.47.124.82:135 tcp
TR 5.47.124.83:135 tcp
TR 5.47.124.84:135 tcp
TR 5.47.124.85:135 tcp
TR 5.47.124.86:135 tcp
TR 5.47.124.87:135 tcp
TR 5.47.124.88:135 tcp
US 71.172.231.69:135 tcp
US 71.172.231.70:135 tcp
US 71.172.231.71:135 tcp
US 71.172.231.72:135 tcp
US 71.172.231.73:135 tcp
US 71.172.231.74:135 tcp
US 71.172.231.75:135 tcp
US 71.172.231.76:135 tcp
US 71.172.231.77:135 tcp
US 71.172.231.78:135 tcp
US 71.172.231.79:135 tcp
US 71.172.231.80:135 tcp
US 71.172.231.81:135 tcp
US 71.172.231.82:135 tcp
US 71.172.231.83:135 tcp
US 71.172.231.84:135 tcp
US 71.172.231.85:135 tcp
US 71.172.231.86:135 tcp
US 71.172.231.87:135 tcp
US 71.172.231.88:135 tcp
TR 5.47.124.89:135 tcp
TR 5.47.124.90:135 tcp
TR 5.47.124.91:135 tcp
TR 5.47.124.92:135 tcp
TR 5.47.124.93:135 tcp
TR 5.47.124.94:135 tcp
TR 5.47.124.95:135 tcp
TR 5.47.124.96:135 tcp
TR 5.47.124.97:135 tcp
TR 5.47.124.98:135 tcp
TR 5.47.124.99:135 tcp
TR 5.47.124.100:135 tcp
TR 5.47.124.101:135 tcp
TR 5.47.124.102:135 tcp
TR 5.47.124.103:135 tcp
TR 5.47.124.104:135 tcp
TR 5.47.124.105:135 tcp
TR 5.47.124.106:135 tcp
TR 5.47.124.107:135 tcp
TR 5.47.124.108:135 tcp
N/A 127.0.0.1:9050 tcp
US 71.172.231.89:135 tcp
US 71.172.231.90:135 tcp
US 71.172.231.91:135 tcp
US 71.172.231.92:135 tcp
US 71.172.231.93:135 tcp
US 71.172.231.94:135 tcp
US 71.172.231.95:135 tcp
US 71.172.231.96:135 tcp
US 71.172.231.97:135 tcp
US 71.172.231.98:135 tcp
US 71.172.231.99:135 tcp
US 71.172.231.100:135 tcp
US 71.172.231.101:135 tcp
US 71.172.231.102:135 tcp
US 71.172.231.103:135 tcp
US 71.172.231.104:135 tcp
US 71.172.231.105:135 tcp
US 71.172.231.106:135 tcp
US 71.172.231.107:135 tcp
US 71.172.231.108:135 tcp
TR 5.47.124.109:135 tcp
TR 5.47.124.110:135 tcp
TR 5.47.124.111:135 tcp
TR 5.47.124.112:135 tcp
TR 5.47.124.113:135 tcp
TR 5.47.124.114:135 tcp
TR 5.47.124.115:135 tcp
TR 5.47.124.116:135 tcp
TR 5.47.124.117:135 tcp
TR 5.47.124.118:135 tcp
TR 5.47.124.119:135 tcp
TR 5.47.124.120:135 tcp
TR 5.47.124.121:135 tcp
TR 5.47.124.122:135 tcp
TR 5.47.124.123:135 tcp
TR 5.47.124.124:135 tcp
TR 5.47.124.125:135 tcp
TR 5.47.124.126:135 tcp
TR 5.47.124.127:135 tcp
TR 5.47.124.128:135 tcp
US 71.172.231.109:135 tcp
US 71.172.231.110:135 tcp
US 71.172.231.111:135 tcp
US 71.172.231.112:135 tcp
US 71.172.231.113:135 tcp
US 71.172.231.114:135 tcp
US 71.172.231.115:135 tcp
US 71.172.231.116:135 tcp
US 71.172.231.117:135 tcp
US 71.172.231.118:135 tcp
US 71.172.231.119:135 tcp
US 71.172.231.120:135 tcp
US 71.172.231.121:135 tcp
US 71.172.231.122:135 tcp
US 71.172.231.123:135 tcp
US 71.172.231.124:135 tcp
US 71.172.231.125:135 tcp
US 71.172.231.126:135 tcp
US 71.172.231.127:135 tcp
US 71.172.231.128:135 tcp
TR 5.47.124.129:135 tcp
TR 5.47.124.130:135 tcp
TR 5.47.124.131:135 tcp
TR 5.47.124.132:135 tcp
TR 5.47.124.133:135 tcp
TR 5.47.124.134:135 tcp
TR 5.47.124.135:135 tcp
TR 5.47.124.136:135 tcp
TR 5.47.124.137:135 tcp
TR 5.47.124.138:135 tcp
TR 5.47.124.139:135 tcp
TR 5.47.124.140:135 tcp
TR 5.47.124.141:135 tcp
TR 5.47.124.142:135 tcp
TR 5.47.124.143:135 tcp
TR 5.47.124.144:135 tcp
TR 5.47.124.145:135 tcp
TR 5.47.124.146:135 tcp
TR 5.47.124.147:135 tcp
TR 5.47.124.148:135 tcp
US 71.172.231.129:135 tcp
US 71.172.231.130:135 tcp
US 71.172.231.131:135 tcp
US 71.172.231.132:135 tcp
US 71.172.231.133:135 tcp
US 71.172.231.134:135 tcp
US 71.172.231.135:135 tcp
US 71.172.231.136:135 tcp
US 71.172.231.137:135 tcp
US 71.172.231.138:135 tcp
US 71.172.231.139:135 tcp
US 71.172.231.140:135 tcp
US 71.172.231.141:135 tcp
US 71.172.231.142:135 tcp
US 71.172.231.143:135 tcp
US 71.172.231.144:135 tcp
US 71.172.231.145:135 tcp
US 71.172.231.146:135 tcp
US 71.172.231.147:135 tcp
US 71.172.231.148:135 tcp
TR 5.47.124.149:135 tcp
TR 5.47.124.150:135 tcp
TR 5.47.124.151:135 tcp
TR 5.47.124.152:135 tcp
TR 5.47.124.153:135 tcp
TR 5.47.124.154:135 tcp
TR 5.47.124.155:135 tcp
TR 5.47.124.156:135 tcp
TR 5.47.124.157:135 tcp
TR 5.47.124.158:135 tcp
TR 5.47.124.159:135 tcp
TR 5.47.124.160:135 tcp
TR 5.47.124.161:135 tcp
TR 5.47.124.162:135 tcp
TR 5.47.124.163:135 tcp
TR 5.47.124.164:135 tcp
TR 5.47.124.165:135 tcp
TR 5.47.124.166:135 tcp
TR 5.47.124.167:135 tcp
TR 5.47.124.168:135 tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a15dea0d79ea8ba114ad8141d7d10563
SHA1 9b730b2d809d4adef7e8b68660a05ac95b5b8478
SHA256 0c4dd77399040b8c38d41b77137861002ef209c79b486f7bbdb57b5834cd8dbf
SHA512 810fc1fb12bceae4ca3fad2a277682c2c56f0af91a329048adbeb433715b1f707927274e3e4a4479222f578e8218663533440c71b22c49735a290f907cc0af1f

