Analysis Overview
SHA256
07569cd953006587d716ee60b284baf1d77bfbd77706395b2c3b504d76267380
Threat Level: Known bad
The file Ff2 external.zip was found to be: Known bad.
Malicious Activity Summary
RevengeRAT
RevengeRat Executable
Downloads MZ/PE file
Contacts a large (1382) amount of remote hosts
Office macro that triggers on suspicious action
Executes dropped EXE
UPX packed file
Drops startup file
Uses the VBS compiler for execution
Legitimate hosting services abused for malware hosting/C2
Adds Run key to start application
Drops file in System32 directory
Suspicious use of SetThreadContext
Drops file in Windows directory
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Browser Information Discovery
Scheduled Task/Job: Scheduled Task
Modifies registry class
Suspicious use of SetWindowsHookEx
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: EnumeratesProcesses
Enumerates system info in registry
Suspicious behavior: GetForegroundWindowSpam
NTFS ADS
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-07-31 09:08
Signatures
Analysis: behavioral3
Detonation Overview
Submitted
2024-07-31 09:08
Reported
2024-07-31 09:08
Platform
win7-20240708-en
Max time kernel
0s
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-07-31 09:08
Reported
2024-07-31 09:08
Platform
win10v2004-20240730-en
Max time kernel
0s
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-31 09:08
Reported
2024-07-31 09:38
Platform
win7-20240704-en
Max time kernel
1564s
Max time network
1566s
Command Line
Signatures
Processes
C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\Ff2 external.zip"
C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-07-31 09:08
Reported
2024-07-31 09:19
Platform
win10v2004-20240730-en
Max time kernel
564s
Max time network
660s
Command Line
Signatures
RevengeRAT
RevengeRat Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Contacts a large (1382) amount of remote hosts
Downloads MZ/PE file
Office macro that triggers on suspicious action
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe\:SmartScreen:$DATA | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\RevengeRAT.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Bugsoft.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Bugsoft.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Happy99.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\NakedWife.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\EternalRocks.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\EternalRocks.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Uses the VBS compiler for execution
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3089151618-2647890268-2710988337-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\svchost.exe" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | 0.tcp.ngrok.io | N/A | N/A |
| N/A | 0.tcp.ngrok.io | N/A | N/A |
| N/A | 0.tcp.ngrok.io | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | 0.tcp.ngrok.io | N/A | N/A |
| N/A | 0.tcp.ngrok.io | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | 0.tcp.ngrok.io | N/A | N/A |
| N/A | 0.tcp.ngrok.io | N/A | N/A |
| N/A | 0.tcp.ngrok.io | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | 0.tcp.ngrok.io | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\WINDOWS\SysWOW64\MSDRM\MSOIRMPROTECTOR.XLS | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File created | C:\Windows\SysWOW64\wsock32.ska | C:\Users\Admin\Downloads\Happy99.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wsock32.dll | C:\Users\Admin\Downloads\Happy99.exe | N/A |
| File created | C:\Windows\SysWOW64\ZippedFiles.a.exe | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File created | C:\WINDOWS\SysWOW64\MSDRM\MSOIRMPROTECTOR.DOC | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File created | C:\WINDOWS\SysWOW64\MSDRM\MSOIRMPROTECTOR.PPT | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File created | C:\WINDOWS\SysWOW64\RASCTRNM.H | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File created | C:\Windows\SysWOW64\Ska.exe | C:\Users\Admin\Downloads\Happy99.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\Ska.exe | C:\Users\Admin\Downloads\Happy99.exe | N/A |
| File created | C:\Windows\SysWOW64\Ska.exe:SmartScreen:$DATA | C:\Users\Admin\Downloads\Happy99.exe | N/A |
| File created | C:\Windows\SysWOW64\Ska.dll | C:\Users\Admin\Downloads\Happy99.exe | N/A |
Suspicious use of SetThreadContext
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\PROGRAM FILES\JAVA\JDK-1.8\INCLUDE\JDWPTRANSPORT.H | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\JAVA\JDK-1.8\INCLUDE\WIN32\BRIDGE\ACCESSBRIDGECALLBACKS.H | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\JAVA\JDK-1.8\INCLUDE\WIN32\BRIDGE\ACCESSBRIDGECALLS.C | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\JAVA\JDK-1.8\INCLUDE\WIN32\BRIDGE\ACCESSBRIDGEPACKAGES.H | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\SAMPLES\SOLVSAMP.XLS | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\JAVA\JDK-1.8\INCLUDE\JAWT.H | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\1033\PROTTPLN.DOC | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\1033\PROTTPLV.DOC | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\JAVA\JDK-1.8\INCLUDE\JVMTI.H | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\JAVA\JDK-1.8\INCLUDE\JNI.H | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\1033\PROTTPLN.PPT | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\1033\PROTTPLV.XLS | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\JAVA\JDK-1.8\INCLUDE\CLASSFILE_CONSTANTS.H | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\JAVA\JDK-1.8\INCLUDE\WIN32\BRIDGE\ACCESSBRIDGECALLS.H | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\JAVA\JDK-1.8\INCLUDE\WIN32\JAWT_MD.H | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\JAVA\JDK-1.8\INCLUDE\WIN32\JNI_MD.H | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\1033\PROTTPLN.XLS | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\1033\PROTTPLV.PPT | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\JAVA\JDK-1.8\INCLUDE\JVMTICMLR.H | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\WINDOWS\WINSXS\X86_NETFX-ASPNET_STATE_PERF_H_B03F5F7F11D50A3A_10.0.19041.1_NONE_A71B18B9B7240FD3\ASPNET_STATE_PERF.H | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File created | C:\WINDOWS\INF\SMSVCHOST 4.0.0.0\_SMSVCHOSTPERFCOUNTERS.H | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File created | C:\WINDOWS\INF\UGATHERER\GSRVCTR.H | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File opened for modification | C:\WINDOWS\INF\WMIAPRPL\WMIAPRPL.H | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File created | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-IIS-W3SVC_31BF3856AD364E35_10.0.19041.1_NONE_74075B27A8B0FC6F\W3CTRS.H | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File created | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-R..T-OFFICE-PROTECTORS_31BF3856AD364E35_10.0.19041.1_NONE_C3BC3DBD94DA3C61\MSOIRMPROTECTOR.PPT | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File created | C:\WINDOWS\WINSXS\AMD64_WINDOWSSEARCHENGINE_31BF3856AD364E35_7.0.19041.1151_NONE_EC390BD802A1C630\GSRVCTR.H | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File created | C:\WINDOWS\WINSXS\WOW64_MICROSOFT-WINDOWS-R..T-OFFICE-PROTECTORS_31BF3856AD364E35_10.0.19041.1_NONE_CE10E80FC93AFE5C\MSOIRMPROTECTOR.PPT | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File created | C:\WINDOWS\INF\.NET CLR NETWORKING 4.0.0.0\_NETWORKINGPERFCOUNTERS.H | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File created | C:\WINDOWS\WINSXS\X86_NETFX-ASPNET_PERF_H_B03F5F7F11D50A3A_10.0.19041.1_NONE_7CC3A8E15363EB05\ASPNET_PERF.H | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File created | C:\WINDOWS\INF\BITS\BITSCTR.H | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File created | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-S..MMAINTENANCESERVICE_31BF3856AD364E35_10.0.19041.1_NONE_F33EFFCE7F94D952\READYBOOSTPERFCOUNTERS.H | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File created | C:\WINDOWS\WINSXS\AMD64_NETFX-ASPNET-NONWOW64-SHARED_B03F5F7F11D50A3A_4.0.19041.1_NONE_D66D07DACAC85E2D\ASPNET_PERF.H | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File created | C:\WINDOWS\WINSXS\AMD64_WCF-M_TX_BRIDGE_PERF_C_H_31BF3856AD364E35_10.0.19041.1_NONE_6A2A49572AB90F30\_TRANSACTIONBRIDGEPERFCOUNTERS.H | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File created | C:\WINDOWS\INF\.NET CLR DATA\_DATAPERFCOUNTERS.H | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File created | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\ASPNET_PERF.H | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File created | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\ASPNET_PERF.H | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File created | \??\c:\windows\jk.bat | C:\Users\Admin\Downloads\Bugsoft.exe | N/A |
| File created | C:\WINDOWS\INF\RDYBOOST\READYBOOSTPERFCOUNTERS.H | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File opened for modification | C:\WINDOWS\INF\SERVICEMODELSERVICE 3.0.0.0\_SERVICEMODELSERVICEPERFCOUNTERS.H | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File created | C:\WINDOWS\WINSXS\AMD64_NETFX4-_NETWORKINGPERFCOUNTERS_H_B03F5F7F11D50A3A_4.0.15805.0_NONE_5D7FB023EC33EF8B\_NETWORKINGPERFCOUNTERS.H | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File created | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-BITS-PERF-V1-COUNTERS_31BF3856AD364E35_10.0.19041.1_NONE_17C681FDED11FC67\BITSCTR.H | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File created | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-T..RVICES-PERFCOUNTERS_31BF3856AD364E35_10.0.19041.1_NONE_00C2FFD3E29A5ADE\TSLABELS.H | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File created | C:\WINDOWS\INF\.NET MEMORY CACHE 4.0\NETMEMORYCACHE.H | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File created | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-TAPICORE_31BF3856AD364E35_10.0.19041.746_NONE_C2332356A565DF1C\PERFCTR.H | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File created | C:\WINDOWS\WINSXS\AMD64_NETFX4-TRANSACTIONBRIDGEPERFCOUNTERS_B03F5F7F11D50A3A_4.0.15805.0_NONE_6B0477B0FB9004FA\_TRANSACTIONBRIDGEPERFCOUNTERS.H | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File created | C:\WINDOWS\WINSXS\AMD64_NETFX4-_DATAORACLEC.._SHARED12_NEUTRAL_H_B03F5F7F11D50A3A_4.0.15805.0_NONE_3B8D4DACC2EA6B71\_DATAORACLECLIENTPERFCOUNTERS_SHARED12_NEUTRAL.H | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File created | C:\WINDOWS\WINSXS\AMD64_NETFX4-_DATAPERFCOU.._SHARED12_NEUTRAL_H_B03F5F7F11D50A3A_4.0.15805.0_NONE_24ED4511DCC3019E\_DATAPERFCOUNTERS.H | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File created | C:\WINDOWS\WINSXS\AMD64_NETFX4-_DATAPERFCOU.._SHARED12_NEUTRAL_H_B03F5F7F11D50A3A_4.0.15805.0_NONE_24ED4511DCC3019E\_DATAPERFCOUNTERS_SHARED12_NEUTRAL.H | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File created | C:\WINDOWS\WINSXS\WOW64_MICROSOFT-WINDOWS-R..T-OFFICE-PROTECTORS_31BF3856AD364E35_10.0.19041.746_NONE_F619255888ACBCA6\MSOIRMPROTECTOR.PPT | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File created | C:\WINDOWS\WINSXS\X86_NETFX4-ASPNET_STATE_PERF_H_B03F5F7F11D50A3A_4.0.15805.0_NONE_0C5E324537CBCE25\ASPNET_STATE_PERF.H | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File created | C:\WINDOWS\INF\.NETFRAMEWORK\CORPERFMONSYMBOLS.H | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File created | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-TAPICORE_31BF3856AD364E35_10.0.19041.1_NONE_9A2AE60DE5F420D2\PERFCTR.H | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File opened for modification | \??\c:\windows\mail.vbs | C:\Users\Admin\Downloads\Bugsoft.exe | N/A |