\??\pipe\LOCAL\crashpad_4016_NHTHGICSYZELMIAQ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 506e03d65052f54028056da258af8ae6
SHA1 c960e67d09834d528e12e062302a97c26e317d0e
SHA256 b26d2695dfe8aed4d0d67d11b46d4542c3c9c8964533404dfe32ce7a3e6cfb98
SHA512 15da55267433c41febebbe48983023293c6d436f89a56138cef1cea7deb5cdd7d4bcf58af12835e1152a8ec59e08cfc965e521eb54eed47fe44e1f4c2d1557a4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 10a509c28456995fe212acc47a54892e
SHA1 7a3eaa8d0088b017547ba25812d29030d7f9baf8
SHA256 a63bbbce42914f5c4c66b37fd2b895faf25d549f818fd1214ae1e9b88e27d7a3
SHA512 5f7de94381c6731d020c7ec6831d945295b4febdd0b671a79649c3af86ac6e28b4ce9e595fc7e2917c0e337dd4c12e13645320048b7d130a8e6cad5a3a5c35f4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4769f9c48cef25119a1832fdb6e18a7c
SHA1 d2f5e9576e50990fcc68d10c6bc545b22eed4dad
SHA256 27abc87def51665ff325873b1a36c219328d32c70ac8e855a510ac0e6f44bd2f
SHA512 3d8816c5c2ed468a900a4cc3cadb3728ef5c2444f60dc908537010d4ed9f58ddcd24fd76401fcd53bead6421b83fc17668043cc4f9c8c0268ac403f15bc5cdf8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 17b3badd8eecfbc98ad2c152e1d87ca9
SHA1 eb5251fca1729201e1ec94d1255646ddd09b866e
SHA256 87187ddeef6579e79d35a739410f2dd53bfec23ec04f7da9c3f1281259bd3af2
SHA512 16a501910113cf8bf2fb1a40e548fcb6b5f1dbf79284b286972cea3daf284c8cfc1a250fcdb832e98d87dd7ddcd8ba4354e09c13cfd849b4a2186faa7d254806

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1538330f34d422aab2f87b6997836b0c
SHA1 8a3c8c7d42c6a875e84a81f81f8267be15d2c2ff
SHA256 0159ee86ee7cb820a18fe86a82c43114bd3cb0235cbe1c0318cb59d392dab022
SHA512 b1f0b98a61ad363f0167ea6094df52244a5e953efeb04cb422d2cbd27307d614713ea8deb68146098090df6beadb595a89c11a764dfe4a14940d37ab6efa88ff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2785db358edfe12c2297165df27bfcb2
SHA1 6364e43c0ef7caa659c69aa2398d4df26a120c25
SHA256 96ad17cfb10d42ed556c465c7bbc73cd609744a98b93e043ccc08469ac79d6fc
SHA512 3d11e46a92c7fa7e6287bcff429d0653e3f400ccfd413b37d81db8eb69a649cf489bf7fd8d0cff23cb001b2da7b6c88bcbc232ab355fd4b364d028a579676e91

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5b55ec.TMP

MD5 1e1e1da3f3f167aba7cec9c8e1a031c8
SHA1 c5ce2cf7f7ed8401313c41de79b037abd40bf200
SHA256 4aa282386ecf6aa65e50ba22f8b56324cd00348e832aea9411309fe60309aea0
SHA512 3b3bdda49246f7990a1e531487ac2d9a72184ac48f2a4ad79253d27a5a5143a276774d2634fd21105879b86b1829db5eea3562b65e25a9d24afb750f87b6d744

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 01ec8e93728dbe6ec5f67cf2b61bc95f
SHA1 0eb956ddfccbc969f048cbd496d1c8b7470e84ea
SHA256 0de9b1654c748b6f15f3cc1510de672985266a3a637d1a2935f1c65b577463a4
SHA512 9053897b4e70cde9fc3ecc784619b0483548792f17d1b05de1529775c5dd5ba9924faa0ec31af79497684f36cda57c5c2f36882f4d8d462627dbc3b206549bfb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 46578d85d9150aee40cbcfaa21e12d55
SHA1 0c43c2846c013b9b66f8e6bdd05964b335bd8b9f
SHA256 c1e6b65b2a952e8b9cbbe977e3c4c75743fc4e7807ace97c203f96406c23911d
SHA512 9c007af44aa1a36babaf18d87a39e8b2b9282af4b9898c8d86bff7ae831fc7716977c59eb1243b69339021fb1e94c42cdf62a65d9619d10b4f244dd12cd035a6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

MD5 2a8a0496c0022a0e67d77d3446340499
SHA1 ed76b29d574b4dbfa9e5dd3e21147148a310258e
SHA256 f348937ab6c6d9835af1f55e3f1d3c51197dc1c071630611ebc6d44834fc44e9
SHA512 d3767a8eafe019a15c2142d1160271ecc62f6e7d5623c0ae5fade269c8c9cf7de3b80678ed64bb9546bcf4d80fa66e11cacd19f2a7e295a6fec2a64ec8068c5c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

MD5 d6b36c7d4b06f140f860ddc91a4c659c
SHA1 ccf16571637b8d3e4c9423688c5bd06167bfb9e9
SHA256 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92
SHA512 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

MD5 2e86a72f4e82614cd4842950d2e0a716
SHA1 d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256 c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA512 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

MD5 710d7637cc7e21b62fd3efe6aba1fd27
SHA1 8645d6b137064c7b38e10c736724e17787db6cf3
SHA256 c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b
SHA512 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

MD5 1d9097f6fd8365c7ed19f621246587eb
SHA1 937676f80fd908adc63adb3deb7d0bf4b64ad30e
SHA256 a9dc0d556e1592de2aeef8eed47d099481cfb7f37ea3bf1736df764704f39ddf
SHA512 251bf8a2baf71cde89873b26ee77fe89586daf2a2a913bd8383b1b4eca391fdd28aea6396de3fdff029c6d188bf9bb5f169954e5445da2933664e70acd79f4e3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

MD5 b38fbbd0b5c8e8b4452b33d6f85df7dc
SHA1 386ba241790252df01a6a028b3238de2f995a559
SHA256 b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd
SHA512 546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037

MD5 74c0a9aceda2547c4b5554c0425b17ba
SHA1 d5d2355e5919dcf704192787f4b2fbb63b649b0f
SHA256 3b9e3adb939801b9ada1ce67afc7decef4538c016c78113697b89a35a295dd8d
SHA512 e178dce4a59cf184bcca3523e687092f4edc2a3c7af4eddf1ca1965ca06347eadf8901f851260264c14fa052331b2d1aeef2a6b9048b87758617285c9650b479

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5da7005b3113ea74c6a769bac624abc4
SHA1 fcd1ffc59f0091e03da373bd0bfd8a3ad77b83b2
SHA256 55d2f000fb62cd78877dcbe4d5ee28650b224980d80c719cc9ed2a43dbea97cc
SHA512 dfdb64f76035fd693ab1cdd83a71ce58799ea89900f75532b1620dd3cabb399ecafc5dae768cbbe5068820a39b28281115d27f1d300a3a48b2290efdd6d8cabf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 53b0eb0dd2d887115e3f336ba3d8c146
SHA1 027117960ced8e5a710143dbd69d09234bc2ffc2
SHA256 a60af278e3d34f9e09bb35789b82d3d4209ebe933973db19d0a55490400d6112
SHA512 6befe8785f46e57eaa78217c4f0a0c83b27c61b9cbd7d8bfa1f320426ff4836a1a8aa8c9b475daa1abca48223f6c174722c9b0895ed5ab7d76b363dfbfe8656b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 7d2949538d2b228937f65ae152ac44ad
SHA1 0b9684bcffa3ae4803ac6d03125d7778b44866c7
SHA256 ad03c2a7c4f41b4874529f64b6743408a5151480cdd0b4e11e97f2d9d02ada0d
SHA512 d299045c29ad661d908bbfbfaac7dfe708d1ded218a679b18239bb3aff2c2e16c56f09a3e5891468fe67a247964b6c5fc74fc9f097651e565e4d79cd042d35ae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a

MD5 b07f576446fc2d6b9923828d656cadff
SHA1 35b2a39b66c3de60e7ec273bdf5e71a7c1f4b103
SHA256 d261915939a3b9c6e9b877d3a71a3783ed5504d3492ef3f64e0cb508fee59496
SHA512 7358cbb9ddd472a97240bd43e9cc4f659ff0f24bf7c2b39c608f8d4832da001a95e21764160c8c66efd107c55ff1666a48ecc1ad4a0d72f995c0301325e1b1df

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

MD5 209af4da7e0c3b2a6471a968ba1fc992
SHA1 2240c2da3eba4f30b0c3ef2205ce7848ecff9e3f
SHA256 ecc145203f1c562cae7b733a807e9333c51d75726905a3af898154f3cefc9403
SHA512 09201e377e80a3d03616ff394d836c85712f39b65a3138924d62a1f3ede3eac192f1345761c012b0045393c501d48b5a774aeda7ab5d687e1d7971440dc1fc35

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 025b79325947ff87baa4f16fb8ba3ebf
SHA1 db7f24e9ff1ad2d0f368c7204da1147bc2bd1474
SHA256 1c8fef70fb6302e0222026b636a7af7d66e1831db7acc5d5c57a207864b5c2fa
SHA512 1a7b2049ee00fe840a34155eebd4470375827b2590b7fe8e0be17837632288c9fdd7c6fd51f131b9462cdf8e9b605f0afe01f3945a2a0c27a389d927c03e67cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 16bccdefddb58d167fb254e48baffa0f
SHA1 452d38b9e1b542571b95a765af6a68031c875f04
SHA256 703a011d2a2fb62b029b0587dbe229ab32bef8b2c5f425db1e3ad3df6135952c
SHA512 357abaf574ed430ce78845e539f60729920d464ede9ed80c02e47f89b9e9e47654115163679c3df2dbd9330729eb779e8b23b2ab09b622ae6db085aaafc83c9c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c8885739febaada234d1fd9014cc4a2c
SHA1 7728d5068728c50b7bfaa4a98b64f1b7bc0b9999
SHA256 e57bd8d795beff6e2ec223e191537b58d11eebad771ca9b9b9880f9348ea09d2
SHA512 3e7f29c0450571a0b9c72bfa441fb31c1b3134d788b17652e5c7c28e43fe44e8078b307620bae8a1b46e3b44dd5d75f8d21ec147e80c1a408b4b7b225a234a77

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d65e36d657d4b0e430db2148c5bb85fb
SHA1 a1892e49a842f408c9a073dca1f827b46f466427
SHA256 bccb6eaa624625b83c90264b8df79d6759ba173c5613b747cd99933692680727
SHA512 6308fb2c29753504f2cbb09b306cf9d9b5c98a94842303fd7052079afe27df089e197f4c479d0856e699464b5f2aab978288e46ecf41fffb2eb7b3afcbec8b19

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000054

MD5 1d9045870dbd31e2e399a4e8ecd9302f
SHA1 7857c1ebfd1b37756d106027ed03121d8e7887cf
SHA256 9b4826b8876ca2f1378b1dfe47b0c0d6e972bf9f0b3a36e299b26fbc86283885
SHA512 9419ed0a1c5e43f48a3534e36be9b2b03738e017c327e13586601381a8342c4c9b09aa9b89f80414d0d458284d2d17f48d27934a6b2d6d49450d045f49c10909

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5a0812f9c6b87066589a0a4e8a216698
SHA1 0fd38bb1e89cfd315e3b105898330249511c538a
SHA256 606669ab65c59e60ed543b1945b3f425a3105840717d4496d9d5edefb9833316
SHA512 a47d4b42b27426fc03ec250c44abf38a7a5cf1e431bfca77b4750ae0951c6d49bbd455f713fc77068bae1bc22d5a6fd4abbe8577d2cc8f97d9fa8770e360f69c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1b3aa2fc150d7b0cf68a6ed19f011eb9
SHA1 acf3ee119482e203ed7b644189b8bd36aba50bbe
SHA256 aea76f972a718d0a66acff2fc5bb68ddecaf58c86970dffd17f96c4649d37cb7
SHA512 3e348dfecc953162314b4f6e4aecda3d97609e4c1a27fd9dfb3f2ecd24a223465b40b1968c2301f958b1593ab71bfac313b2143da507c6103dee62a1eae1134f

memory/1124-1135-0x000000001BBF0000-0x000000001C0BE000-memory.dmp

memory/1124-1137-0x000000001B5D0000-0x000000001B676000-memory.dmp

memory/1124-1138-0x000000001C130000-0x000000001C192000-memory.dmp

memory/3864-1140-0x0000000000400000-0x0000000000420000-memory.dmp

memory/5052-1141-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\uRClgZblR.txt

MD5 502984a8e7a0925ac8f79ef407382140
SHA1 0e047aa443d2101eb33ac4742720cb528d9d9dba
SHA256 d25b36f2f4f5ec765a39b82f9084a9bde7eb53ac12a001e7f02df9397b83446c
SHA512 6c721b4ae08538c7ec29979da81bc433c59d6d781e0ce68174e2d0ca1abf4dbc1c353510ce65639697380ccd637b9315662d1f686fea634b7e52621590bfef17

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 60a92b07f3f536a1a399ef60329cfc96
SHA1 9336e2d22ad001d78e81cae9a47a472bf4d4b38e
SHA256 8c98bf69ce69ab7ea4e24c4175886acbbea5aefe15ea773ea5fc4df3fc1f175b
SHA512 6005b746bde61b672109e0da87064d99f1aec73cbb2e9a7cc0a1e20215d0744fd5b0fd99d4c88724a74a121ba1cd10425494f45d7d62f667711c1ef6b737d454

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b48e9cf64b538cb5ad8cf5fb7da835d0
SHA1 2896ea0f6e1e6e7fbe122b2489daf52d2969fd5d
SHA256 e0a5b8dc2987c1baa58740bedbbdd00b8eb26572e3a96a37997e080733367761
SHA512 0a3efa20c92cb500daaca9047b4980ec27b64e2e9541481e4c9fe61a4ae0e226261004ff7a372b1ee301b898eca5646bac86671a82a40b7269b73d7c6315665d

C:\Users\Admin\Downloads\Unconfirmed 89688.crdownload

MD5 70f549ae7fafc425a4c5447293f04fdb
SHA1 af4b0ed0e0212aced62d40b24ad6861dbfd67b61
SHA256 96425ae53a5517b9f47e30f6b41fdc883831039e1faba02fe28b2d5f3efcdc29
SHA512 3f83e9e6d5bc080fb5c797617078aff9bc66efcd2ffac091a97255911c64995a2d83b5e93296f7a57ff3713d92952b30a06fc38cd574c5fe58f008593040b7f0

C:\Users\Admin\AppData\Local\Temp\zipw1abo.cmdline

MD5 1b70f2300732563c194ffb9394b39574
SHA1 b5d221629e773d993e1fa2eca8508b2f777f54aa
SHA256 c82fff507994c663b060fa3c51164685cf732dd277c7c7853c6606e11c84ce59
SHA512 ee6b081ccfab01368c42cdaa2ed74b95fbd3b47e9305f02f7e239112171280140d62b7b394cfb55e7f69984cf52ccae1d0441086e27f9bd8f4062c9de24e15a3