| File created | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-IIS-ASPBINARIES_31BF3856AD364E35_10.0.19041.1_NONE_42755BCB06D24EA8\AXCTRNM.H | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File created | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-R..T-OFFICE-PROTECTORS_31BF3856AD364E35_10.0.19041.1_NONE_C3BC3DBD94DA3C61\MSOIRMPROTECTOR.DOC | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File created | C:\WINDOWS\INF\WINDOWS WORKFLOW FOUNDATION 4.0.0.0\PERFCOUNTERS.H | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File created | C:\WINDOWS\INF\TAPISRV\PERFCTR.H | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File created | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\ASPNET_STATE_PERF.H | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File created | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-RASBASE_31BF3856AD364E35_10.0.19041.1_NONE_C3D1756519CCCB94\RASCTRNM.H | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File created | C:\WINDOWS\WINSXS\AMD64_NETFX4-ASPNET_STATE_PERF_H_B03F5F7F11D50A3A_4.0.15805.0_NONE_C4B0FB6E234FA51F\ASPNET_STATE_PERF.H | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File created | C:\WINDOWS\INF\LSM\LAGCOUNTERDEF.H | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File created | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\ASPNET_STATE_PERF.H | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File created | C:\WINDOWS\WINSXS\AMD64_WINDOWSSEARCHENGINE_31BF3856AD364E35_7.0.19041.264_NONE_8BD2F5FC0C992E06\GTHRCTR.H | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File created | C:\WINDOWS\WINSXS\X86_WWF-CPERFCNT_31BF3856AD364E35_10.0.19041.1_NONE_796F8F9AE78775E8\PERFCOUNTERS.H | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File opened for modification | \??\c:\windows\jk.bat | C:\Users\Admin\Downloads\Bugsoft.exe | N/A |
| File created | C:\WINDOWS\WINSXS\AMD64_WCF-M_SVC_MOD_SVC_PERF_H_31BF3856AD364E35_10.0.19041.1_NONE_51277F142F1F9414\_SERVICEMODELSERVICEPERFCOUNTERS.H | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File created | C:\WINDOWS\INF\MSDTC BRIDGE 4.0.0.0\_TRANSACTIONBRIDGEPERFCOUNTERS.H | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File opened for modification | C:\WINDOWS\INF\WINDOWS WORKFLOW FOUNDATION 3.0.0.0\PERFCOUNTERS.H | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File created | C:\WINDOWS\WINSXS\AMD64_NETFX-ASPNET_PERF_H_B03F5F7F11D50A3A_10.0.19041.1_NONE_3516720A3EE7C1FF\ASPNET_PERF.H | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File created | C:\WINDOWS\WINSXS\AMD64_WINDOWSSEARCHENGINE_31BF3856AD364E35_7.0.19041.264_NONE_8BD2F5FC0C992E06\GSRVCTR.H | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File created | C:\WINDOWS\WINSXS\X86_NETFX4-ASPNET_PERF_H_B03F5F7F11D50A3A_4.0.15805.0_NONE_E031B46CF0C9371D\ASPNET_PERF.H | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File created | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\ASPNET_STATE_PERF.H | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File created | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\ASPNET_PERF.H | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File created | C:\WINDOWS\WINSXS\AMD64_NETFX4-SMSVCHOSTPERFCOUNTERS_B03F5F7F11D50A3A_4.0.15805.0_NONE_2B4BA3FABCE2B249\_SMSVCHOSTPERFCOUNTERS.H | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File created | C:\WINDOWS\WINSXS\AMD64_WINDOWSSEARCHENGINE_31BF3856AD364E35_7.0.19041.264_NONE_8BD2F5FC0C992E06\IDXCNTRS.H | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File created | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-R..T-OFFICE-PROTECTORS_31BF3856AD364E35_10.0.19041.746_NONE_EBC47B06544BFAAB\MSOIRMPROTECTOR.PPT | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File created | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-C..GEMENT-PERFCOUNTERS_31BF3856AD364E35_10.0.19041.1_NONE_DB48407B484FA757\MSDTCPRF.H | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File created | C:\WINDOWS\INF\USBHUB\USBPERFSYM.H | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File created | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-R..T-OFFICE-PROTECTORS_31BF3856AD364E35_10.0.19041.746_NONE_EBC47B06544BFAAB\MSOIRMPROTECTOR.DOC | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File created | C:\WINDOWS\WINSXS\WOW64_MICROSOFT-WINDOWS-R..T-OFFICE-PROTECTORS_31BF3856AD364E35_10.0.19041.1_NONE_CE10E80FC93AFE5C\MSOIRMPROTECTOR.XLS | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File created | C:\WINDOWS\WINSXS\WOW64_MICROSOFT-WINDOWS-R..T-OFFICE-PROTECTORS_31BF3856AD364E35_10.0.19041.746_NONE_F619255888ACBCA6\MSOIRMPROTECTOR.XLS | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File created | C:\WINDOWS\WINSXS\AMD64_NETFX4-_NETWORKINGPERFCOUNTERS_V2_H_B03F5F7F11D50A3A_4.0.15805.0_NONE_9D7F19400A8AEE7C\_NETWORKINGPERFCOUNTERS_V2.H | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| File created | C:\WINDOWS\INF\.NET DATA PROVIDER FOR ORACLE\_DATAORACLECLIENTPERFCOUNTERS_SHARED12_NEUTRAL.H | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Happy99.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Bugsoft.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Bugsoft.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\NakedWife.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3089151618-2647890268-2710988337-1000\{6D51CBBD-9A79-4C84-B75B-F28993804AF8} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3089151618-2647890268-2710988337-1000_Classes\Local Settings | C:\Users\Admin\Downloads\ZippedFiles.a.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 689444.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 754449.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 172535.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\svchost\svchost.exe\:SmartScreen:$DATA | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 89688.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 132963.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 121108.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\Temp\NakedWife.exe\:SmartScreen:$DATA | C:\Users\Admin\Downloads\NakedWife.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 688646.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 58201.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 232451.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\svchost.exe\:SmartScreen:$DATA | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\RevengeRAT.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Bugsoft.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Bugsoft.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\NakedWife.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\Ff2 external.zip"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\BlockCopy.vbs" C:\Users\Admin\Desktop\CheckpointTrace.docx
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc610146f8,0x7ffc61014708,0x7ffc61014718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2516 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3572 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3572 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=212 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4512 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f4 0x2fc
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5848 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2984 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6440 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2960 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5168 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7140 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6432 /prefetch:8
C:\Users\Admin\Downloads\RevengeRAT.exe
"C:\Users\Admin\Downloads\RevengeRAT.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6408 /prefetch:2
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7132 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6588 /prefetch:8
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\zipw1abo.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESFA07.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc8CAACB8FE1984209A5B4AB13BE6FC6A.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\ioqf4x0k.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESFAC3.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcCFB7D68EBD324713A3816F68378EFD6F.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\e9em0fiw.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESFB4F.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc4B5FE0CD4834A4AA2B8AC25E27AD6D.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\5lgx21s2.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESFBDC.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc577095179CB4E3F89238E21B43426E1.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\kfzd4tp6.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESFC59.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc471EC9589E9041DA938235B8C96A291.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\cpwaqokg.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESFD05.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc82544E8F6EEE4DFCA8EA41323ED37DC.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\05z0t5y3.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESFD92.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcAA2A0314759E482DBFD94CE4D7CCB5F3.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\x1wzdic1.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESFE1E.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc69088ECA8DF24CDBA336DAC63A4E415D.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\gaganipx.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESFE9B.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc5D416A6EB1DD4B7A871846AFCE73A2EE.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\a9i4mknw.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESFF47.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc2C92A8ECE6BA4D25B81E415CB61DC65.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\fh7xohwh.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESFFC4.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc543DA58F67E24C8BA18CDF526B1FDE2E.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\uvr6jrzj.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES51.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc1F3F22DB85B54EEEA41DA2C7AC74241.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\ykadfsoq.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESCE.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc7EFF837849346598F1F4BFCB2393F6.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\nt2edsru.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES15A.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcDEF8892737494ACF87F5A4783438B41.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\pdbml_qh.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1D7.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcFACACB7D31694C4BB526D9C83E8C3EB.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\dqnhre3o.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES254.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc1A31C5A56CC9498395B25E60F0CB572D.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\vodvxlzj.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES2F1.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc7ECA3DCBE94E4FAAA5E6EEC4FB6370.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\2x-gemiy.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES35E.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc44144D3B1F074559BEC887B7D5AFC570.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\m3tk2lcp.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3DB.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc7473677CC2F4612B5EB7CB832EDBDDF.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\crl_v8ak.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES448.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc30E52DCB8C3B41D29D7AF886C657151C.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\5tjbk7xq.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES4D5.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc30C0EC75176F490B96413B2486C642CB.TMP"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 /prefetch:8
C:\Users\Admin\Downloads\Bugsoft.exe
"C:\Users\Admin\Downloads\Bugsoft.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c c:\windows\jk.bat
C:\Users\Admin\Downloads\Bugsoft.exe