C:\Users\Admin\AppData\Local\Temp\zipw1abo.0.vb

MD5 e4a08a8771d09ebc9b6f8c2579f79e49
SHA1 e9fcba487e1a511f4a3650ab5581911b5e88395d
SHA256 ef4c31d167a9ab650ace2442feeec1bf247e7c9813b86fbea973d2642fac1fb6
SHA512 48135e0de7b1a95d254ae351ccac0cb39c0d9a46c294507e4bf2b582c780c1b537487161396dd69584c23455950f88512e9931dbff4287c1072938e812a34dd1

C:\ProgramData\svchost\vcredist2010_x64.log-MSI_vc_red.msi.ico

MD5 fde1b01ca49aa70922404cdfcf32a643
SHA1 b0a2002c39a37a0ccaf219d42f1075471fd8b481
SHA256 741fe085e34db44b7c8ae83288697fab1359b028411c45dab2a3ca8b9ea548a5
SHA512 b6b4af427069602e929c1a6ce9d88c4634f0927b7292efb4070d15fb40ce39fc5ce868452dcd5642b2864730502de7a4c33679c936beb1a86c26a753d3f4dc25

C:\Users\Admin\AppData\Local\Temp\vbc8CAACB8FE1984209A5B4AB13BE6FC6A.TMP

MD5 249d49f34404bfbe7ed958880be39f61
SHA1 51ec83fb9190df984bf73f2c5cd1edc0edf1882a
SHA256 fcb5a4d24f24fbeaf4dc9d8e29f2701b2bb71411acb13c4fa67fe7025892912b
SHA512 082f47f59b9184dd6c88f64214e10b82656a09c5a5cf3f0eccbf7935505db473eeb9a395cb5b59ec5009e731f2aa1891670c94ff6315a0b2d4fcc0392cff0e98

C:\Users\Admin\AppData\Local\Temp\RESFA07.tmp

MD5 fd1c217999ad59d40f62126b9cbcf526
SHA1 aca3f9b8a0c21543519fe263120bcac8aaaa2ce9
SHA256 2494c8ec5254c06760c1a36f06ac63359e476c54b74f42affe44449a8cc6c44b
SHA512 b134bd72a08fa6a3f48ab7f6431c9a305c8e11641604cd4205be969d80d67e03159c2274e3539ccf8dab98bf1c994cb2acf903f1757304631e6c72fe0781d6e2

C:\Users\Admin\AppData\Local\Temp\ioqf4x0k.cmdline

MD5 19aba1457098a429435d96ca3e8b94dc
SHA1 cbac4c98ba641768e786d5a75d20bb0554410d66
SHA256 645d73398e4813bc5775e43800fbcf405956802541da734566dd1462704f5064
SHA512 aada2fa4fa6cdf2549b4f26907860e3d20fc28529da1c4ae3f45dadf11370661f73e9bf4a508d9ef934c9f3a5b8de1ae80164af262ba92c556517e1a62bd47cd

C:\Users\Admin\AppData\Local\Temp\ioqf4x0k.0.vb

MD5 acd609faf5d65b35619397dc8a3bc721
SHA1 ba681e91613d275de4b51317a83e19de2dbf1399
SHA256 4cfd86d51d0133dda53ba74f67ffe1833b4c0e9aae57afe2405f181fc602f518
SHA512 400ffd60ce7201d65e685734cea47a96abca58ca2babda8654b1d25f82d2766ca862a34f46c827249a4dc191d48f56005a9f242765d7becdda1344b8741a9d8c

C:\ProgramData\svchost\vcredist2010_x64.log.ico

MD5 bb4ff6746434c51de221387a31a00910
SHA1 43e764b72dc8de4f65d8cf15164fc7868aa76998
SHA256 546c4eeccca3320558d30eac5dc3d4726846bdc54af33aa63ac8f3e6fc128506
SHA512 1e4c405eca8d1b02147271095545434697d3d672310b4ea2ecca8715eaa9689be3f25c3d4898e7a4b42c413f258eda729a70f5ad8bc314a742082b5a6a8e9ff1

C:\Users\Admin\AppData\Local\Temp\vbcCFB7D68EBD324713A3816F68378EFD6F.TMP

MD5 abeaa4a5b438ffa58d07d9459e5c1d6c
SHA1 69631de7891162dd4840112a251f6531feae7509
SHA256 ce174412cb2889bbf162b7ebe4476da5a9c928ba5b13111d338753ccc4c0f5fd
SHA512 c9cae8bcc14661e993d97a3c7b658310a8b9c19044817589f92eab66f1bcfcecb3468b0de8b45cd68e218c23cd9c60aeef1d391af36ec03afab5c8b86d7937d4

C:\Users\Admin\AppData\Local\Temp\RESFAC3.tmp

MD5 7cf3bf0ae67b740bb79b01f4c793d3c1
SHA1 9b42c7d49cd484fc4517311dd3dd62305effed26
SHA256 97712384b49f535c256ce94bb0d2f63e8d6c31d8e1fbfa667e2ca4cfe87c1faf
SHA512 68d4a0e2e4df790cd328f43902046b3d653046e601bae15f6450f5752df4e20bac4fee8661e0206d2178b9cc61d90828d0f14b6260b92b057a709586c84bd54d

C:\Users\Admin\AppData\Local\Temp\e9em0fiw.cmdline

MD5 296108d2869e1a13ec7fad333479fa8e
SHA1 561092d2d5855f37774b5d8341ec8a2bae4b8817
SHA256 dcf72b4b84deaa720101b1fc81fb7ec3a48b200fcb2cfd55a21c01985dd64e4c
SHA512 2299dd086a3f443d4ec2c7220ca5d0956ed06a4adc7832ebadc3febd60f8d3ba224eba62b5991e9ad1d1ea5abbcb3aff0cc7d97549059e420d8d62fc86b18899

C:\Users\Admin\AppData\Local\Temp\e9em0fiw.0.vb

MD5 83f6067bca9ba771f1e1b22f3ad09be3
SHA1 f9144948829a08e507b26084b1d1b83acef1baca
SHA256 098cd6d0243a78a14ce3b52628b309b3a6ac6176e185baf6173e8083182d2231
SHA512 b93883c7018fdd015b2ef2e0f4f15184f2954c522fd818e4d8680c06063e018c6c2c7ae9d738b462268b0a4a0fe3e8418db49942105534361429aa431fb9db19

C:\Users\Admin\AppData\Local\Temp\vbc4B5FE0CD4834A4AA2B8AC25E27AD6D.TMP

MD5 d01de1982af437cbba3924f404c7b440
SHA1 ccbd4d8726966ec77be4dbe1271f7445d4f9b0ce
SHA256 518d9922618db6eea409cee46b85252f0d060b45c2f896cb82eeca22eb715598
SHA512 a219cd3df17bcf16cb57bdeea804e206a60be50084e2cb99d6d5e77d88957d79535d110b34735a4b549d3fcae528cdff8bfa5286582028ef22e8b4d60e146878

C:\Users\Admin\AppData\Local\Temp\RESFB4F.tmp

MD5 f05c04acd171db2084c096be31d3bdf1
SHA1 fa2d4b6db75936e58590ca82d5b74c79dbd8499a
SHA256 2d5074ec7dd35e7ce0c382cbfac50d086fc3cf8932e2bbb8403ec566d9f26211
SHA512 2d1c1632f68a053b8c7c1cfd50585f98dba87aab1b2fed8968c0d66ef867ef3784cebafbd69d8980f9da3f121d314c5fe2891c9540b036c6ed1a1a63605a9354

C:\Users\Admin\AppData\Local\Temp\5lgx21s2.cmdline

MD5 d48df0ce0e715e8ebf2eab2fc27f7b28
SHA1 85c5d4ea4c28373b6f92732542f2041602fb1211
SHA256 d5e6ce8df29e40b7ea1a0040050c5c91b641e2ba8418eeef11e99c07d8845946
SHA512 bc0a7f1332f10a79c9ecd7a7b7bf16e47163c3cb08dcf658074283b030c8a57c8a1a56013829c3d1a6f7c53a82f9178a9250cf97f6c83907f105371542a2b944