"C:\Users\Admin\Downloads\Bugsoft.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c c:\windows\jk.bat
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /sc minute /mo 1 /tn "svchost" /tr "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\rnqb-qsa.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESAB17.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcC73E526AA5EB4ECD8D4A9FAFC896F883.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\sbvpuf9_.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESAC11.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcE1F53F1B29F0434CBA4B7AAB0711F4C.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\_formspm.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESAC8E.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcC301ED2B54124E57A7E6E97B6535DF8B.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\3lq___5y.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESAD1B.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcA337FD03A05D421688F422743463513.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\ummcewa4.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESAD88.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcB962F834D0CC46ADBD3810B3527E210.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\6ghzzrie.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESAE44.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc9DABEED49CAE4E5D812EA6783B65E857.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\urfq0jxi.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESAEC1.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc1187AAAA16A4DE0A8977FEE25EA28C2.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\cdqiykbk.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESAF3E.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcE3012802D13D496E85394AA4C824461.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\nwiyfwps.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESAFCB.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc365C6485FC68408099581AFD59DA8024.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\p0_jgulp.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESB048.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcB6957BCF14014614BA28B77C5A208249.TMP"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7052 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1836 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7164 /prefetch:8
C:\Users\Admin\Downloads\Happy99.exe
"C:\Users\Admin\Downloads\Happy99.exe"
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6440 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7044 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3688 /prefetch:8
C:\Users\Admin\Downloads\NakedWife.exe
"C:\Users\Admin\Downloads\NakedWife.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6124 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5052 /prefetch:8
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6764 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6204 /prefetch:8
C:\Users\Admin\Downloads\ZippedFiles.a.exe
"C:\Users\Admin\Downloads\ZippedFiles.a.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6436 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7108 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6312 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6556 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4948 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7436 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7512 /prefetch:8
C:\Users\Admin\Downloads\EternalRocks.exe
"C:\Users\Admin\Downloads\EternalRocks.exe"
C:\Users\Admin\Downloads\EternalRocks.exe
"C:\Users\Admin\Downloads\EternalRocks.exe"
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7552 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7096 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7216 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7600 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7136 /prefetch:8
C:\Users\Admin\Downloads\Blaster.A.exe
"C:\Users\Admin\Downloads\Blaster.A.exe"
C:\Users\Admin\Downloads\Blaster.E.exe
"C:\Users\Admin\Downloads\Blaster.E.exe"
C:\Users\Admin\Downloads\Blaster.A.exe
"C:\Users\Admin\Downloads\Blaster.A.exe"
C:\Users\Admin\Downloads\Blaster.E.exe
"C:\Users\Admin\Downloads\Blaster.E.exe"
C:\Users\Admin\Downloads\Blaster.E.exe
"C:\Users\Admin\Downloads\Blaster.E.exe"
C:\Users\Admin\Downloads\Blaster.A.exe
"C:\Users\Admin\Downloads\Blaster.A.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6764 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7152 /prefetch:8
C:\Users\Admin\Downloads\Fagot.a.exe
"C:\Users\Admin\Downloads\Fagot.a.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3356 /prefetch:2
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,17507206229163090353,8913713356713616269,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2468 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.173.189.20.in-addr.arpa | udp |
| GB | 184.28.176.58:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 58.176.28.184.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.128.233:80 | discord.com | tcp |
| US | 162.159.128.233:80 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 8.8.8.8:53 | cdn.prod.website-files.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | cdn.localizeapi.com | udp |
| US | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| US | 104.18.29.203:443 | cdn.prod.website-files.com | tcp |
| US | 172.67.41.53:443 | cdn.localizeapi.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 23.200.147.41:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | d3e54v103j8qbb.cloudfront.net | udp |
| GB | 18.245.246.151:443 | d3e54v103j8qbb.cloudfront.net | tcp |
| US | 8.8.8.8:53 | assets.website-files.com | udp |
| ES | 18.172.213.106:443 | assets.website-files.com | tcp |
| ES | 18.172.213.106:443 | assets.website-files.com | tcp |
| ES | 18.172.213.106:443 | assets.website-files.com | tcp |
| ES | 18.172.213.106:443 | assets.website-files.com | tcp |
| ES | 18.172.213.106:443 | assets.website-files.com | tcp |
| US | 8.8.8.8:53 | 233.128.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.133.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.29.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.147.200.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.246.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.41.67.172.in-addr.arpa | udp |
| US | 104.18.29.203:443 | cdn.prod.website-files.com | tcp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 8.8.8.8:53 | 106.213.172.18.in-addr.arpa | udp |
| US | 172.64.155.119:443 | geolocation.onetrust.com | tcp |
| US | 8.8.8.8:53 | 6.39.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| FR | 142.250.75.238:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| FR | 142.250.75.238:443 | www.youtube.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 119.155.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sentry.io | udp |
| US | 35.186.247.156:443 | sentry.io | tcp |
| US | 8.8.8.8:53 | 156.247.186.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 184.28.176.90:443 | th.bing.com | tcp |
| GB | 184.28.176.112:443 | th.bing.com | tcp |
| GB | 184.28.176.112:443 | th.bing.com | tcp |
| GB | 184.28.176.90:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 90.176.28.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.176.28.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| IE | 20.190.159.71:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 104.18.33.89:443 | www2.bing.com | tcp |
| US | 104.18.33.89:443 | www2.bing.com | tcp |
| US | 8.8.8.8:53 | 89.33.18.104.in-addr.arpa | udp |
| US | 104.18.33.89:443 | www2.bing.com | tcp |
| US | 104.18.33.89:443 | www2.bing.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 185.199.111.133:443 | user-images.githubusercontent.com | tcp |
| US | 104.18.33.89:443 | www2.bing.com | tcp |
| US | 104.18.33.89:443 | www2.bing.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.113.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.tcp.ngrok.io | udp |
| US | 3.134.39.220:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.134.39.220:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.134.39.220:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.134.39.220:19521 | 0.tcp.ngrok.io | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 3.134.39.220:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.134.39.220:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.134.39.220:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.134.39.220:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.134.39.220:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.134.39.220:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.134.39.220:19521 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | 0.tcp.ngrok.io | udp |
| US | 3.13.191.225:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.13.191.225:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.13.191.225:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.13.191.225:19521 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 3.13.191.225:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.13.191.225:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.13.191.225:19521 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | 0.tcp.ngrok.io | udp |
| US | 3.14.182.203:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.14.182.203:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.14.182.203:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.14.182.203:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.14.182.203:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.14.182.203:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.14.182.203:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.14.182.203:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.14.182.203:19521 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | 0.tcp.ngrok.io | udp |
| US | 3.17.7.232:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.17.7.232:19521 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 3.17.7.232:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.17.7.232:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.17.7.232:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.17.7.232:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.17.7.232:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.17.7.232:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.17.7.232:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.17.7.232:19521 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | 0.tcp.ngrok.io | udp |
| US | 3.22.30.40:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.22.30.40:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.22.30.40:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.22.30.40:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.22.30.40:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.22.30.40:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.22.30.40:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.22.30.40:19521 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 3.22.30.40:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.22.30.40:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.22.30.40:19521 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | 0.tcp.ngrok.io | udp |
| US | 3.134.39.220:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.134.39.220:19521 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | 0.tcp.ngrok.io | udp |
| US | 3.17.7.232:19521 | 0.tcp.ngrok.io | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 0.tcp.ngrok.io | udp |
| US | 3.134.125.175:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.134.125.175:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.134.125.175:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.134.125.175:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.134.125.175:19521 | 0.tcp.ngrok.io | tcp |
| TR | 5.47.122.1:135 | tcp | |
| TR | 5.47.122.2:135 | tcp | |
| TR | 5.47.122.3:135 | tcp | |
| TR | 5.47.122.4:135 | tcp | |
| US | 8.8.8.8:53 | windowsupdate.com | udp |
| TR | 5.47.122.5:135 | tcp | |
| TR | 5.47.122.6:135 | tcp | |