C:\Users\Admin\AppData\Local\Temp\5lgx21s2.0.vb

MD5 6e4e3d5b787235312c1ab5e76bb0ac1d
SHA1 8e2a217780d163865e3c02c7e52c10884d54acb6
SHA256 aec61d3fe3554246ea43bd9b993617dd6013ad0d1bc93d52ac0a77410996e706
SHA512 b2b69516073f374a6554483f5688dcdb5c95888374fb628f11a42902b15794f5fa792cf4794eae3109f79a7454b41b9be78296c034dd881c26437f081b4eaea8

C:\Users\Admin\AppData\Local\Temp\vbc577095179CB4E3F89238E21B43426E1.TMP

MD5 d56475192804e49bf9410d1a5cbd6c69
SHA1 215ecb60dc9a38d5307acb8641fa0adc52fea96c
SHA256 235e01afd8b5ad0f05911689146c2a0def9b73082998ac02fd8459682f409eee
SHA512 03338d75dd54d3920627bd4cb842c8c3fefad3c8130e1eeb0fa73b6c31b536b3d917e84578828219b4ffd2e93e1775c163b69d74708e4a8894dd437db5e22e51

C:\Users\Admin\AppData\Local\Temp\RESFBDC.tmp

MD5 c4c16dda146238bc0d6c82b60b2fb9e5
SHA1 1eb112507fb0b4eefc0d7b5410024468519823a2
SHA256 7385c9c7f5cd39f2f627894d68cb6cd0a4d2e1af4bc0158aafcb0d7fce6dc40a
SHA512 70249459ffb5ad911ccb86f7af5c486a5d7e533d1311a3698ae59bef8b5ddf7a9a6830693544748b8b22b5853d6652d403d475d16bd2ed41ed0644880157260b

C:\Users\Admin\AppData\Local\Temp\kfzd4tp6.cmdline

MD5 ceb9d4ac2fe1cc5cc07d803791698d10
SHA1 301d8a3ee6db4382fb416635eeac05300ac8f5ca
SHA256 08d053a4fa688009936b32e1b05a81722ade45afd295ef21b72182fc49f123df
SHA512 9343aab62b52a8144cb745293ad2e396e47cd359a544d7b99fe5101c874dcaa149ccefe09b114cf4a0362bfbe0485f6ede427bc0b80e785fdd3acf601d73770b

C:\Users\Admin\AppData\Local\Temp\kfzd4tp6.0.vb

MD5 197e7c770644a06b96c5d42ef659a965
SHA1 d02ffdfa2e12beff7c2c135a205bbe8164f8f4bc
SHA256 786a6fe1496a869b84e9d314cd9ca00d68a1b6b217553eff1e94c93aa6bc3552
SHA512 7848cdc1d0ec0ca3ec35e341954c5ca1a01e32e92f800409e894fd2141a9304a963ada6a1095a27cc8d05417cd9c9f8c97aed3e97b64819db5dd35898acac3b7

C:\Users\Admin\AppData\Local\Temp\vbc471EC9589E9041DA938235B8C96A291.TMP

MD5 2f97904377030e246bb29672a31d9284
SHA1 b6d7146677a932a0bd1f666c7a1f98f5483ce1f9
SHA256 7e033003d0713f544de1f18b88b1f5a7a284a13083eb89e7ce1fe817c9bb159f
SHA512 ddf2c3a3ec60bed63e9f70a4a5969b1647b1061c6ff59d3b863771c8185904d3937d1f8227f0e87572329060300096a481d61e8dc3207df6fe0568da37289f54

C:\Users\Admin\AppData\Local\Temp\RESFC59.tmp

MD5 8dec1ce846875d72c6d47731f03ea0af
SHA1 4765bee4bb1296bd8c7aba3f88dd0255adab70c7
SHA256 c8a04e42010efbf6020c16215b71c8a288885fdb90fd64faa0ec9d5922dd5418
SHA512 e8b280136070bc21edb386d19913c40f20fa28a7412eb169436cb18595db4c080ac9593a55c3d9decfe856b4d7d3bb9536177cc6d4a84f05cd397fa6435b945d

C:\Users\Admin\AppData\Local\Temp\cpwaqokg.cmdline

MD5 907de00fb871e2972deddf70d4f3e5e9
SHA1 7c1dacc4415a4b69b3901ba1caf5ef8feed179f4
SHA256 37b94e1767a8634dd472678da93873a941830312cd00763dbeb3241775fcbb64
SHA512 37f04ba523638752beca0dd39319fb2b15c21c8d5eee7e6a7e7c9c333fc1c1ab1c2e765076bb529fdab2781632b5d1df74aaa312af2ee19e9db3cdbce3bf7130

C:\Users\Admin\AppData\Local\Temp\cpwaqokg.0.vb

MD5 7a8e43324d0d14c80d818be37719450f
SHA1 d138761c6b166675a769e5ebfec973435a58b0f4
SHA256 733f757dc634e79bdc948df6eff73581f4f69dd38a8f9fafae1a628180bf8909
SHA512 7a84dbe0f6eebdc77fd14dd514ed83fb9f4b9a53b2db57d6d07c5ff45c421eac15fdc5e71c3bc9b5b5b7c39341d8e3157a481d9dacefe9faff092478a0cea715

C:\Users\Admin\AppData\Local\Temp\vbc82544E8F6EEE4DFCA8EA41323ED37DC.TMP

MD5 5fb831248c686023c8b35fa6aa5f199c
SHA1 39760507c72d11c33351b306e40decaad7eb2757
SHA256 d062acbeea69acb031b014cff19bed988cf9df34c230ee23d494457461b41908
SHA512 2244f84bff19e1f43a245569d03712ab62a9655bc6f3eb4ae78ca3472ddfc6ad7950dc76d10cdc1c7b2235a9045582554c200e93c3cd34c18e494ed60dd3b3ea

C:\Users\Admin\AppData\Local\Temp\RESFD05.tmp

MD5 3f3854927ada121a84f38f0dfe63f0a6
SHA1 ca06b7905e470791e9bf7bb6a9cfce5534a88302
SHA256 65957891e6f37785e2b6c33e66469e7a4119b96adc2183b7062ae065b0551107
SHA512 e7dd70a7e4d41d9aef38e37c33adabac54e8fdef8b99c68f4b334399d3cfad47b6d10729493fb293aacadadd46dc04f146003fce7327e0bc6f86a3951dc18bab

C:\Users\Admin\AppData\Local\Temp\05z0t5y3.cmdline

MD5 745611612de6b63ac95f0b91e7aba81f
SHA1 227d50da47e1144570f857467a436aaadf9bca4b
SHA256 3b60436aad2957e385a2bcced7768053088ee16c29562d6e155259633d5cac81
SHA512 02b5b08f8cc36ac0fe7e58c2d1833d7d8c50372d5e88b72016678f1fe3465d39f5d2e885ce85788d8bc8984ceb1023512213381475fcfb5026bd43bb62a6f6b6

C:\Users\Admin\AppData\Local\Temp\05z0t5y3.0.vb

MD5 7d0d85a69a8fba72e1185ca194515983
SHA1 8bd465fb970b785aa87d7edfa11dbff92c1b4af6
SHA256 9f78b435099106c2c3486c5db352f7d126b3532c1b4e8fe34ef8931c7b8968d5
SHA512 e5ef339dc329dbba2ab06678a9e504aa594d2f21ade45e49bccd83a44a76dc657f5f44dcf368f4d112bb3b01af2e577a487c6078751943770e90780fad202989