| TR | 5.47.122.7:135 | tcp | |
| TR | 5.47.122.8:135 | tcp | |
| TR | 5.47.122.9:135 | tcp | |
| TR | 5.47.122.10:135 | tcp | |
| TR | 5.47.122.11:135 | tcp | |
| TR | 5.47.122.12:135 | tcp | |
| TR | 5.47.122.13:135 | tcp | |
| TR | 5.47.122.14:135 | tcp | |
| TR | 5.47.122.15:135 | tcp | |
| TR | 5.47.122.16:135 | tcp | |
| TR | 5.47.122.17:135 | tcp | |
| TR | 5.47.122.18:135 | tcp | |
| TR | 5.47.122.19:135 | tcp | |
| TR | 5.47.122.20:135 | tcp | |
| US | 3.134.125.175:19521 | 0.tcp.ngrok.io | tcp |
| US | 71.172.229.1:135 | tcp | |
| US | 71.172.229.2:135 | tcp | |
| US | 71.172.229.3:135 | tcp | |
| US | 71.172.229.4:135 | tcp | |
| US | 71.172.229.5:135 | tcp | |
| US | 71.172.229.6:135 | tcp | |
| US | 71.172.229.7:135 | tcp | |
| US | 71.172.229.8:135 | tcp | |
| US | 71.172.229.9:135 | tcp | |
| US | 71.172.229.10:135 | tcp | |
| US | 71.172.229.11:135 | tcp | |
| US | 71.172.229.12:135 | tcp | |
| US | 71.172.229.13:135 | tcp | |
| US | 71.172.229.14:135 | tcp | |
| US | 71.172.229.15:135 | tcp | |
| US | 71.172.229.16:135 | tcp | |
| US | 71.172.229.17:135 | tcp | |
| US | 71.172.229.18:135 | tcp | |
| US | 71.172.229.19:135 | tcp | |
| US | 71.172.229.20:135 | tcp | |
| US | 8.8.8.8:53 | kimble.org | udp |
| TR | 5.47.122.21:135 | tcp | |
| TR | 5.47.122.22:135 | tcp | |
| TR | 5.47.122.23:135 | tcp | |
| TR | 5.47.122.24:135 | tcp | |
| TR | 5.47.122.25:135 | tcp | |
| TR | 5.47.122.26:135 | tcp | |
| TR | 5.47.122.27:135 | tcp | |
| TR | 5.47.122.28:135 | tcp | |
| TR | 5.47.122.29:135 | tcp | |
| TR | 5.47.122.30:135 | tcp | |
| TR | 5.47.122.31:135 | tcp | |
| TR | 5.47.122.32:135 | tcp | |
| TR | 5.47.122.33:135 | tcp | |
| TR | 5.47.122.34:135 | tcp | |
| TR | 5.47.122.35:135 | tcp | |
| TR | 5.47.122.36:135 | tcp | |
| TR | 5.47.122.37:135 | tcp | |
| TR | 5.47.122.38:135 | tcp | |
| TR | 5.47.122.39:135 | tcp | |
| TR | 5.47.122.40:135 | tcp | |
| US | 71.172.229.21:135 | tcp | |
| US | 71.172.229.22:135 | tcp | |
| US | 71.172.229.23:135 | tcp | |
| US | 71.172.229.24:135 | tcp | |
| US | 71.172.229.25:135 | tcp | |
| US | 71.172.229.26:135 | tcp | |
| US | 71.172.229.27:135 | tcp | |
| US | 71.172.229.28:135 | tcp | |
| US | 71.172.229.29:135 | tcp | |
| US | 71.172.229.30:135 | tcp | |
| US | 71.172.229.31:135 | tcp | |
| US | 71.172.229.32:135 | tcp | |
| US | 71.172.229.33:135 | tcp | |
| US | 71.172.229.34:135 | tcp | |
| US | 71.172.229.35:135 | tcp | |
| US | 71.172.229.36:135 | tcp | |
| US | 71.172.229.37:135 | tcp | |
| US | 71.172.229.38:135 | tcp | |
| US | 71.172.229.39:135 | tcp | |
| US | 71.172.229.40:135 | tcp | |
| TR | 5.47.122.41:135 | tcp | |
| TR | 5.47.122.42:135 | tcp | |
| TR | 5.47.122.43:135 | tcp | |
| TR | 5.47.122.44:135 | tcp | |
| TR | 5.47.122.45:135 | tcp | |
| TR | 5.47.122.46:135 | tcp | |
| TR | 5.47.122.47:135 | tcp | |
| TR | 5.47.122.48:135 | tcp | |
| TR | 5.47.122.49:135 | tcp | |
| TR | 5.47.122.50:135 | tcp | |
| TR | 5.47.122.51:135 | tcp | |
| TR | 5.47.122.52:135 | tcp | |
| TR | 5.47.122.53:135 | tcp | |
| TR | 5.47.122.54:135 | tcp | |
| TR | 5.47.122.55:135 | tcp | |
| TR | 5.47.122.56:135 | tcp | |
| TR | 5.47.122.57:135 | tcp | |
| TR | 5.47.122.58:135 | tcp | |
| TR | 5.47.122.59:135 | tcp | |
| TR | 5.47.122.60:135 | tcp | |
| US | 71.172.229.41:135 | tcp | |
| US | 71.172.229.42:135 | tcp | |
| US | 71.172.229.43:135 | tcp | |
| US | 71.172.229.44:135 | tcp | |
| US | 71.172.229.45:135 | tcp | |
| US | 71.172.229.46:135 | tcp | |
| US | 71.172.229.47:135 | tcp | |
| US | 71.172.229.48:135 | tcp | |
| US | 71.172.229.49:135 | tcp | |
| US | 71.172.229.50:135 | tcp | |
| US | 71.172.229.51:135 | tcp | |
| US | 71.172.229.52:135 | tcp | |
| US | 71.172.229.53:135 | tcp | |
| US | 71.172.229.54:135 | tcp | |
| US | 71.172.229.55:135 | tcp | |
| US | 71.172.229.56:135 | tcp | |
| US | 71.172.229.57:135 | tcp | |
| US | 71.172.229.58:135 | tcp | |
| US | 71.172.229.59:135 | tcp | |
| US | 71.172.229.60:135 | tcp | |
| TR | 5.47.122.61:135 | tcp | |
| TR | 5.47.122.62:135 | tcp | |
| TR | 5.47.122.63:135 | tcp | |
| TR | 5.47.122.64:135 | tcp | |
| TR | 5.47.122.65:135 | tcp | |
| TR | 5.47.122.66:135 | tcp | |
| TR | 5.47.122.67:135 | tcp | |
| TR | 5.47.122.68:135 | tcp | |
| TR | 5.47.122.69:135 | tcp | |
| TR | 5.47.122.70:135 | tcp | |
| TR | 5.47.122.71:135 | tcp | |
| TR | 5.47.122.72:135 | tcp | |
| TR | 5.47.122.73:135 | tcp | |
| TR | 5.47.122.74:135 | tcp | |
| TR | 5.47.122.75:135 | tcp | |
| TR | 5.47.122.76:135 | tcp | |
| TR | 5.47.122.77:135 | tcp | |
| TR | 5.47.122.78:135 | tcp | |
| TR | 5.47.122.79:135 | tcp | |
| TR | 5.47.122.80:135 | tcp | |
| US | 3.134.125.175:19521 | 0.tcp.ngrok.io | tcp |
| US | 71.172.229.61:135 | tcp | |
| US | 71.172.229.62:135 | tcp | |
| US | 71.172.229.63:135 | tcp | |
| US | 71.172.229.64:135 | tcp | |
| US | 71.172.229.65:135 | tcp | |
| US | 71.172.229.66:135 | tcp | |
| US | 71.172.229.67:135 | tcp | |
| US | 71.172.229.68:135 | tcp | |
| US | 71.172.229.69:135 | tcp | |
| US | 71.172.229.70:135 | tcp | |
| US | 71.172.229.71:135 | tcp | |
| US | 71.172.229.72:135 | tcp | |
| US | 71.172.229.73:135 | tcp | |
| US | 71.172.229.74:135 | tcp | |
| US | 71.172.229.75:135 | tcp | |
| US | 71.172.229.76:135 | tcp | |
| US | 71.172.229.77:135 | tcp | |
| US | 71.172.229.78:135 | tcp | |
| US | 71.172.229.79:135 | tcp | |
| US | 71.172.229.80:135 | tcp | |
| TR | 5.47.122.81:135 | tcp | |
| TR | 5.47.122.82:135 | tcp | |
| TR | 5.47.122.83:135 | tcp | |
| TR | 5.47.122.84:135 | tcp | |
| TR | 5.47.122.85:135 | tcp | |
| TR | 5.47.122.86:135 | tcp | |
| TR | 5.47.122.87:135 | tcp | |
| TR | 5.47.122.88:135 | tcp | |
| TR | 5.47.122.89:135 | tcp | |
| TR | 5.47.122.90:135 | tcp | |
| TR | 5.47.122.91:135 | tcp | |
| TR | 5.47.122.92:135 | tcp | |
| TR | 5.47.122.93:135 | tcp | |
| TR | 5.47.122.94:135 | tcp | |
| TR | 5.47.122.95:135 | tcp | |
| TR | 5.47.122.96:135 | tcp | |
| TR | 5.47.122.97:135 | tcp | |
| TR | 5.47.122.98:135 | tcp | |
| TR | 5.47.122.99:135 | tcp | |
| TR | 5.47.122.100:135 | tcp | |
| US | 71.172.229.81:135 | tcp | |
| US | 71.172.229.82:135 | tcp | |
| US | 71.172.229.83:135 | tcp | |
| US | 71.172.229.84:135 | tcp | |
| US | 71.172.229.85:135 | tcp | |
| US | 71.172.229.86:135 | tcp | |
| US | 71.172.229.87:135 | tcp | |
| US | 71.172.229.88:135 | tcp | |
| US | 71.172.229.89:135 | tcp | |
| US | 71.172.229.90:135 | tcp | |
| US | 71.172.229.91:135 | tcp | |
| US | 71.172.229.92:135 | tcp | |
| US | 71.172.229.93:135 | tcp | |
| US | 71.172.229.94:135 | tcp | |
| US | 71.172.229.95:135 | tcp | |
| US | 71.172.229.96:135 | tcp | |
| US | 71.172.229.97:135 | tcp | |
| US | 71.172.229.98:135 | tcp | |
| US | 71.172.229.99:135 | tcp | |
| US | 71.172.229.100:135 | tcp | |
| TR | 5.47.122.101:135 | tcp | |
| TR | 5.47.122.102:135 | tcp | |
| TR | 5.47.122.103:135 | tcp | |
| TR | 5.47.122.104:135 | tcp | |
| TR | 5.47.122.105:135 | tcp | |
| TR | 5.47.122.106:135 | tcp | |
| TR | 5.47.122.107:135 | tcp | |
| TR | 5.47.122.108:135 | tcp | |
| TR | 5.47.122.109:135 | tcp | |
| TR | 5.47.122.110:135 | tcp | |
| TR | 5.47.122.111:135 | tcp | |
| TR | 5.47.122.112:135 | tcp | |
| TR | 5.47.122.113:135 | tcp | |
| TR | 5.47.122.114:135 | tcp | |
| TR | 5.47.122.115:135 | tcp | |
| TR | 5.47.122.116:135 | tcp | |
| TR | 5.47.122.117:135 | tcp | |
| TR | 5.47.122.118:135 | tcp | |
| TR | 5.47.122.119:135 | tcp | |
| TR | 5.47.122.120:135 | tcp | |
| US | 71.172.229.101:135 | tcp | |
| US | 71.172.229.102:135 | tcp | |
| US | 71.172.229.103:135 | tcp | |
| US | 71.172.229.104:135 | tcp | |
| US | 71.172.229.105:135 | tcp | |
| US | 71.172.229.106:135 | tcp | |
| US | 71.172.229.107:135 | tcp | |
| US | 71.172.229.108:135 | tcp | |
| US | 71.172.229.109:135 | tcp | |
| US | 71.172.229.110:135 | tcp | |
| US | 71.172.229.111:135 | tcp | |
| US | 71.172.229.112:135 | tcp | |
| US | 71.172.229.113:135 | tcp | |
| US | 71.172.229.114:135 | tcp | |
| US | 71.172.229.115:135 | tcp | |
| US | 71.172.229.116:135 | tcp | |
| US | 71.172.229.117:135 | tcp | |
| US | 71.172.229.118:135 | tcp | |
| US | 71.172.229.119:135 | tcp | |
| US | 71.172.229.120:135 | tcp | |
| TR | 5.47.122.121:135 | tcp | |
| TR | 5.47.122.122:135 | tcp | |
| TR | 5.47.122.123:135 | tcp | |
| TR | 5.47.122.124:135 | tcp | |
| TR | 5.47.122.125:135 | tcp | |
| TR | 5.47.122.126:135 | tcp | |
| TR | 5.47.122.127:135 | tcp | |
| TR | 5.47.122.128:135 | tcp | |
| TR | 5.47.122.129:135 | tcp | |
| TR | 5.47.122.130:135 | tcp | |
| TR | 5.47.122.131:135 | tcp | |
| TR | 5.47.122.132:135 | tcp | |
| TR | 5.47.122.133:135 | tcp | |
| TR | 5.47.122.134:135 | tcp | |
| TR | 5.47.122.135:135 | tcp | |
| TR | 5.47.122.136:135 | tcp | |
| TR | 5.47.122.137:135 | tcp | |
| TR | 5.47.122.138:135 | tcp | |
| TR | 5.47.122.139:135 | tcp | |
| TR | 5.47.122.140:135 | tcp | |
| US | 3.134.125.175:19521 | 0.tcp.ngrok.io | tcp |
| US | 71.172.229.121:135 | tcp | |
| US | 71.172.229.122:135 | tcp | |
| US | 71.172.229.123:135 | tcp | |
| US | 71.172.229.124:135 | tcp | |
| US | 71.172.229.125:135 | tcp | |
| US | 71.172.229.126:135 | tcp | |
| US | 71.172.229.127:135 | tcp | |
| US | 71.172.229.128:135 | tcp | |
| US | 71.172.229.129:135 | tcp | |
| US | 71.172.229.130:135 | tcp | |
| US | 71.172.229.131:135 | tcp | |
| US | 71.172.229.132:135 | tcp | |
| US | 71.172.229.133:135 | tcp | |
| US | 71.172.229.134:135 | tcp | |
| US | 71.172.229.135:135 | tcp | |
| US | 71.172.229.136:135 | tcp | |
| US | 71.172.229.137:135 | tcp | |
| US | 71.172.229.138:135 | tcp | |
| US | 71.172.229.139:135 | tcp | |
| US | 71.172.229.140:135 | tcp | |
| TR | 5.47.122.141:135 | tcp | |
| TR | 5.47.122.142:135 | tcp | |
| TR | 5.47.122.143:135 | tcp | |
| TR | 5.47.122.144:135 | tcp | |
| TR | 5.47.122.145:135 | tcp | |
| TR | 5.47.122.146:135 | tcp | |
| TR | 5.47.122.147:135 | tcp | |
| TR | 5.47.122.148:135 | tcp | |
| TR | 5.47.122.149:135 | tcp | |
| TR | 5.47.122.150:135 | tcp | |
| TR | 5.47.122.151:135 | tcp | |
| TR | 5.47.122.152:135 | tcp | |
| TR | 5.47.122.153:135 | tcp | |
| TR | 5.47.122.154:135 | tcp | |
| TR | 5.47.122.155:135 | tcp | |
| TR | 5.47.122.156:135 | tcp | |
| TR | 5.47.122.157:135 | tcp | |
| TR | 5.47.122.158:135 | tcp | |
| TR | 5.47.122.159:135 | tcp | |
| TR | 5.47.122.160:135 | tcp | |
| US | 71.172.229.141:135 | tcp | |
| US | 71.172.229.142:135 | tcp | |
| US | 71.172.229.143:135 | tcp | |
| US | 71.172.229.144:135 | tcp | |
| US | 71.172.229.145:135 | tcp | |
| US | 71.172.229.146:135 | tcp | |
| US | 71.172.229.147:135 | tcp | |
| US | 71.172.229.148:135 | tcp | |
| US | 71.172.229.149:135 | tcp | |
| US | 71.172.229.150:135 | tcp | |
| US | 71.172.229.151:135 | tcp | |
| US | 71.172.229.152:135 | tcp | |
| US | 71.172.229.153:135 | tcp | |
| US | 71.172.229.154:135 | tcp | |
| US | 71.172.229.155:135 | tcp | |
| US | 71.172.229.156:135 | tcp | |
| US | 71.172.229.157:135 | tcp | |
| US | 71.172.229.158:135 | tcp | |
| US | 71.172.229.159:135 | tcp | |
| US | 71.172.229.160:135 | tcp | |
| TR | 5.47.122.161:135 | tcp | |
| TR | 5.47.122.162:135 | tcp | |
| TR | 5.47.122.163:135 | tcp | |
| TR | 5.47.122.164:135 | tcp | |
| TR | 5.47.122.165:135 | tcp | |
| TR | 5.47.122.166:135 | tcp | |
| TR | 5.47.122.167:135 | tcp | |
| TR | 5.47.122.168:135 | tcp | |
| TR | 5.47.122.169:135 | tcp | |
| TR | 5.47.122.170:135 | tcp | |
| TR | 5.47.122.171:135 | tcp | |
| TR | 5.47.122.172:135 | tcp | |
| TR | 5.47.122.173:135 | tcp | |
| TR | 5.47.122.174:135 | tcp | |
| TR | 5.47.122.175:135 | tcp | |
| TR | 5.47.122.176:135 | tcp | |
| TR | 5.47.122.177:135 | tcp | |
| TR | 5.47.122.178:135 | tcp | |
| TR | 5.47.122.179:135 | tcp | |
| TR | 5.47.122.180:135 | tcp | |
| US | 71.172.229.161:135 | tcp | |
| US | 71.172.229.162:135 | tcp | |
| US | 71.172.229.163:135 | tcp | |
| US | 71.172.229.164:135 | tcp | |
| US | 71.172.229.165:135 | tcp | |
| US | 71.172.229.166:135 | tcp | |
| US | 71.172.229.167:135 | tcp | |
| US | 71.172.229.168:135 | tcp | |
| US | 71.172.229.169:135 | tcp | |
| US | 71.172.229.170:135 | tcp | |
| US | 71.172.229.171:135 | tcp | |
| US | 71.172.229.172:135 | tcp | |
| US | 71.172.229.173:135 | tcp | |
| US | 71.172.229.174:135 | tcp | |
| US | 71.172.229.175:135 | tcp | |
| US | 71.172.229.176:135 | tcp | |
| US | 71.172.229.177:135 | tcp | |