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 17a647909a0ded6abb13b8061ef8019a
SHA1 d00aca5b756b49a15f793b25a4738c793031145d
SHA256 21326d9c71e0db8eb566a0b04e0aca0fab658b0be5decb5d425b17363e1034bd
SHA512 13c32eef8fdbf306c0779fa8658c530bf7f8f201369900b5ec09fbd6f859dbfa09f9294b2fd1fd4f4516963681ec1ba7637d7e95a5becabe9607d800965c20ea

F:\svchost\svchost.exe:SmartScreen

MD5 4047530ecbc0170039e76fe1657bdb01
SHA1 32db7d5e662ebccdd1d71de285f907e3a1c68ac5
SHA256 82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750
SHA512 8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 dd64bc490428170133299f0fa5387101
SHA1 a5923c05c661b54786d8cf17918c8302946f39a8
SHA256 8ba6a3c27b80158d9978345b058eeab6f2c83e52eb87e29bfb98785bdfc77926
SHA512 983f19efd3269a5000bdc93aba55f5b59be919081eb3b6be4f65bfbe1c9b68e0450990fcc1c7fb8b415529a5aec885f350eb3ef916b4c19ec980d8ac5f03875a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 4b71f50afee385d714d11ac82cc52bec
SHA1 8ff381189031a52e93176fd13c179c9c8cf1e6f4
SHA256 223be836e1405d66ee2aa07351655037b1a8d9e82808ad494c98677b6266687e
SHA512 ba3c8450d5cbcdf50f1067cf73468473bb9a1c71467a21d003de312cbf06456ef7dd45ff38ba7bff7db9b4b4f65db8bfe4951383c4cb73e349aa949c510a25a9

C:\Users\Admin\AppData\Local\Temp\vbcA337FD03A05D421688F422743463513.TMP

MD5 3906bddee0286f09007add3cffcaa5d5
SHA1 0e7ec4da19db060ab3c90b19070d39699561aae2
SHA256 0deb26dcfb2f74e666344c39bd16544fcaae1a950be704b1fd4e146e77b12c00
SHA512 0a73de0e70211323d9a8469ec60042a6892426e30ad798a39864ba123c1905d6e22cb8458a446e2f45ec19cf0233fa18d90e5f87ec987b657a35e35a49fea3b0

C:\Users\Admin\AppData\Local\Temp\vbcB962F834D0CC46ADBD3810B3527E210.TMP

MD5 85c61c03055878407f9433e0cc278eb7
SHA1 15a60f1519aefb81cb63c5993400dd7d31b1202f
SHA256 f0c9936a6fa84969548f9ffb4185b7380ceef7e8b17a3e7520e4acd1e369234b
SHA512 7099b06ac453208b8d7692882a76baceec3749d5e19abc1287783691a10c739210f6bdc3ee60592de8402ca0b9a864eb6613f77914b76aec1fc35157d0741756

C:\Users\Admin\AppData\Local\Temp\vbcE3012802D13D496E85394AA4C824461.TMP

MD5 dac60af34e6b37e2ce48ac2551aee4e7
SHA1 968c21d77c1f80b3e962d928c35893dbc8f12c09
SHA256 2edc4ef99552bd0fbc52d0792de6aaa85527621f5c56d0340d9a2963cbc9eed6
SHA512 1f1badd87be7c366221eaa184ae9b9ae0593a793f37e3c1ce2d4669c83f06de470053550890ad6781b323b201a8b9d45a5e2df5b88e01c460df45278e1228084

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f43573d941665b241778ce9db4e51ce8
SHA1 51fd61bfe3a9bc3f471232467407388650c68f44
SHA256 b62fb47ee516acc5eee71c5b671be34fb0045a2aa13ecb9fbada0747d97710ef
SHA512 61c031cb9f3782dbdce248d50f8dc01d9e977a03f34c3553bc0b680ee6c267ce2c35bd7275e8ed16a1b99563c7e645ddeef136bf05b7211f68006985b5972831

C:\Users\Admin\Downloads\Happy99.exe

MD5 02dd0eaa9649a11e55fa5467fa4b8ef8
SHA1 a4a945192cb730634168f79b6e4cd298dbe3d168
SHA256 4ebe3e1af5e147c580ecce052fe7d7d0219d5e5a2f5e6d8a7f7291735923db18
SHA512 3bf69de674737ca15d6ff7ce73396194f3631dc4b8d32cc570adeeacdc210acee50fd64c97172ce7cc77f166c681d2ccd55955b3aca9188813b7ff6f49280441

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e1b6ad096f7ca824b235d65db6cffc91
SHA1 a0399a8087aaa5850f23ac3dd02bfca432a2930d
SHA256 ba1462fbdfa52b198e6359e29a490606498e71dd48eb1da2607413515e92dd8b
SHA512 be84e0bf569eca4ffeb25a377f39767dce7fcf0c53fa16fc2985e28a18c69393e40b0a0c28e87a1609015c3211c5b2d6243fc3be10bd38bb36ac8eb6bf1edc7f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 182e6eabada321b305a3f4deddb15878
SHA1 6ba29bc68aad54adb1897004fc154e8749fe7630
SHA256 7b7f208275c6f325bc6d6565142028ca51d5c56e0b6d636b1fc17a402954caae
SHA512 888e7a945682de59ee648c0b743b34025a83d9c1ab5e5f11807097719cf592fe5ef77c6dbabe30a5bc5ffe763cf88e7261aee29067567ff29d68505345b21487

C:\Users\Admin\Downloads\Unconfirmed 132963.crdownload

MD5 da9dba70de70dc43d6535f2975cec68d
SHA1 f8deb4673dff2a825932d24451cc0a385328b7a4
SHA256 29ceeb3d763d307a0dd7068fa1b2009f2b0d85ca6d2aa5867b12c595ba96762a
SHA512 48bbacb953f0ffbe498767593599285ea27205a21f6ec810437952b0e8d4007a71693d34c8fc803950a5454738bea3b0bafa9ff08cd752bf57e14fedf4efb518

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e80b5b41fe794fbd8c944c0474822388
SHA1 c6b7ee1b458a9e3439ec6b9e5af28e2a5db16b06
SHA256 5f54c4911fade355913a0a07443648bc474a122b51128c9227a8c0bb2011bdc3
SHA512 71c415ce705041c8871e527d6f56174350934eeac2cb7e808a6fb2aace78ffd7d5f63baebdd600378875e3aabf5f01dedf119985c38eff72941b7a13b688e7ca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2d99eced26370144c7801cf2b070cc3f
SHA1 2d41bc7a9f37d548e1a8e29a560ef5a04c39c81b
SHA256 022ac01696510ce585d16340185d821a9a421f27f4cefa90ac0242402539ade3
SHA512 9a5b1724ca4f2a5027b183e48dbf2ae58d1a2d9e7a0c42d678c3f53fa341e05a83cb09dcaf25f862297d0d986c185fe805cbef3abb28711577001f2dec26bcd6

C:\Users\Admin\Downloads\Unconfirmed 688646.crdownload

MD5 0e10993050e5ed199e90f7372259e44b
SHA1 2e7a515c81926ef8a3e1e533c2f58f57fdbfade7
SHA256 8f533a5adb18c8e02779636e9d7dbb4a6cf13e4f60ee435b9afc3504b308d68a
SHA512 d98b5c7a2d307451866a11bae8b3c7524d968c03e40bf1daa5110b8650c9edbf6b64cfed1052574ebd723e73b4c614358b3bc6442d1a21134c157971989f4d1d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 98ef8dfb1db2c6e1898b8ea9bdbb2e6f
SHA1 8e2fa2e39490ff99ee2c3626a6703ef8db5104e3
SHA256 d67122e6ea384e627fb8cac0855e2237fc69ddad3c5d2646fb4ce5d2fd6c353c
SHA512 d8fd5a436bb04ff3e3ad3e59f29d4eac1ba2753cf8bba45e7976a074261983d7253041ee6500dd3f682ff28efa2357c4ceaf9dce4cbdba3bf9c5da78bf130477

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e5c223491d5763401be2c39f6c6d1c4c
SHA1 42127e888551edba98d3344b6aba2ece6e308234
SHA256 0813b83eb30cbd9e9cb4ec07b4583f3a90f336262e67dd427ddad8378bd4c7d6
SHA512 3ad18b4cadf44d1735f21d31b4f5e3eb7c7cd7833d387ba34a9d6739085809f6c92c2442894cb6ea30a7be6b7d07f7bc9083137e7e84e2d7a84cd691ba5ffe09

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 837db94a6463adc3ac07cdd4a4f3b3ac
SHA1 4f8231fb72f092f906f5100208611d0337e70fee
SHA256 7ab8b72e81323de26df27bf403945248047eeec470341db939a7c2796f65e03d
SHA512 d4b037f300b3e630195f73481b690d7bf697a102741152bfd30e3d1821b6c8af43eb0b38f8e82f1bacb4257cd74957c2b04b50bbc449e6e0e22e2c8e08a21dc3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c6d3f7f52372c4ecd0282b790d28eeb8
SHA1 31e638b2da9a7f57244a3a035ab7305cb0b9da6d
SHA256 3ad044cf6d8a2f5a7f7973473c12a661b226916699812d6863da0fa1b3d1b28e
SHA512 cc240f462eba17370d2077fb9c01d0596f464a50b61834e36117c25025923d697b6ee8f33aeb048b294390a3362b9b2923de2526ea8a8e07d14a6be182fdc431

memory/4680-1899-0x0000000000400000-0x0000000000438000-memory.dmp

memory/4680-1913-0x0000000000400000-0x0000000000438000-memory.dmp

C:\Users\Admin\Downloads\Unconfirmed 754449.crdownload

MD5 6f5767ec5a9cc6f7d195dde3c3939120
SHA1 4605a2d0aae8fa5ec0b72973bea928762cc6d002
SHA256 59fe169797953f2046b283235fe80158ebf02ba586eabfea306402fba8473dae
SHA512 c0fbba6ecaef82d04157c5fcf458817bf11ce29cdaf3af6cac56724efcf4305565c6e665cdcf2106c675ba0574c60606be81d9baafe804fc7d2d3a50fed0baf6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 486de52b2391ad5179f384797e4db5d2
SHA1 03451a98465f1698f4b6b40a05efa45b8055d9b1
SHA256 e19ed5771a091798ab1c4c9c27fe708de3d7418c86ce60f196b1420debb17b1a
SHA512 08897e809ac212061e6640e8e0ee39c07bea081573c7ed21f3babe591df2240bdda325814cfbd2ee1dd9c3b921f4d75a091bc4c4358483c4fdd2547d71818614

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 252a4f2bc2e3ac0726148519e5d10b16
SHA1 79bfe73e99db0a12d0beadcaf2e30c84474eef5b
SHA256 a9d735276c73c3605ec4c63a2ebd7622540c1aff0f2478e49b2366b7f8cf47c0
SHA512 b59ae9a73313d77e910d72c92cf47093290cc224a82d9f6475cc16ee671507dcd80f39702a94d2d77abdd169602fc31fdd8510b71f30655b098de97d6cafc351

memory/4680-1959-0x0000000000400000-0x0000000000438000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e531f266-abea-4638-84e4-96786cdc776e.tmp

MD5 9dc72cd5d7f70b1cedf9c9229b733af6
SHA1 9807f100db6c3e294d39cac2db7cab117c413a1f
SHA256 be08faea6e3e4f1657946d99e469bb5deb881c08084794e0b277217fbafaef61
SHA512 7984bb247a44abaf4b0462d07faec7ca968eafbb1c27a955b8ee9bff43ddbf99670b16214fa1f8c70328bb4c981348d654dca8ffe4c668ede85b611f71034bf1

C:\Users\Admin\Downloads\Unconfirmed 172535.crdownload

MD5 c52f20a854efb013a0a1248fd84aaa95
SHA1 8a2cfe220eebde096c17266f1ba597a1065211ab
SHA256 cf8533849ee5e82023ad7adbdbd6543cb6db596c53048b1a0c00b3643a72db30
SHA512 07b057d4830d3e2d17c7400d56f969c614a8bae4ba1a13603bb53decd1890ddcfbaad452c59cc88e474e2fd3abd62031bf399c2d7cf6dc69405dc8afcea55b9a

memory/4680-2002-0x0000000000400000-0x0000000000438000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ae071671019add96d4325ba295928d22
SHA1 a7f63f9cd0581361a4f604a8169817fe9b630fb8
SHA256 6bf12029b4732833dc83be247b74fce36ae5a036946322bc7ebc06cc8651e27f
SHA512 18ef2c21e1e76c1ea68256cf27d23759a3159b65fba2c7bbd8d74591ff7798edbe58cf3dfa997f73c096655cf30b68d6db172c24a89c1bbf5f551c0af7e999c4

memory/2556-2012-0x000000001BC10000-0x000000001C03E000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 176aa2d1941b5728981c2881b7052d71
SHA1 6ae382ddd8c46017e67b9b5ce0795053806b67d1
SHA256 e58628f64f32af79ec8679f5a64f168a7333c22b49b11fcfa94370fd786832ce
SHA512 c0305547833af5fccab05781c85c542ce24601db20b5c48d7b58c3a7b0754ff323c64ab427083d23be25232dcefca8fc7ac8cd24a582041ab2823aa2dc46e1f0

memory/2556-2099-0x000000001DA60000-0x000000001DF6E000-memory.dmp

memory/2556-2100-0x000000001E010000-0x000000001E0AC000-memory.dmp

memory/2556-2101-0x0000000001650000-0x0000000001658000-memory.dmp

memory/4680-2111-0x0000000000400000-0x0000000000438000-memory.dmp

memory/4680-2120-0x0000000000400000-0x0000000000438000-memory.dmp

C:\Users\Admin\Downloads\metrofax.doc

MD5 28e855032f83adbd2d8499af6d2d0e22
SHA1 6b590325e2e465d9762fa5d1877846667268558a
SHA256 b13b29772c29ccb412d6ab360ff38525836fcf0f65be637a7945a83a446dfd5e
SHA512 e401cbd41e044ff7d557f57960d50fb821244eaa97ce1218191d58e0935f6c069e6a0ff4788ed91ead279f36ba4eddfaa08dc3de01082c41dc9c2fc3c4b0ae34

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 db96d555d48d5e42ff4361519ab580a1
SHA1 602db3847d347d8f571f64bf1b62a202acae448d
SHA256 a764c408e170008cae65fd47a2ba6891fcb31d1ff7217a4b1cd89fa992e08519
SHA512 fbf55ecdd12ea7387125035eb4e22eba762f67251ccc7e01bff57536650cd89b4f38ecc671713b777546fc7caaa5e82e2d4125553299d4bbd93e0efb9bafe0e9

memory/4680-2147-0x0000000000400000-0x0000000000438000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 52b321603415466462ff53f7f08f1cd3
SHA1 6778f63d19fe3796b23d71644ab8f8a3a0e7c27b
SHA256 3715e6677fe848fe50e967757e3ea19b1a12e30266572a30ffb661eeb299e737
SHA512 a199425f60288baea1502a57130a04bca76c108fb35de16a88fea34af8e453db0b8980788cabbd2436df20c9d62d43817efd7cacb2c0eb154b8ee076de56da25

memory/4680-2180-0x0000000000400000-0x0000000000438000-memory.dmp

C:\Users\Admin\Downloads\Blaster.A.exe

MD5 5ae700c1dffb00cef492844a4db6cd69
SHA1 bed8e439f28a1a0d3876366cbd76a43cdccf60fa
SHA256 258f82166d20c68497a66d82349fc81899fde8fe8c1cc66e59f739a9ea2c95a9
SHA512 2cc1ec68df94edc561dd08c4e3e498f925907955b6e54a877b8bc1fb0dd48a6276f41e44756ed286404f6a54f55edb03f8765b21e88a32fd4ca1eb0c6b422980