| US | 71.172.229.178:135 | tcp | |
| US | 71.172.229.179:135 | tcp | |
| US | 71.172.229.180:135 | tcp | |
| TR | 5.47.122.181:135 | tcp | |
| TR | 5.47.122.182:135 | tcp | |
| TR | 5.47.122.183:135 | tcp | |
| TR | 5.47.122.184:135 | tcp | |
| TR | 5.47.122.185:135 | tcp | |
| TR | 5.47.122.186:135 | tcp | |
| TR | 5.47.122.187:135 | tcp | |
| TR | 5.47.122.188:135 | tcp | |
| TR | 5.47.122.189:135 | tcp | |
| TR | 5.47.122.190:135 | tcp | |
| TR | 5.47.122.191:135 | tcp | |
| TR | 5.47.122.192:135 | tcp | |
| TR | 5.47.122.193:135 | tcp | |
| TR | 5.47.122.194:135 | tcp | |
| TR | 5.47.122.195:135 | tcp | |
| TR | 5.47.122.196:135 | tcp | |
| TR | 5.47.122.197:135 | tcp | |
| TR | 5.47.122.198:135 | tcp | |
| TR | 5.47.122.199:135 | tcp | |
| TR | 5.47.122.200:135 | tcp | |
| US | 3.134.125.175:19521 | 0.tcp.ngrok.io | tcp |
| US | 71.172.229.181:135 | tcp | |
| US | 71.172.229.182:135 | tcp | |
| US | 71.172.229.183:135 | tcp | |
| US | 71.172.229.184:135 | tcp | |
| US | 71.172.229.185:135 | tcp | |
| US | 71.172.229.186:135 | tcp | |
| US | 71.172.229.187:135 | tcp | |
| US | 71.172.229.188:135 | tcp | |
| US | 71.172.229.189:135 | tcp | |
| US | 71.172.229.190:135 | tcp | |
| US | 71.172.229.191:135 | tcp | |
| US | 71.172.229.192:135 | tcp | |
| US | 71.172.229.193:135 | tcp | |
| US | 71.172.229.194:135 | tcp | |
| US | 71.172.229.195:135 | tcp | |
| US | 71.172.229.196:135 | tcp | |
| US | 71.172.229.197:135 | tcp | |
| US | 71.172.229.198:135 | tcp | |
| US | 71.172.229.199:135 | tcp | |
| US | 71.172.229.200:135 | tcp | |
| TR | 5.47.122.201:135 | tcp | |
| TR | 5.47.122.202:135 | tcp | |
| TR | 5.47.122.203:135 | tcp | |
| TR | 5.47.122.204:135 | tcp | |
| TR | 5.47.122.205:135 | tcp | |
| TR | 5.47.122.206:135 | tcp | |
| TR | 5.47.122.207:135 | tcp | |
| TR | 5.47.122.208:135 | tcp | |
| TR | 5.47.122.209:135 | tcp | |
| TR | 5.47.122.210:135 | tcp | |
| TR | 5.47.122.211:135 | tcp | |
| TR | 5.47.122.212:135 | tcp | |
| TR | 5.47.122.213:135 | tcp | |
| TR | 5.47.122.214:135 | tcp | |
| TR | 5.47.122.215:135 | tcp | |
| TR | 5.47.122.216:135 | tcp | |
| TR | 5.47.122.217:135 | tcp | |
| TR | 5.47.122.218:135 | tcp | |
| TR | 5.47.122.219:135 | tcp | |
| TR | 5.47.122.220:135 | tcp | |
| US | 71.172.229.201:135 | tcp | |
| US | 71.172.229.202:135 | tcp | |
| US | 71.172.229.203:135 | tcp | |
| US | 71.172.229.204:135 | tcp | |
| US | 71.172.229.205:135 | tcp | |
| US | 71.172.229.206:135 | tcp | |
| US | 71.172.229.207:135 | tcp | |
| US | 71.172.229.208:135 | tcp | |
| US | 71.172.229.209:135 | tcp | |
| US | 71.172.229.210:135 | tcp | |
| US | 71.172.229.211:135 | tcp | |
| US | 71.172.229.212:135 | tcp | |
| US | 71.172.229.213:135 | tcp | |
| US | 71.172.229.214:135 | tcp | |
| US | 71.172.229.215:135 | tcp | |
| US | 71.172.229.216:135 | tcp | |
| US | 71.172.229.217:135 | tcp | |
| US | 71.172.229.218:135 | tcp | |
| US | 71.172.229.219:135 | tcp | |
| US | 71.172.229.220:135 | tcp | |
| TR | 5.47.122.221:135 | tcp | |
| TR | 5.47.122.222:135 | tcp | |
| TR | 5.47.122.223:135 | tcp | |
| TR | 5.47.122.224:135 | tcp | |
| TR | 5.47.122.225:135 | tcp | |
| TR | 5.47.122.226:135 | tcp | |
| TR | 5.47.122.227:135 | tcp | |
| TR | 5.47.122.228:135 | tcp | |
| TR | 5.47.122.229:135 | tcp | |
| TR | 5.47.122.230:135 | tcp | |
| TR | 5.47.122.231:135 | tcp | |
| TR | 5.47.122.232:135 | tcp | |
| TR | 5.47.122.233:135 | tcp | |
| TR | 5.47.122.234:135 | tcp | |
| TR | 5.47.122.235:135 | tcp | |
| TR | 5.47.122.236:135 | tcp | |
| TR | 5.47.122.237:135 | tcp | |
| TR | 5.47.122.238:135 | tcp | |
| TR | 5.47.122.239:135 | tcp | |
| TR | 5.47.122.240:135 | tcp | |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 71.172.229.221:135 | tcp | |
| US | 71.172.229.222:135 | tcp | |
| US | 71.172.229.223:135 | tcp | |
| US | 71.172.229.224:135 | tcp | |
| US | 71.172.229.225:135 | tcp | |
| US | 71.172.229.226:135 | tcp | |
| US | 71.172.229.227:135 | tcp | |
| US | 71.172.229.228:135 | tcp | |
| US | 71.172.229.229:135 | tcp | |
| US | 71.172.229.230:135 | tcp | |
| US | 71.172.229.231:135 | tcp | |
| US | 71.172.229.232:135 | tcp | |
| US | 71.172.229.233:135 | tcp | |
| US | 71.172.229.234:135 | tcp | |
| US | 71.172.229.235:135 | tcp | |
| US | 71.172.229.236:135 | tcp | |
| US | 71.172.229.237:135 | tcp | |
| US | 71.172.229.238:135 | tcp | |
| US | 71.172.229.239:135 | tcp | |
| US | 71.172.229.240:135 | tcp | |
| TR | 5.47.122.241:135 | tcp | |
| TR | 5.47.122.242:135 | tcp | |
| TR | 5.47.122.243:135 | tcp | |
| TR | 5.47.122.244:135 | tcp | |
| TR | 5.47.122.245:135 | tcp | |
| TR | 5.47.122.246:135 | tcp | |
| TR | 5.47.122.247:135 | tcp | |
| TR | 5.47.122.248:135 | tcp | |
| TR | 5.47.122.249:135 | tcp | |
| TR | 5.47.122.250:135 | tcp | |
| TR | 5.47.122.251:135 | tcp | |
| TR | 5.47.122.252:135 | tcp | |
| TR | 5.47.122.253:135 | tcp | |
| TR | 5.47.122.254:135 | tcp | |
| TR | 5.47.122.255:135 | tcp | |
| TR | 5.47.123.0:135 | tcp | |
| TR | 5.47.123.1:135 | tcp | |
| TR | 5.47.123.2:135 | tcp | |
| TR | 5.47.123.3:135 | tcp | |
| TR | 5.47.123.4:135 | tcp | |
| US | 3.134.125.175:19521 | 0.tcp.ngrok.io | tcp |
| US | 71.172.229.241:135 | tcp | |
| US | 71.172.229.242:135 | tcp | |
| US | 71.172.229.243:135 | tcp | |
| US | 71.172.229.244:135 | tcp | |
| US | 71.172.229.245:135 | tcp | |
| US | 71.172.229.246:135 | tcp | |
| US | 71.172.229.247:135 | tcp | |
| US | 71.172.229.248:135 | tcp | |
| US | 71.172.229.249:135 | tcp | |
| US | 71.172.229.250:135 | tcp | |
| US | 71.172.229.251:135 | tcp | |
| US | 71.172.229.252:135 | tcp | |
| US | 71.172.229.253:135 | tcp | |
| US | 71.172.229.254:135 | tcp | |
| US | 71.172.229.255:135 | tcp | |
| US | 71.172.230.0:135 | tcp | |
| US | 71.172.230.1:135 | tcp | |
| US | 71.172.230.2:135 | tcp | |
| US | 71.172.230.3:135 | tcp | |
| US | 71.172.230.4:135 | tcp | |
| TR | 5.47.123.5:135 | tcp | |
| TR | 5.47.123.6:135 | tcp | |
| TR | 5.47.123.7:135 | tcp | |
| TR | 5.47.123.8:135 | tcp | |
| TR | 5.47.123.9:135 | tcp | |
| TR | 5.47.123.10:135 | tcp | |
| TR | 5.47.123.11:135 | tcp | |
| TR | 5.47.123.12:135 | tcp | |
| TR | 5.47.123.13:135 | tcp | |
| TR | 5.47.123.14:135 | tcp | |
| TR | 5.47.123.15:135 | tcp | |
| TR | 5.47.123.16:135 | tcp | |
| TR | 5.47.123.17:135 | tcp | |
| TR | 5.47.123.18:135 | tcp | |
| TR | 5.47.123.19:135 | tcp | |
| TR | 5.47.123.20:135 | tcp | |
| TR | 5.47.123.21:135 | tcp | |
| TR | 5.47.123.22:135 | tcp | |
| TR | 5.47.123.23:135 | tcp | |
| TR | 5.47.123.24:135 | tcp | |
| US | 71.172.230.5:135 | tcp | |
| US | 71.172.230.6:135 | tcp | |
| US | 71.172.230.7:135 | tcp | |
| US | 71.172.230.8:135 | tcp | |
| US | 71.172.230.9:135 | tcp | |
| US | 71.172.230.10:135 | tcp | |
| US | 71.172.230.11:135 | tcp | |
| US | 71.172.230.12:135 | tcp | |
| US | 71.172.230.13:135 | tcp | |
| US | 71.172.230.14:135 | tcp | |
| US | 71.172.230.15:135 | tcp | |
| US | 71.172.230.16:135 | tcp | |
| US | 71.172.230.17:135 | tcp | |
| US | 71.172.230.18:135 | tcp | |
| US | 71.172.230.19:135 | tcp | |
| US | 71.172.230.20:135 | tcp | |
| US | 71.172.230.21:135 | tcp | |
| US | 71.172.230.22:135 | tcp | |
| US | 71.172.230.23:135 | tcp | |
| US | 71.172.230.24:135 | tcp | |
| TR | 5.47.123.25:135 | tcp | |
| TR | 5.47.123.26:135 | tcp | |
| TR | 5.47.123.27:135 | tcp | |
| TR | 5.47.123.28:135 | tcp | |
| TR | 5.47.123.29:135 | tcp | |
| TR | 5.47.123.30:135 | tcp | |
| TR | 5.47.123.31:135 | tcp | |
| TR | 5.47.123.32:135 | tcp | |
| TR | 5.47.123.33:135 | tcp | |
| TR | 5.47.123.34:135 | tcp | |
| TR | 5.47.123.35:135 | tcp | |
| TR | 5.47.123.36:135 | tcp | |
| TR | 5.47.123.37:135 | tcp | |
| TR | 5.47.123.38:135 | tcp | |
| TR | 5.47.123.39:135 | tcp | |
| TR | 5.47.123.40:135 | tcp | |
| TR | 5.47.123.41:135 | tcp | |
| TR | 5.47.123.42:135 | tcp | |
| TR | 5.47.123.43:135 | tcp | |
| TR | 5.47.123.44:135 | tcp | |
| US | 71.172.230.25:135 | tcp | |
| US | 71.172.230.26:135 | tcp | |
| US | 71.172.230.27:135 | tcp | |
| US | 71.172.230.28:135 | tcp | |
| US | 71.172.230.29:135 | tcp | |
| US | 71.172.230.30:135 | tcp | |
| US | 71.172.230.31:135 | tcp | |
| US | 71.172.230.32:135 | tcp | |
| US | 71.172.230.33:135 | tcp | |
| US | 71.172.230.34:135 | tcp | |
| US | 71.172.230.35:135 | tcp | |
| US | 71.172.230.36:135 | tcp | |
| US | 71.172.230.37:135 | tcp | |
| US | 71.172.230.38:135 | tcp | |
| US | 71.172.230.39:135 | tcp | |
| US | 71.172.230.40:135 | tcp | |
| US | 71.172.230.41:135 | tcp | |
| US | 71.172.230.42:135 | tcp | |
| US | 71.172.230.43:135 | tcp | |
| US | 71.172.230.44:135 | tcp | |
| TR | 5.47.123.45:135 | tcp | |
| TR | 5.47.123.46:135 | tcp | |
| TR | 5.47.123.47:135 | tcp | |
| TR | 5.47.123.48:135 | tcp | |
| TR | 5.47.123.49:135 | tcp | |
| TR | 5.47.123.50:135 | tcp | |
| TR | 5.47.123.51:135 | tcp | |
| TR | 5.47.123.52:135 | tcp | |
| TR | 5.47.123.53:135 | tcp | |
| TR | 5.47.123.54:135 | tcp | |
| TR | 5.47.123.55:135 | tcp | |
| TR | 5.47.123.56:135 | tcp | |
| TR | 5.47.123.57:135 | tcp | |
| TR | 5.47.123.58:135 | tcp | |
| TR | 5.47.123.59:135 | tcp | |
| TR | 5.47.123.60:135 | tcp | |
| TR | 5.47.123.61:135 | tcp | |
| TR | 5.47.123.62:135 | tcp | |
| TR | 5.47.123.63:135 | tcp | |
| TR | 5.47.123.64:135 | tcp | |
| US | 3.134.125.175:19521 | 0.tcp.ngrok.io | tcp |
| US | 71.172.230.45:135 | tcp | |
| US | 71.172.230.46:135 | tcp | |
| US | 71.172.230.47:135 | tcp | |
| US | 71.172.230.48:135 | tcp | |
| US | 71.172.230.49:135 | tcp | |
| US | 71.172.230.50:135 | tcp | |
| US | 71.172.230.51:135 | tcp | |
| US | 71.172.230.52:135 | tcp | |
| US | 71.172.230.53:135 | tcp | |
| US | 71.172.230.54:135 | tcp | |
| US | 71.172.230.55:135 | tcp | |
| US | 71.172.230.56:135 | tcp | |
| US | 71.172.230.57:135 | tcp | |
| US | 71.172.230.58:135 | tcp | |
| US | 71.172.230.59:135 | tcp | |
| US | 71.172.230.60:135 | tcp | |
| US | 71.172.230.61:135 | tcp | |
| US | 71.172.230.62:135 | tcp | |
| US | 71.172.230.63:135 | tcp | |
| US | 71.172.230.64:135 | tcp | |
| TR | 5.47.123.65:135 | tcp | |
| TR | 5.47.123.66:135 | tcp | |
| TR | 5.47.123.67:135 | tcp | |
| TR | 5.47.123.68:135 | tcp | |
| TR | 5.47.123.69:135 | tcp | |
| TR | 5.47.123.70:135 | tcp | |
| TR | 5.47.123.71:135 | tcp | |
| TR | 5.47.123.72:135 | tcp | |
| TR | 5.47.123.73:135 | tcp | |
| TR | 5.47.123.74:135 | tcp | |
| TR | 5.47.123.75:135 | tcp | |
| TR | 5.47.123.76:135 | tcp | |
| TR | 5.47.123.77:135 | tcp | |
| TR | 5.47.123.78:135 | tcp | |
| TR | 5.47.123.79:135 | tcp | |
| TR | 5.47.123.80:135 | tcp | |
| TR | 5.47.123.81:135 | tcp | |
| TR | 5.47.123.82:135 | tcp | |
| TR | 5.47.123.83:135 | tcp | |
| TR | 5.47.123.84:135 | tcp | |
| US | 71.172.230.65:135 | tcp | |
| US | 71.172.230.66:135 | tcp | |
| US | 71.172.230.67:135 | tcp | |
| US | 71.172.230.68:135 | tcp | |
| US | 71.172.230.69:135 | tcp | |
| US | 71.172.230.70:135 | tcp | |
| US | 71.172.230.71:135 | tcp | |
| US | 71.172.230.72:135 | tcp | |
| US | 71.172.230.73:135 | tcp | |
| US | 71.172.230.74:135 | tcp | |
| US | 71.172.230.75:135 | tcp | |
| US | 71.172.230.76:135 | tcp | |
| US | 71.172.230.77:135 | tcp | |
| US | 71.172.230.78:135 | tcp | |
| US | 71.172.230.79:135 | tcp | |
| US | 71.172.230.80:135 | tcp | |
| US | 71.172.230.81:135 | tcp | |
| US | 71.172.230.82:135 | tcp | |
| US | 71.172.230.83:135 | tcp | |
| US | 71.172.230.84:135 | tcp | |
| TR | 5.47.123.85:135 | tcp | |
| TR | 5.47.123.86:135 | tcp | |
| TR | 5.47.123.87:135 | tcp | |
| TR | 5.47.123.88:135 | tcp | |
| TR | 5.47.123.89:135 | tcp | |
| TR | 5.47.123.90:135 | tcp | |
| TR | 5.47.123.91:135 | tcp | |
| TR | 5.47.123.92:135 | tcp | |
| TR | 5.47.123.93:135 | tcp | |
| TR | 5.47.123.94:135 | tcp | |
| TR | 5.47.123.95:135 | tcp | |
| TR | 5.47.123.96:135 | tcp | |
| TR | 5.47.123.97:135 | tcp | |
| TR | 5.47.123.98:135 | tcp | |
| TR | 5.47.123.99:135 | tcp | |
| TR | 5.47.123.100:135 | tcp | |
| TR | 5.47.123.101:135 | tcp | |
| TR | 5.47.123.102:135 | tcp | |
| TR | 5.47.123.103:135 | tcp | |
| TR | 5.47.123.104:135 | tcp | |
| US | 71.172.230.85:135 | tcp | |
| US | 71.172.230.86:135 | tcp | |
| US | 71.172.230.87:135 | tcp | |
| US | 71.172.230.88:135 | tcp | |
| US | 71.172.230.89:135 | tcp | |
| US | 71.172.230.90:135 | tcp | |
| US | 71.172.230.91:135 | tcp | |
| US | 71.172.230.92:135 | tcp | |
| US | 71.172.230.93:135 | tcp | |
| US | 71.172.230.94:135 | tcp | |
| US | 71.172.230.95:135 | tcp | |
| US | 71.172.230.96:135 | tcp | |
| US | 71.172.230.97:135 | tcp | |
| US | 71.172.230.98:135 | tcp | |
| US | 71.172.230.99:135 | tcp | |
| US | 71.172.230.100:135 | tcp | |
| US | 71.172.230.101:135 | tcp | |
| US | 71.172.230.102:135 | tcp | |
| US | 71.172.230.103:135 | tcp | |
| US | 71.172.230.104:135 | tcp | |
| TR | 5.47.123.105:135 | tcp | |
| TR | 5.47.123.106:135 | tcp | |
| TR | 5.47.123.107:135 | tcp | |
| TR | 5.47.123.108:135 | tcp | |
| TR | 5.47.123.109:135 | tcp | |
| TR | 5.47.123.110:135 | tcp | |
| TR | 5.47.123.111:135 | tcp | |
| TR | 5.47.123.112:135 | tcp | |
| TR | 5.47.123.113:135 | tcp | |
| TR | 5.47.123.114:135 | tcp | |
| TR | 5.47.123.115:135 | tcp | |
| TR | 5.47.123.116:135 | tcp | |
| TR | 5.47.123.117:135 | tcp | |
| TR | 5.47.123.118:135 | tcp | |
| TR | 5.47.123.119:135 | tcp | |
| TR | 5.47.123.120:135 | tcp | |
| TR | 5.47.123.121:135 | tcp | |
| TR | 5.47.123.122:135 | tcp | |
| TR | 5.47.123.123:135 | tcp | |
| TR | 5.47.123.124:135 | tcp | |
| US | 3.134.125.175:19521 | 0.tcp.ngrok.io | tcp |
| US | 71.172.230.105:135 | tcp | |
| US | 71.172.230.106:135 | tcp | |
| US | 71.172.230.107:135 | tcp | |
| US | 71.172.230.108:135 | tcp | |
| US | 71.172.230.109:135 | tcp | |
| US | 71.172.230.110:135 | tcp | |
| US | 71.172.230.111:135 | tcp | |
| US | 71.172.230.112:135 | tcp | |
| US | 71.172.230.113:135 | tcp | |
| US | 71.172.230.114:135 | tcp | |
| US | 71.172.230.115:135 | tcp | |
| US | 71.172.230.116:135 | tcp | |
| US | 71.172.230.117:135 | tcp | |
| US | 71.172.230.118:135 | tcp | |
| US | 71.172.230.119:135 | tcp | |
| US | 71.172.230.120:135 | tcp | |
| US | 71.172.230.121:135 | tcp | |
| US | 71.172.230.122:135 | tcp | |
| US | 71.172.230.123:135 | tcp | |
| US | 71.172.230.124:135 | tcp | |
| TR | 5.47.123.125:135 | tcp | |
| TR | 5.47.123.126:135 | tcp | |
| TR | 5.47.123.127:135 | tcp | |
| TR | 5.47.123.128:135 | tcp | |
| TR | 5.47.123.129:135 | tcp | |
| TR | 5.47.123.130:135 | tcp | |
| TR | 5.47.123.131:135 | tcp | |
| TR | 5.47.123.132:135 | tcp | |
| TR | 5.47.123.133:135 | tcp | |
| TR | 5.47.123.134:135 | tcp | |
| TR | 5.47.123.135:135 | tcp | |
| TR | 5.47.123.136:135 | tcp | |
| TR | 5.47.123.137:135 | tcp | |
| TR | 5.47.123.138:135 | tcp | |
| TR | 5.47.123.139:135 | tcp | |
| TR | 5.47.123.140:135 | tcp | |
| TR | 5.47.123.141:135 | tcp | |
| TR | 5.47.123.142:135 | tcp | |
| TR | 5.47.123.143:135 | tcp | |
| TR | 5.47.123.144:135 | tcp | |
| US | 71.172.230.125:135 | tcp | |
| US | 71.172.230.126:135 | tcp | |
| US | 71.172.230.127:135 | tcp | |
| US | 71.172.230.128:135 | tcp | |
| US | 71.172.230.129:135 | tcp | |
| US | 71.172.230.130:135 | tcp | |
| US | 71.172.230.131:135 | tcp | |
| US | 71.172.230.132:135 | tcp | |
| US | 71.172.230.133:135 | tcp | |
| US | 71.172.230.134:135 | tcp | |
| US | 71.172.230.135:135 | tcp | |
| US | 71.172.230.136:135 | tcp | |
| US | 71.172.230.137:135 | tcp | |
| US | 71.172.230.138:135 | tcp | |
| US | 71.172.230.139:135 | tcp | |
| US | 71.172.230.140:135 | tcp | |
| US | 71.172.230.141:135 | tcp | |
| US | 71.172.230.142:135 | tcp | |
| US | 71.172.230.143:135 | tcp | |
| US | 71.172.230.144:135 | tcp | |
| TR | 5.47.123.145:135 | tcp | |
| TR | 5.47.123.146:135 | tcp | |
| TR | 5.47.123.147:135 | tcp | |
| TR | 5.47.123.148:135 | tcp | |
| TR | 5.47.123.149:135 | tcp | |
| TR | 5.47.123.150:135 | tcp | |
| TR | 5.47.123.151:135 | tcp | |
| TR | 5.47.123.152:135 | tcp | |
| TR | 5.47.123.153:135 | tcp | |
| TR | 5.47.123.154:135 | tcp | |
| TR | 5.47.123.155:135 | tcp | |
| TR | 5.47.123.156:135 | tcp | |
| TR | 5.47.123.157:135 | tcp | |
| TR | 5.47.123.158:135 | tcp | |
| TR | 5.47.123.159:135 | tcp | |
| TR | 5.47.123.160:135 | tcp | |
| TR | 5.47.123.161:135 | tcp | |
| TR | 5.47.123.162:135 | tcp | |
| TR | 5.47.123.163:135 | tcp | |
| TR | 5.47.123.164:135 | tcp | |
| US | 71.172.230.145:135 | tcp | |
| US | 71.172.230.146:135 | tcp | |
| US | 71.172.230.147:135 | tcp | |
| US | 71.172.230.148:135 | tcp | |
| US | 71.172.230.149:135 | tcp | |
| US | 71.172.230.150:135 | tcp | |
| US | 71.172.230.151:135 | tcp | |
| US | 71.172.230.152:135 | tcp | |
| US | 71.172.230.153:135 | tcp | |
| US | 71.172.230.154:135 | tcp | |
| US | 71.172.230.155:135 | tcp | |
| US | 71.172.230.156:135 | tcp | |
| US | 71.172.230.157:135 | tcp | |
| US | 71.172.230.158:135 | tcp | |
| US | 71.172.230.159:135 | tcp | |
| US | 71.172.230.160:135 | tcp | |
| US | 71.172.230.161:135 | tcp | |
| US | 71.172.230.162:135 | tcp | |
| US | 71.172.230.163:135 | tcp | |
| US | 71.172.230.164:135 | tcp | |
| TR | 5.47.123.165:135 | tcp | |
| TR | 5.47.123.166:135 | tcp | |
| TR | 5.47.123.167:135 | tcp | |
| TR | 5.47.123.168:135 | tcp | |
| TR | 5.47.123.169:135 | tcp | |
| TR | 5.47.123.170:135 | tcp | |
| TR | 5.47.123.171:135 | tcp | |
| TR | 5.47.123.172:135 | tcp | |
| TR | 5.47.123.173:135 | tcp | |
| TR | 5.47.123.174:135 | tcp | |
| TR | 5.47.123.175:135 | tcp | |
| TR | 5.47.123.176:135 | tcp | |
| TR | 5.47.123.177:135 | tcp | |
| TR | 5.47.123.178:135 | tcp | |
| TR | 5.47.123.179:135 | tcp | |
| TR | 5.47.123.180:135 | tcp | |
| TR | 5.47.123.181:135 | tcp | |
| TR | 5.47.123.182:135 | tcp | |
| TR | 5.47.123.183:135 | tcp | |
| TR | 5.47.123.184:135 | tcp | |
| US | 8.8.8.8:53 | 0.tcp.ngrok.io | udp |
| US | 3.13.191.225:19521 | 0.tcp.ngrok.io | tcp |
| US | 71.172.230.165:135 | tcp | |
| US | 71.172.230.166:135 | tcp | |
| US | 71.172.230.167:135 | tcp | |
| US | 71.172.230.168:135 | tcp | |
| US | 71.172.230.169:135 | tcp | |
| US | 71.172.230.170:135 | tcp | |
| US | 71.172.230.171:135 | tcp | |
| US | 71.172.230.172:135 | tcp | |
| US | 71.172.230.173:135 | tcp | |
| US | 71.172.230.174:135 | tcp | |
| US | 71.172.230.175:135 | tcp | |
| US | 71.172.230.176:135 | tcp | |
| US | 71.172.230.177:135 | tcp | |
| US | 71.172.230.178:135 | tcp | |
| US | 71.172.230.179:135 | tcp | |
| US | 71.172.230.180:135 | tcp | |
| US | 71.172.230.181:135 | tcp | |
| US | 71.172.230.182:135 | tcp | |
| US | 71.172.230.183:135 | tcp | |
| US | 71.172.230.184:135 | tcp | |
| TR | 5.47.123.185:135 | tcp | |
| TR | 5.47.123.186:135 | tcp | |
| TR | 5.47.123.187:135 | tcp | |
| TR | 5.47.123.188:135 | tcp | |
| TR | 5.47.123.189:135 | tcp | |
| TR | 5.47.123.190:135 | tcp | |
| TR | 5.47.123.191:135 | tcp | |
| TR | 5.47.123.192:135 | tcp | |
| TR | 5.47.123.193:135 | tcp | |
| TR | 5.47.123.194:135 | tcp | |
| TR | 5.47.123.195:135 | tcp | |
| TR | 5.47.123.196:135 | tcp | |
| TR | 5.47.123.197:135 | tcp | |
| TR | 5.47.123.198:135 | tcp | |
| TR | 5.47.123.199:135 | tcp | |
| TR | 5.47.123.200:135 | tcp | |
| TR | 5.47.123.201:135 | tcp | |
| TR | 5.47.123.202:135 | tcp | |
| TR | 5.47.123.203:135 | tcp | |
| TR | 5.47.123.204:135 | tcp | |
| US | 71.172.230.185:135 | tcp | |
| US | 71.172.230.186:135 | tcp | |
| US | 71.172.230.187:135 | tcp | |
| US | 71.172.230.188:135 | tcp | |
| US | 71.172.230.189:135 | tcp | |
| US | 71.172.230.190:135 | tcp | |
| US | 71.172.230.191:135 | tcp | |
| US | 71.172.230.192:135 | tcp | |
| US | 71.172.230.193:135 | tcp | |
| US | 71.172.230.194:135 | tcp | |
| US | 71.172.230.195:135 | tcp | |
| US | 71.172.230.196:135 | tcp | |
| US | 71.172.230.197:135 | tcp | |
| US | 71.172.230.198:135 | tcp | |
| US | 71.172.230.199:135 | tcp | |
| US | 71.172.230.200:135 | tcp | |
| US | 71.172.230.201:135 | tcp | |
| US | 71.172.230.202:135 | tcp | |
| US | 71.172.230.203:135 | tcp | |
| US | 71.172.230.204:135 | tcp | |
| TR | 5.47.123.205:135 | tcp | |
| TR | 5.47.123.206:135 | tcp | |
| TR | 5.47.123.207:135 | tcp | |
| TR | 5.47.123.208:135 | tcp | |
| TR | 5.47.123.209:135 | tcp | |
| TR | 5.47.123.210:135 | tcp | |
| TR | 5.47.123.211:135 | tcp | |
| TR | 5.47.123.212:135 | tcp | |
| TR | 5.47.123.213:135 | tcp | |
| TR | 5.47.123.214:135 | tcp | |
| TR | 5.47.123.215:135 | tcp | |
| TR | 5.47.123.216:135 | tcp | |
| TR | 5.47.123.217:135 | tcp | |
| TR | 5.47.123.218:135 | tcp | |
| TR | 5.47.123.219:135 | tcp | |
| TR | 5.47.123.220:135 | tcp | |
| TR | 5.47.123.221:135 | tcp | |
| TR | 5.47.123.222:135 | tcp | |
| TR | 5.47.123.223:135 | tcp | |
| TR | 5.47.123.224:135 | tcp | |
| US | 71.172.230.205:135 | tcp | |
| US | 71.172.230.206:135 | tcp | |
| US | 71.172.230.207:135 | tcp | |
| US | 71.172.230.208:135 | tcp | |
| US | 71.172.230.209:135 | tcp | |
| US | 71.172.230.210:135 | tcp | |
| US | 71.172.230.211:135 | tcp | |
| US | 71.172.230.212:135 | tcp | |
| US | 71.172.230.213:135 | tcp | |
| US | 71.172.230.214:135 | tcp | |
| US | 71.172.230.215:135 | tcp | |
| US | 71.172.230.216:135 | tcp | |
| US | 71.172.230.217:135 | tcp | |
| US | 71.172.230.218:135 | tcp | |
| US | 71.172.230.219:135 | tcp | |
| US | 71.172.230.220:135 | tcp | |
| US | 71.172.230.221:135 | tcp | |
| US | 71.172.230.222:135 | tcp | |
| US | 71.172.230.223:135 | tcp | |
| US | 71.172.230.224:135 | tcp | |
| TR | 5.47.123.225:135 | tcp | |
| TR | 5.47.123.226:135 | tcp | |
| TR | 5.47.123.227:135 | tcp | |
| TR | 5.47.123.228:135 | tcp | |
| TR | 5.47.123.229:135 | tcp | |
| TR | 5.47.123.230:135 | tcp | |
| TR | 5.47.123.231:135 | tcp | |
| TR | 5.47.123.232:135 | tcp | |
| TR | 5.47.123.233:135 | tcp | |
| TR | 5.47.123.234:135 | tcp | |
| TR | 5.47.123.235:135 | tcp | |
| TR | 5.47.123.236:135 | tcp | |
| TR | 5.47.123.237:135 | tcp | |
| TR | 5.47.123.238:135 | tcp | |
| TR | 5.47.123.239:135 | tcp | |
| TR | 5.47.123.240:135 | tcp | |
| TR | 5.47.123.241:135 | tcp | |
| TR | 5.47.123.242:135 | tcp | |
| TR | 5.47.123.243:135 | tcp | |
| TR | 5.47.123.244:135 | tcp | |
| US | 3.13.191.225:19521 | 0.tcp.ngrok.io | tcp |
| US | 71.172.230.225:135 | tcp | |
| US | 71.172.230.226:135 | tcp | |
| US | 71.172.230.227:135 | tcp | |
| US | 71.172.230.228:135 | tcp | |
| US | 71.172.230.229:135 | tcp | |
| US | 71.172.230.230:135 | tcp | |
| US | 71.172.230.231:135 | tcp | |
| US | 71.172.230.232:135 | tcp | |
| US | 71.172.230.233:135 | tcp | |
| US | 71.172.230.234:135 | tcp | |
| US | 71.172.230.235:135 | tcp | |
| US | 71.172.230.236:135 | tcp | |
| US | 71.172.230.237:135 | tcp | |
| US | 71.172.230.238:135 | tcp | |
| US | 71.172.230.239:135 | tcp | |
| US | 71.172.230.240:135 | tcp | |
| US | 71.172.230.241:135 | tcp | |
| US | 71.172.230.242:135 | tcp | |
| US | 71.172.230.243:135 | tcp | |
| US | 71.172.230.244:135 | tcp | |
| TR | 5.47.123.245:135 | tcp | |
| TR | 5.47.123.246:135 | tcp | |
| TR | 5.47.123.247:135 | tcp | |
| TR | 5.47.123.248:135 | tcp | |
| TR | 5.47.123.249:135 | tcp | |
| TR | 5.47.123.250:135 | tcp | |
| TR | 5.47.123.251:135 | tcp | |
| TR | 5.47.123.252:135 | tcp | |
| TR | 5.47.123.253:135 | tcp | |
| TR | 5.47.123.254:135 | tcp | |
| TR | 5.47.123.255:135 | tcp | |
| TR | 5.47.124.0:135 | tcp | |
| TR | 5.47.124.1:135 | tcp | |
| TR | 5.47.124.2:135 | tcp | |
| TR | 5.47.124.3:135 | tcp | |
| TR | 5.47.124.4:135 | tcp | |
| TR | 5.47.124.5:135 | tcp | |
| TR | 5.47.124.6:135 | tcp | |
| TR | 5.47.124.7:135 | tcp | |
| TR | 5.47.124.8:135 | tcp | |
| US | 71.172.230.245:135 | tcp | |
| US | 71.172.230.246:135 | tcp | |
| US | 71.172.230.247:135 | tcp | |
| US | 71.172.230.248:135 | tcp | |
| US | 71.172.230.249:135 | tcp | |
| US | 71.172.230.250:135 | tcp | |
| US | 71.172.230.251:135 | tcp | |
| US | 71.172.230.252:135 | tcp | |
| US | 71.172.230.253:135 | tcp | |
| US | 71.172.230.254:135 | tcp | |
| US | 71.172.230.255:135 | tcp | |
| US | 71.172.231.0:135 | tcp | |
| US | 71.172.231.1:135 | tcp | |
| US | 71.172.231.2:135 | tcp | |
| US | 71.172.231.3:135 | tcp | |
| US | 71.172.231.4:135 | tcp | |
| US | 71.172.231.5:135 | tcp | |
| US | 71.172.231.6:135 | tcp | |
| US | 71.172.231.7:135 | tcp | |
| US | 71.172.231.8:135 | tcp | |
| TR | 5.47.124.9:135 | tcp | |
| TR | 5.47.124.10:135 | tcp | |
| TR | 5.47.124.11:135 | tcp | |
| TR | 5.47.124.12:135 | tcp | |
| TR | 5.47.124.13:135 | tcp | |
| TR | 5.47.124.14:135 | tcp | |
| TR | 5.47.124.15:135 | tcp | |
| TR | 5.47.124.16:135 | tcp | |
| TR | 5.47.124.17:135 | tcp | |
| TR | 5.47.124.18:135 | tcp | |
| TR | 5.47.124.19:135 | tcp | |
| TR | 5.47.124.20:135 | tcp | |
| TR | 5.47.124.21:135 | tcp | |
| TR | 5.47.124.22:135 | tcp | |
| TR | 5.47.124.23:135 | tcp | |