C:\Users\Admin\Downloads\Blaster.E.exe

MD5 8676210e6246948201aa014db471de90
SHA1 86b30d1a8b7515dcab6c8d2781b85c6983709dbf
SHA256 2e481059b9bc9686c676d69a80202eed5022c9a53ecd8cac215e70c601dd7fdc
SHA512 5130e6ea6c5e1924af7d630a7b1c6e614b1482edcad3117a8dc56371269260b97793a7ccdbf3249054815b7c3b9c364b30e73e0f8e4cc230502b01d0d2f70bda

memory/3512-2193-0x0000000000400000-0x0000000000409000-memory.dmp

memory/5044-2200-0x0000000000400000-0x0000000000409000-memory.dmp

memory/3864-2204-0x0000000000400000-0x0000000000409000-memory.dmp

memory/4680-2203-0x0000000000400000-0x0000000000438000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9fb96f3373361ce61e70590a4402f699
SHA1 55c6f9f0b561d9eaf1229b314a6a063135cee80b
SHA256 6cc58e7c0b5c87d11d01e6d01b6d92eb095f3c7cf051ed320f0e9b9aac9bfc2a
SHA512 1e65f759f6f0215d252101f19bce987dff07f9d20e493d57081e835ce44be1c090167ab760196576285452be0f176cfa0af5cc82bc855870bc4619a9690acfbe

memory/4980-2225-0x0000000000400000-0x0000000000409000-memory.dmp

memory/2976-2228-0x0000000000400000-0x0000000000409000-memory.dmp

memory/2976-2226-0x0000000000400000-0x0000000000409000-memory.dmp

memory/4028-2230-0x0000000000400000-0x0000000000409000-memory.dmp

memory/3512-2233-0x0000000000400000-0x0000000000409000-memory.dmp

memory/5044-2234-0x0000000000400000-0x0000000000409000-memory.dmp

memory/4680-2235-0x0000000000400000-0x0000000000438000-memory.dmp

memory/3512-2245-0x0000000000400000-0x0000000000409000-memory.dmp

memory/3512-2246-0x0000000000400000-0x0000000000409000-memory.dmp

memory/5044-2247-0x0000000000400000-0x0000000000409000-memory.dmp

memory/4680-2250-0x0000000000400000-0x0000000000438000-memory.dmp

memory/5044-2251-0x0000000000400000-0x0000000000409000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 33aae50f1910fa336d1ea317c2a0a54d
SHA1 fba5371a3ffd3f54fc581bcb6b1db8ca9a85087e
SHA256 0730e3b275ad9745de35e91e15e6cef95792ccedd8ef1c5c0cfdbb07e1b14856
SHA512 fb279e1ae0c687568d29aba0e62cfc9381d72b88bb356add328d6e50551031f36ca42a9bfaeec79abf7dc2a0fe71d567931108aa4e0f716ef435d01d38fa838d

memory/4680-2261-0x0000000000400000-0x0000000000438000-memory.dmp

memory/5044-2263-0x0000000000400000-0x0000000000409000-memory.dmp

memory/3512-2262-0x0000000000400000-0x0000000000409000-memory.dmp

C:\Users\Admin\Downloads\Unconfirmed 748009.crdownload

MD5 30cdab5cf1d607ee7b34f44ab38e9190
SHA1 d4823f90d14eba0801653e8c970f47d54f655d36
SHA256 1517527c1d705a6ebc6ec9194aa95459e875ac3902a9f4aab3bf24b6a6f8407f
SHA512 b465f3b734beaea3951ff57759f13971649b549fafca71342b52d7e74949e152c0fbafe2df40354fc00b5dc8c767f3f5c6940e4ba308888e4395d8fd21e402b3

memory/3512-2272-0x0000000000400000-0x0000000000409000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 aea404ca77fc38faab71330176dbc409
SHA1 15fe31b969b9ba827b8dcb8512d66f526fd49e0a
SHA256 d1545d40a7e3431f05ccb854c79a3abfcd76a34c3afe1227e2d0cf92c2bd7df5
SHA512 22eadb45706720a72aad3dce280e5c20cb034c959f217a8aefc0696768cc16d2a1e1835dc994096a47c258fa41db0081ce5ef7a4ba1aeb2e3f020672e1f45821

memory/4680-2299-0x0000000000400000-0x0000000000438000-memory.dmp

memory/5044-2300-0x0000000000400000-0x0000000000409000-memory.dmp

memory/4680-2368-0x0000000000400000-0x0000000000438000-memory.dmp

memory/5044-2370-0x0000000000400000-0x0000000000409000-memory.dmp

memory/3512-2369-0x0000000000400000-0x0000000000409000-memory.dmp

memory/4344-2372-0x0000000000400000-0x0000000000463000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

MD5 6e098e39f45a409454cc480684ee7a18
SHA1 b5ff95575e1bf4a3531b6a4373ce2b5db4eca9d7
SHA256 16d53184a1346d11efd5552491d4fdf61d1160a35ebed3232282f92713f8685c
SHA512 860a9d34b9575606ce51a978e8d5d6ee55b001c0396c34addbf42ddb5c0954a8223976beaf94c4e540fb6442fee452060f08433692bb5751e7dad98a674e9148

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\f20f2f04-9814-4935-a893-fe48fdb7964d.dmp

MD5 818a5e6d1b259baca9aceccfffad2a0e
SHA1 78948caf66a4d6ae0fd8a0eb3e02a707abde3d77
SHA256 0647569e4dcf87996ead09b7712da1a7484187b4246f88643f784daffccf7a86
SHA512 0b7a31077628f826e5e23e5107e3208716c8075ae5b06971feed9124588bd486bef508ca4df9023cfc8ccc438d3dbcd3bef7b1919197b8955cac8781031289f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8e15789507476b605fade754a53b9f5e
SHA1 e778e1ca975d87b747a261bb4f60eece12c66a35
SHA256 8e3a2477c027554de5d5c7bfd15e2e5db685eda931f5aa266b9177a4b81a7571
SHA512 b9b76f41aba379f9b3c19ff4fb07918e55ad7add4c4d20205c9844a931fc3f516a3a29ef990548ffe8f7e4e98cd4cb070eae9a97e93a95c499dca75c0cdefd5b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 55f1502f64d553dd1a4a45619d7273dc
SHA1 3f3bfb1ccf29ab73989e5e1324bba248e49efd23
SHA256 cf07bf8b2d418fa5b4ee450e3c023333ee4e15c26f102db4aa7a0a84d097a7f6
SHA512 f5a1e4ed739e4d18c5f15ff1ac2f9a106bf22a000540047b35cac05322adace49f85d33977aad7fef68c5edd72693aac152e02e20a01aa1d467f21762bd5f836

memory/4680-2412-0x0000000000400000-0x0000000000438000-memory.dmp

memory/5044-2416-0x0000000000400000-0x0000000000409000-memory.dmp

memory/3512-2414-0x0000000000400000-0x0000000000409000-memory.dmp