| TR | 5.47.124.24:135 | tcp | |
| TR | 5.47.124.25:135 | tcp | |
| TR | 5.47.124.26:135 | tcp | |
| TR | 5.47.124.27:135 | tcp | |
| TR | 5.47.124.28:135 | tcp | |
| US | 71.172.231.9:135 | tcp | |
| US | 71.172.231.10:135 | tcp | |
| US | 71.172.231.11:135 | tcp | |
| US | 71.172.231.12:135 | tcp | |
| US | 71.172.231.13:135 | tcp | |
| US | 71.172.231.14:135 | tcp | |
| US | 71.172.231.15:135 | tcp | |
| US | 71.172.231.16:135 | tcp | |
| US | 71.172.231.17:135 | tcp | |
| US | 71.172.231.18:135 | tcp | |
| US | 71.172.231.19:135 | tcp | |
| US | 71.172.231.20:135 | tcp | |
| US | 71.172.231.21:135 | tcp | |
| US | 71.172.231.22:135 | tcp | |
| US | 71.172.231.23:135 | tcp | |
| US | 71.172.231.24:135 | tcp | |
| US | 71.172.231.25:135 | tcp | |
| US | 71.172.231.26:135 | tcp | |
| US | 71.172.231.27:135 | tcp | |
| US | 71.172.231.28:135 | tcp | |
| TR | 5.47.124.29:135 | tcp | |
| TR | 5.47.124.30:135 | tcp | |
| TR | 5.47.124.31:135 | tcp | |
| TR | 5.47.124.32:135 | tcp | |
| TR | 5.47.124.33:135 | tcp | |
| TR | 5.47.124.34:135 | tcp | |
| TR | 5.47.124.35:135 | tcp | |
| TR | 5.47.124.36:135 | tcp | |
| TR | 5.47.124.37:135 | tcp | |
| TR | 5.47.124.38:135 | tcp | |
| TR | 5.47.124.39:135 | tcp | |
| TR | 5.47.124.40:135 | tcp | |
| TR | 5.47.124.41:135 | tcp | |
| TR | 5.47.124.42:135 | tcp | |
| TR | 5.47.124.43:135 | tcp | |
| TR | 5.47.124.44:135 | tcp | |
| TR | 5.47.124.45:135 | tcp | |
| TR | 5.47.124.46:135 | tcp | |
| TR | 5.47.124.47:135 | tcp | |
| TR | 5.47.124.48:135 | tcp | |
| US | 3.13.191.225:19521 | 0.tcp.ngrok.io | tcp |
| US | 71.172.231.29:135 | tcp | |
| US | 71.172.231.30:135 | tcp | |
| US | 71.172.231.31:135 | tcp | |
| US | 71.172.231.32:135 | tcp | |
| US | 71.172.231.33:135 | tcp | |
| US | 71.172.231.34:135 | tcp | |
| US | 71.172.231.35:135 | tcp | |
| US | 71.172.231.36:135 | tcp | |
| US | 71.172.231.37:135 | tcp | |
| US | 71.172.231.38:135 | tcp | |
| US | 71.172.231.39:135 | tcp | |
| US | 71.172.231.40:135 | tcp | |
| US | 71.172.231.41:135 | tcp | |
| US | 71.172.231.42:135 | tcp | |
| US | 71.172.231.43:135 | tcp | |
| US | 71.172.231.44:135 | tcp | |
| US | 71.172.231.45:135 | tcp | |
| US | 71.172.231.46:135 | tcp | |
| US | 71.172.231.47:135 | tcp | |
| US | 71.172.231.48:135 | tcp | |
| TR | 5.47.124.49:135 | tcp | |
| TR | 5.47.124.50:135 | tcp | |
| TR | 5.47.124.51:135 | tcp | |
| TR | 5.47.124.52:135 | tcp | |
| TR | 5.47.124.53:135 | tcp | |
| TR | 5.47.124.54:135 | tcp | |
| TR | 5.47.124.55:135 | tcp | |
| TR | 5.47.124.56:135 | tcp | |
| TR | 5.47.124.57:135 | tcp | |
| TR | 5.47.124.58:135 | tcp | |
| TR | 5.47.124.59:135 | tcp | |
| TR | 5.47.124.60:135 | tcp | |
| TR | 5.47.124.61:135 | tcp | |
| TR | 5.47.124.62:135 | tcp | |
| TR | 5.47.124.63:135 | tcp | |
| TR | 5.47.124.64:135 | tcp | |
| TR | 5.47.124.65:135 | tcp | |
| TR | 5.47.124.66:135 | tcp | |
| TR | 5.47.124.67:135 | tcp | |
| TR | 5.47.124.68:135 | tcp | |
| US | 71.172.231.49:135 | tcp | |
| US | 71.172.231.50:135 | tcp | |
| US | 71.172.231.51:135 | tcp | |
| US | 71.172.231.52:135 | tcp | |
| US | 71.172.231.53:135 | tcp | |
| US | 71.172.231.54:135 | tcp | |
| US | 71.172.231.55:135 | tcp | |
| US | 71.172.231.56:135 | tcp | |
| US | 71.172.231.57:135 | tcp | |
| US | 71.172.231.58:135 | tcp | |
| US | 71.172.231.59:135 | tcp | |
| US | 71.172.231.60:135 | tcp | |
| US | 71.172.231.61:135 | tcp | |
| US | 71.172.231.62:135 | tcp | |
| US | 71.172.231.63:135 | tcp | |
| US | 71.172.231.64:135 | tcp | |
| US | 71.172.231.65:135 | tcp | |
| US | 71.172.231.66:135 | tcp | |
| US | 71.172.231.67:135 | tcp | |
| US | 71.172.231.68:135 | tcp | |
| TR | 5.47.124.69:135 | tcp | |
| TR | 5.47.124.70:135 | tcp | |
| TR | 5.47.124.71:135 | tcp | |
| TR | 5.47.124.72:135 | tcp | |
| TR | 5.47.124.73:135 | tcp | |
| TR | 5.47.124.74:135 | tcp | |
| TR | 5.47.124.75:135 | tcp | |
| TR | 5.47.124.76:135 | tcp | |
| TR | 5.47.124.77:135 | tcp | |
| TR | 5.47.124.78:135 | tcp | |
| TR | 5.47.124.79:135 | tcp | |
| TR | 5.47.124.80:135 | tcp | |
| TR | 5.47.124.81:135 | tcp | |
| TR | 5.47.124.82:135 | tcp | |
| TR | 5.47.124.83:135 | tcp | |
| TR | 5.47.124.84:135 | tcp | |
| TR | 5.47.124.85:135 | tcp | |
| TR | 5.47.124.86:135 | tcp | |
| TR | 5.47.124.87:135 | tcp | |
| TR | 5.47.124.88:135 | tcp | |
| US | 71.172.231.69:135 | tcp | |
| US | 71.172.231.70:135 | tcp | |
| US | 71.172.231.71:135 | tcp | |
| US | 71.172.231.72:135 | tcp | |
| US | 71.172.231.73:135 | tcp | |
| US | 71.172.231.74:135 | tcp | |
| US | 71.172.231.75:135 | tcp | |
| US | 71.172.231.76:135 | tcp | |
| US | 71.172.231.77:135 | tcp | |
| US | 71.172.231.78:135 | tcp | |
| US | 71.172.231.79:135 | tcp | |
| US | 71.172.231.80:135 | tcp | |
| US | 71.172.231.81:135 | tcp | |
| US | 71.172.231.82:135 | tcp | |
| US | 71.172.231.83:135 | tcp | |
| US | 71.172.231.84:135 | tcp | |
| US | 71.172.231.85:135 | tcp | |
| US | 71.172.231.86:135 | tcp | |
| US | 71.172.231.87:135 | tcp | |
| US | 71.172.231.88:135 | tcp | |
| TR | 5.47.124.89:135 | tcp | |
| TR | 5.47.124.90:135 | tcp | |
| TR | 5.47.124.91:135 | tcp | |
| TR | 5.47.124.92:135 | tcp | |
| TR | 5.47.124.93:135 | tcp | |
| TR | 5.47.124.94:135 | tcp | |
| TR | 5.47.124.95:135 | tcp | |
| TR | 5.47.124.96:135 | tcp | |
| TR | 5.47.124.97:135 | tcp | |
| TR | 5.47.124.98:135 | tcp | |
| TR | 5.47.124.99:135 | tcp | |
| TR | 5.47.124.100:135 | tcp | |
| TR | 5.47.124.101:135 | tcp | |
| TR | 5.47.124.102:135 | tcp | |
| TR | 5.47.124.103:135 | tcp | |
| TR | 5.47.124.104:135 | tcp | |
| TR | 5.47.124.105:135 | tcp | |
| TR | 5.47.124.106:135 | tcp | |
| TR | 5.47.124.107:135 | tcp | |
| TR | 5.47.124.108:135 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| US | 71.172.231.89:135 | tcp | |
| US | 71.172.231.90:135 | tcp | |
| US | 71.172.231.91:135 | tcp | |
| US | 71.172.231.92:135 | tcp | |
| US | 71.172.231.93:135 | tcp | |
| US | 71.172.231.94:135 | tcp | |
| US | 71.172.231.95:135 | tcp | |
| US | 71.172.231.96:135 | tcp | |
| US | 71.172.231.97:135 | tcp | |
| US | 71.172.231.98:135 | tcp | |
| US | 71.172.231.99:135 | tcp | |
| US | 71.172.231.100:135 | tcp | |
| US | 71.172.231.101:135 | tcp | |
| US | 71.172.231.102:135 | tcp | |
| US | 71.172.231.103:135 | tcp | |
| US | 71.172.231.104:135 | tcp | |
| US | 71.172.231.105:135 | tcp | |
| US | 71.172.231.106:135 | tcp | |
| US | 71.172.231.107:135 | tcp | |
| US | 71.172.231.108:135 | tcp | |
| TR | 5.47.124.109:135 | tcp | |
| TR | 5.47.124.110:135 | tcp | |
| TR | 5.47.124.111:135 | tcp | |
| TR | 5.47.124.112:135 | tcp | |
| TR | 5.47.124.113:135 | tcp | |
| TR | 5.47.124.114:135 | tcp | |
| TR | 5.47.124.115:135 | tcp | |
| TR | 5.47.124.116:135 | tcp | |
| TR | 5.47.124.117:135 | tcp | |
| TR | 5.47.124.118:135 | tcp | |
| TR | 5.47.124.119:135 | tcp | |
| TR | 5.47.124.120:135 | tcp | |
| TR | 5.47.124.121:135 | tcp | |
| TR | 5.47.124.122:135 | tcp | |
| TR | 5.47.124.123:135 | tcp | |
| TR | 5.47.124.124:135 | tcp | |
| TR | 5.47.124.125:135 | tcp | |
| TR | 5.47.124.126:135 | tcp | |
| TR | 5.47.124.127:135 | tcp | |
| TR | 5.47.124.128:135 | tcp | |
| US | 71.172.231.109:135 | tcp | |
| US | 71.172.231.110:135 | tcp | |
| US | 71.172.231.111:135 | tcp | |
| US | 71.172.231.112:135 | tcp | |
| US | 71.172.231.113:135 | tcp | |
| US | 71.172.231.114:135 | tcp | |
| US | 71.172.231.115:135 | tcp | |
| US | 71.172.231.116:135 | tcp | |
| US | 71.172.231.117:135 | tcp | |
| US | 71.172.231.118:135 | tcp | |
| US | 71.172.231.119:135 | tcp | |
| US | 71.172.231.120:135 | tcp | |
| US | 71.172.231.121:135 | tcp | |
| US | 71.172.231.122:135 | tcp | |
| US | 71.172.231.123:135 | tcp | |
| US | 71.172.231.124:135 | tcp | |
| US | 71.172.231.125:135 | tcp | |
| US | 71.172.231.126:135 | tcp | |
| US | 71.172.231.127:135 | tcp | |
| US | 71.172.231.128:135 | tcp | |
| TR | 5.47.124.129:135 | tcp | |
| TR | 5.47.124.130:135 | tcp | |
| TR | 5.47.124.131:135 | tcp | |
| TR | 5.47.124.132:135 | tcp | |
| TR | 5.47.124.133:135 | tcp | |
| TR | 5.47.124.134:135 | tcp | |
| TR | 5.47.124.135:135 | tcp | |
| TR | 5.47.124.136:135 | tcp | |
| TR | 5.47.124.137:135 | tcp | |
| TR | 5.47.124.138:135 | tcp | |
| TR | 5.47.124.139:135 | tcp | |
| TR | 5.47.124.140:135 | tcp | |
| TR | 5.47.124.141:135 | tcp | |
| TR | 5.47.124.142:135 | tcp | |
| TR | 5.47.124.143:135 | tcp | |
| TR | 5.47.124.144:135 | tcp | |
| TR | 5.47.124.145:135 | tcp | |
| TR | 5.47.124.146:135 | tcp | |
| TR | 5.47.124.147:135 | tcp | |
| TR | 5.47.124.148:135 | tcp | |
| US | 71.172.231.129:135 | tcp | |
| US | 71.172.231.130:135 | tcp | |
| US | 71.172.231.131:135 | tcp | |
| US | 71.172.231.132:135 | tcp | |
| US | 71.172.231.133:135 | tcp | |
| US | 71.172.231.134:135 | tcp | |
| US | 71.172.231.135:135 | tcp | |
| US | 71.172.231.136:135 | tcp | |
| US | 71.172.231.137:135 | tcp | |
| US | 71.172.231.138:135 | tcp | |
| US | 71.172.231.139:135 | tcp | |
| US | 71.172.231.140:135 | tcp | |
| US | 71.172.231.141:135 | tcp | |
| US | 71.172.231.142:135 | tcp | |
| US | 71.172.231.143:135 | tcp | |
| US | 71.172.231.144:135 | tcp | |
| US | 71.172.231.145:135 | tcp | |
| US | 71.172.231.146:135 | tcp | |
| US | 71.172.231.147:135 | tcp | |
| US | 71.172.231.148:135 | tcp | |
| TR | 5.47.124.149:135 | tcp | |
| TR | 5.47.124.150:135 | tcp | |
| TR | 5.47.124.151:135 | tcp | |
| TR | 5.47.124.152:135 | tcp | |
| TR | 5.47.124.153:135 | tcp | |
| TR | 5.47.124.154:135 | tcp | |
| TR | 5.47.124.155:135 | tcp | |
| TR | 5.47.124.156:135 | tcp | |
| TR | 5.47.124.157:135 | tcp | |
| TR | 5.47.124.158:135 | tcp | |
| TR | 5.47.124.159:135 | tcp | |
| TR | 5.47.124.160:135 | tcp | |
| TR | 5.47.124.161:135 | tcp | |
| TR | 5.47.124.162:135 | tcp | |
| TR | 5.47.124.163:135 | tcp | |
| TR | 5.47.124.164:135 | tcp | |
| TR | 5.47.124.165:135 | tcp | |
| TR | 5.47.124.166:135 | tcp | |
| TR | 5.47.124.167:135 | tcp | |
| TR | 5.47.124.168:135 | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a15dea0d79ea8ba114ad8141d7d10563 |
| SHA1 | 9b730b2d809d4adef7e8b68660a05ac95b5b8478 |
| SHA256 | 0c4dd77399040b8c38d41b77137861002ef209c79b486f7bbdb57b5834cd8dbf |
| SHA512 | 810fc1fb12bceae4ca3fad2a277682c2c56f0af91a329048adbeb433715b1f707927274e3e4a4479222f578e8218663533440c71b22c49735a290f907cc0af1f |
\??\pipe\LOCAL\crashpad_4016_NHTHGICSYZELMIAQ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 506e03d65052f54028056da258af8ae6 |
| SHA1 | c960e67d09834d528e12e062302a97c26e317d0e |
| SHA256 | b26d2695dfe8aed4d0d67d11b46d4542c3c9c8964533404dfe32ce7a3e6cfb98 |
| SHA512 | 15da55267433c41febebbe48983023293c6d436f89a56138cef1cea7deb5cdd7d4bcf58af12835e1152a8ec59e08cfc965e521eb54eed47fe44e1f4c2d1557a4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 10a509c28456995fe212acc47a54892e |
| SHA1 | 7a3eaa8d0088b017547ba25812d29030d7f9baf8 |
| SHA256 | a63bbbce42914f5c4c66b37fd2b895faf25d549f818fd1214ae1e9b88e27d7a3 |
| SHA512 | 5f7de94381c6731d020c7ec6831d945295b4febdd0b671a79649c3af86ac6e28b4ce9e595fc7e2917c0e337dd4c12e13645320048b7d130a8e6cad5a3a5c35f4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4769f9c48cef25119a1832fdb6e18a7c |
| SHA1 | d2f5e9576e50990fcc68d10c6bc545b22eed4dad |
| SHA256 | 27abc87def51665ff325873b1a36c219328d32c70ac8e855a510ac0e6f44bd2f |
| SHA512 | 3d8816c5c2ed468a900a4cc3cadb3728ef5c2444f60dc908537010d4ed9f58ddcd24fd76401fcd53bead6421b83fc17668043cc4f9c8c0268ac403f15bc5cdf8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 17b3badd8eecfbc98ad2c152e1d87ca9 |
| SHA1 | eb5251fca1729201e1ec94d1255646ddd09b866e |
| SHA256 | 87187ddeef6579e79d35a739410f2dd53bfec23ec04f7da9c3f1281259bd3af2 |
| SHA512 | 16a501910113cf8bf2fb1a40e548fcb6b5f1dbf79284b286972cea3daf284c8cfc1a250fcdb832e98d87dd7ddcd8ba4354e09c13cfd849b4a2186faa7d254806 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1538330f34d422aab2f87b6997836b0c |
| SHA1 | 8a3c8c7d42c6a875e84a81f81f8267be15d2c2ff |
| SHA256 | 0159ee86ee7cb820a18fe86a82c43114bd3cb0235cbe1c0318cb59d392dab022 |
| SHA512 | b1f0b98a61ad363f0167ea6094df52244a5e953efeb04cb422d2cbd27307d614713ea8deb68146098090df6beadb595a89c11a764dfe4a14940d37ab6efa88ff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2785db358edfe12c2297165df27bfcb2 |
| SHA1 | 6364e43c0ef7caa659c69aa2398d4df26a120c25 |
| SHA256 | 96ad17cfb10d42ed556c465c7bbc73cd609744a98b93e043ccc08469ac79d6fc |
| SHA512 | 3d11e46a92c7fa7e6287bcff429d0653e3f400ccfd413b37d81db8eb69a649cf489bf7fd8d0cff23cb001b2da7b6c88bcbc232ab355fd4b364d028a579676e91 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5b55ec.TMP
| MD5 | 1e1e1da3f3f167aba7cec9c8e1a031c8 |
| SHA1 | c5ce2cf7f7ed8401313c41de79b037abd40bf200 |
| SHA256 | 4aa282386ecf6aa65e50ba22f8b56324cd00348e832aea9411309fe60309aea0 |
| SHA512 | 3b3bdda49246f7990a1e531487ac2d9a72184ac48f2a4ad79253d27a5a5143a276774d2634fd21105879b86b1829db5eea3562b65e25a9d24afb750f87b6d744 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 01ec8e93728dbe6ec5f67cf2b61bc95f |
| SHA1 | 0eb956ddfccbc969f048cbd496d1c8b7470e84ea |
| SHA256 | 0de9b1654c748b6f15f3cc1510de672985266a3a637d1a2935f1c65b577463a4 |
| SHA512 | 9053897b4e70cde9fc3ecc784619b0483548792f17d1b05de1529775c5dd5ba9924faa0ec31af79497684f36cda57c5c2f36882f4d8d462627dbc3b206549bfb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 46578d85d9150aee40cbcfaa21e12d55 |
| SHA1 | 0c43c2846c013b9b66f8e6bdd05964b335bd8b9f |
| SHA256 | c1e6b65b2a952e8b9cbbe977e3c4c75743fc4e7807ace97c203f96406c23911d |
| SHA512 | 9c007af44aa1a36babaf18d87a39e8b2b9282af4b9898c8d86bff7ae831fc7716977c59eb1243b69339021fb1e94c42cdf62a65d9619d10b4f244dd12cd035a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033
| MD5 | 2a8a0496c0022a0e67d77d3446340499 |
| SHA1 | ed76b29d574b4dbfa9e5dd3e21147148a310258e |
| SHA256 | f348937ab6c6d9835af1f55e3f1d3c51197dc1c071630611ebc6d44834fc44e9 |
| SHA512 | d3767a8eafe019a15c2142d1160271ecc62f6e7d5623c0ae5fade269c8c9cf7de3b80678ed64bb9546bcf4d80fa66e11cacd19f2a7e295a6fec2a64ec8068c5c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032
| MD5 | d6b36c7d4b06f140f860ddc91a4c659c |
| SHA1 | ccf16571637b8d3e4c9423688c5bd06167bfb9e9 |
| SHA256 | 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92 |
| SHA512 | 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034
| MD5 | 2e86a72f4e82614cd4842950d2e0a716 |
| SHA1 | d7b4ee0c9af735d098bff474632fc2c0113e0b9c |
| SHA256 | c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f |
| SHA512 | 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035
| MD5 | 710d7637cc7e21b62fd3efe6aba1fd27 |
| SHA1 | 8645d6b137064c7b38e10c736724e17787db6cf3 |
| SHA256 | c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b |
| SHA512 | 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031
| MD5 | 1d9097f6fd8365c7ed19f621246587eb |
| SHA1 | 937676f80fd908adc63adb3deb7d0bf4b64ad30e |
| SHA256 | a9dc0d556e1592de2aeef8eed47d099481cfb7f37ea3bf1736df764704f39ddf |
| SHA512 | 251bf8a2baf71cde89873b26ee77fe89586daf2a2a913bd8383b1b4eca391fdd28aea6396de3fdff029c6d188bf9bb5f169954e5445da2933664e70acd79f4e3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036
| MD5 | b38fbbd0b5c8e8b4452b33d6f85df7dc |
| SHA1 | 386ba241790252df01a6a028b3238de2f995a559 |
| SHA256 | b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd |
| SHA512 | 546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037
| MD5 | 74c0a9aceda2547c4b5554c0425b17ba |
| SHA1 | d5d2355e5919dcf704192787f4b2fbb63b649b0f |
| SHA256 | 3b9e3adb939801b9ada1ce67afc7decef4538c016c78113697b89a35a295dd8d |
| SHA512 | e178dce4a59cf184bcca3523e687092f4edc2a3c7af4eddf1ca1965ca06347eadf8901f851260264c14fa052331b2d1aeef2a6b9048b87758617285c9650b479 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5da7005b3113ea74c6a769bac624abc4 |
| SHA1 | fcd1ffc59f0091e03da373bd0bfd8a3ad77b83b2 |
| SHA256 | 55d2f000fb62cd78877dcbe4d5ee28650b224980d80c719cc9ed2a43dbea97cc |
| SHA512 | dfdb64f76035fd693ab1cdd83a71ce58799ea89900f75532b1620dd3cabb399ecafc5dae768cbbe5068820a39b28281115d27f1d300a3a48b2290efdd6d8cabf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 53b0eb0dd2d887115e3f336ba3d8c146 |
| SHA1 | 027117960ced8e5a710143dbd69d09234bc2ffc2 |
| SHA256 | a60af278e3d34f9e09bb35789b82d3d4209ebe933973db19d0a55490400d6112 |
| SHA512 | 6befe8785f46e57eaa78217c4f0a0c83b27c61b9cbd7d8bfa1f320426ff4836a1a8aa8c9b475daa1abca48223f6c174722c9b0895ed5ab7d76b363dfbfe8656b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 7d2949538d2b228937f65ae152ac44ad |
| SHA1 | 0b9684bcffa3ae4803ac6d03125d7778b44866c7 |
| SHA256 | ad03c2a7c4f41b4874529f64b6743408a5151480cdd0b4e11e97f2d9d02ada0d |
| SHA512 | d299045c29ad661d908bbfbfaac7dfe708d1ded218a679b18239bb3aff2c2e16c56f09a3e5891468fe67a247964b6c5fc74fc9f097651e565e4d79cd042d35ae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a
| MD5 | b07f576446fc2d6b9923828d656cadff |
| SHA1 | 35b2a39b66c3de60e7ec273bdf5e71a7c1f4b103 |
| SHA256 | d261915939a3b9c6e9b877d3a71a3783ed5504d3492ef3f64e0cb508fee59496 |
| SHA512 | 7358cbb9ddd472a97240bd43e9cc4f659ff0f24bf7c2b39c608f8d4832da001a95e21764160c8c66efd107c55ff1666a48ecc1ad4a0d72f995c0301325e1b1df |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039
| MD5 | 209af4da7e0c3b2a6471a968ba1fc992 |
| SHA1 | 2240c2da3eba4f30b0c3ef2205ce7848ecff9e3f |
| SHA256 | ecc145203f1c562cae7b733a807e9333c51d75726905a3af898154f3cefc9403 |
| SHA512 | 09201e377e80a3d03616ff394d836c85712f39b65a3138924d62a1f3ede3eac192f1345761c012b0045393c501d48b5a774aeda7ab5d687e1d7971440dc1fc35 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 025b79325947ff87baa4f16fb8ba3ebf |
| SHA1 | db7f24e9ff1ad2d0f368c7204da1147bc2bd1474 |
| SHA256 | 1c8fef70fb6302e0222026b636a7af7d66e1831db7acc5d5c57a207864b5c2fa |
| SHA512 | 1a7b2049ee00fe840a34155eebd4470375827b2590b7fe8e0be17837632288c9fdd7c6fd51f131b9462cdf8e9b605f0afe01f3945a2a0c27a389d927c03e67cb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 16bccdefddb58d167fb254e48baffa0f |
| SHA1 | 452d38b9e1b542571b95a765af6a68031c875f04 |
| SHA256 | 703a011d2a2fb62b029b0587dbe229ab32bef8b2c5f425db1e3ad3df6135952c |
| SHA512 | 357abaf574ed430ce78845e539f60729920d464ede9ed80c02e47f89b9e9e47654115163679c3df2dbd9330729eb779e8b23b2ab09b622ae6db085aaafc83c9c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c8885739febaada234d1fd9014cc4a2c |
| SHA1 | 7728d5068728c50b7bfaa4a98b64f1b7bc0b9999 |
| SHA256 | e57bd8d795beff6e2ec223e191537b58d11eebad771ca9b9b9880f9348ea09d2 |
| SHA512 | 3e7f29c0450571a0b9c72bfa441fb31c1b3134d788b17652e5c7c28e43fe44e8078b307620bae8a1b46e3b44dd5d75f8d21ec147e80c1a408b4b7b225a234a77 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d65e36d657d4b0e430db2148c5bb85fb |
| SHA1 | a1892e49a842f408c9a073dca1f827b46f466427 |
| SHA256 | bccb6eaa624625b83c90264b8df79d6759ba173c5613b747cd99933692680727 |
| SHA512 | 6308fb2c29753504f2cbb09b306cf9d9b5c98a94842303fd7052079afe27df089e197f4c479d0856e699464b5f2aab978288e46ecf41fffb2eb7b3afcbec8b19 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000054
| MD5 | 1d9045870dbd31e2e399a4e8ecd9302f |
| SHA1 | 7857c1ebfd1b37756d106027ed03121d8e7887cf |
| SHA256 | 9b4826b8876ca2f1378b1dfe47b0c0d6e972bf9f0b3a36e299b26fbc86283885 |
| SHA512 | 9419ed0a1c5e43f48a3534e36be9b2b03738e017c327e13586601381a8342c4c9b09aa9b89f80414d0d458284d2d17f48d27934a6b2d6d49450d045f49c10909 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5a0812f9c6b87066589a0a4e8a216698 |
| SHA1 | 0fd38bb1e89cfd315e3b105898330249511c538a |
| SHA256 | 606669ab65c59e60ed543b1945b3f425a3105840717d4496d9d5edefb9833316 |
| SHA512 | a47d4b42b27426fc03ec250c44abf38a7a5cf1e431bfca77b4750ae0951c6d49bbd455f713fc77068bae1bc22d5a6fd4abbe8577d2cc8f97d9fa8770e360f69c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 1b3aa2fc150d7b0cf68a6ed19f011eb9 |
| SHA1 | acf3ee119482e203ed7b644189b8bd36aba50bbe |
| SHA256 | aea76f972a718d0a66acff2fc5bb68ddecaf58c86970dffd17f96c4649d37cb7 |
| SHA512 | 3e348dfecc953162314b4f6e4aecda3d97609e4c1a27fd9dfb3f2ecd24a223465b40b1968c2301f958b1593ab71bfac313b2143da507c6103dee62a1eae1134f |
memory/1124-1135-0x000000001BBF0000-0x000000001C0BE000-memory.dmp
memory/1124-1137-0x000000001B5D0000-0x000000001B676000-memory.dmp
memory/1124-1138-0x000000001C130000-0x000000001C192000-memory.dmp
memory/3864-1140-0x0000000000400000-0x0000000000420000-memory.dmp
memory/5052-1141-0x0000000000400000-0x000000000040C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\uRClgZblR.txt
| MD5 | 502984a8e7a0925ac8f79ef407382140 |
| SHA1 | 0e047aa443d2101eb33ac4742720cb528d9d9dba |
| SHA256 | d25b36f2f4f5ec765a39b82f9084a9bde7eb53ac12a001e7f02df9397b83446c |
| SHA512 | 6c721b4ae08538c7ec29979da81bc433c59d6d781e0ce68174e2d0ca1abf4dbc1c353510ce65639697380ccd637b9315662d1f686fea634b7e52621590bfef17 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 60a92b07f3f536a1a399ef60329cfc96 |
| SHA1 | 9336e2d22ad001d78e81cae9a47a472bf4d4b38e |
| SHA256 | 8c98bf69ce69ab7ea4e24c4175886acbbea5aefe15ea773ea5fc4df3fc1f175b |
| SHA512 | 6005b746bde61b672109e0da87064d99f1aec73cbb2e9a7cc0a1e20215d0744fd5b0fd99d4c88724a74a121ba1cd10425494f45d7d62f667711c1ef6b737d454 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b48e9cf64b538cb5ad8cf5fb7da835d0 |
| SHA1 | 2896ea0f6e1e6e7fbe122b2489daf52d2969fd5d |
| SHA256 | e0a5b8dc2987c1baa58740bedbbdd00b8eb26572e3a96a37997e080733367761 |
| SHA512 | 0a3efa20c92cb500daaca9047b4980ec27b64e2e9541481e4c9fe61a4ae0e226261004ff7a372b1ee301b898eca5646bac86671a82a40b7269b73d7c6315665d |
C:\Users\Admin\Downloads\Unconfirmed 89688.crdownload
| MD5 | 70f549ae7fafc425a4c5447293f04fdb |
| SHA1 | af4b0ed0e0212aced62d40b24ad6861dbfd67b61 |
| SHA256 | 96425ae53a5517b9f47e30f6b41fdc883831039e1faba02fe28b2d5f3efcdc29 |
| SHA512 | 3f83e9e6d5bc080fb5c797617078aff9bc66efcd2ffac091a97255911c64995a2d83b5e93296f7a57ff3713d92952b30a06fc38cd574c5fe58f008593040b7f0 |
C:\Users\Admin\AppData\Local\Temp\zipw1abo.cmdline
| MD5 | 1b70f2300732563c194ffb9394b39574 |
| SHA1 | b5d221629e773d993e1fa2eca8508b2f777f54aa |
| SHA256 | c82fff507994c663b060fa3c51164685cf732dd277c7c7853c6606e11c84ce59 |
| SHA512 | ee6b081ccfab01368c42cdaa2ed74b95fbd3b47e9305f02f7e239112171280140d62b7b394cfb55e7f69984cf52ccae1d0441086e27f9bd8f4062c9de24e15a3 |
C:\Users\Admin\AppData\Local\Temp\zipw1abo.0.vb
| MD5 | e4a08a8771d09ebc9b6f8c2579f79e49 |
| SHA1 | e9fcba487e1a511f4a3650ab5581911b5e88395d |
| SHA256 | ef4c31d167a9ab650ace2442feeec1bf247e7c9813b86fbea973d2642fac1fb6 |
| SHA512 | 48135e0de7b1a95d254ae351ccac0cb39c0d9a46c294507e4bf2b582c780c1b537487161396dd69584c23455950f88512e9931dbff4287c1072938e812a34dd1 |
C:\ProgramData\svchost\vcredist2010_x64.log-MSI_vc_red.msi.ico
| MD5 | fde1b01ca49aa70922404cdfcf32a643 |
| SHA1 | b0a2002c39a37a0ccaf219d42f1075471fd8b481 |
| SHA256 | 741fe085e34db44b7c8ae83288697fab1359b028411c45dab2a3ca8b9ea548a5 |
| SHA512 | b6b4af427069602e929c1a6ce9d88c4634f0927b7292efb4070d15fb40ce39fc5ce868452dcd5642b2864730502de7a4c33679c936beb1a86c26a753d3f4dc25 |
C:\Users\Admin\AppData\Local\Temp\vbc8CAACB8FE1984209A5B4AB13BE6FC6A.TMP
| MD5 | 249d49f34404bfbe7ed958880be39f61 |
| SHA1 | 51ec83fb9190df984bf73f2c5cd1edc0edf1882a |
| SHA256 | fcb5a4d24f24fbeaf4dc9d8e29f2701b2bb71411acb13c4fa67fe7025892912b |
| SHA512 | 082f47f59b9184dd6c88f64214e10b82656a09c5a5cf3f0eccbf7935505db473eeb9a395cb5b59ec5009e731f2aa1891670c94ff6315a0b2d4fcc0392cff0e98 |
C:\Users\Admin\AppData\Local\Temp\RESFA07.tmp
| MD5 | fd1c217999ad59d40f62126b9cbcf526 |
| SHA1 | aca3f9b8a0c21543519fe263120bcac8aaaa2ce9 |
| SHA256 | 2494c8ec5254c06760c1a36f06ac63359e476c54b74f42affe44449a8cc6c44b |
| SHA512 | b134bd72a08fa6a3f48ab7f6431c9a305c8e11641604cd4205be969d80d67e03159c2274e3539ccf8dab98bf1c994cb2acf903f1757304631e6c72fe0781d6e2 |
C:\Users\Admin\AppData\Local\Temp\ioqf4x0k.cmdline
| MD5 | 19aba1457098a429435d96ca3e8b94dc |
| SHA1 | cbac4c98ba641768e786d5a75d20bb0554410d66 |
| SHA256 | 645d73398e4813bc5775e43800fbcf405956802541da734566dd1462704f5064 |
| SHA512 | aada2fa4fa6cdf2549b4f26907860e3d20fc28529da1c4ae3f45dadf11370661f73e9bf4a508d9ef934c9f3a5b8de1ae80164af262ba92c556517e1a62bd47cd |
C:\Users\Admin\AppData\Local\Temp\ioqf4x0k.0.vb
| MD5 | acd609faf5d65b35619397dc8a3bc721 |
| SHA1 | ba681e91613d275de4b51317a83e19de2dbf1399 |
| SHA256 | 4cfd86d51d0133dda53ba74f67ffe1833b4c0e9aae57afe2405f181fc602f518 |
| SHA512 | 400ffd60ce7201d65e685734cea47a96abca58ca2babda8654b1d25f82d2766ca862a34f46c827249a4dc191d48f56005a9f242765d7becdda1344b8741a9d8c |
C:\ProgramData\svchost\vcredist2010_x64.log.ico
| MD5 | bb4ff6746434c51de221387a31a00910 |
| SHA1 | 43e764b72dc8de4f65d8cf15164fc7868aa76998 |
| SHA256 | 546c4eeccca3320558d30eac5dc3d4726846bdc54af33aa63ac8f3e6fc128506 |
| SHA512 | 1e4c405eca8d1b02147271095545434697d3d672310b4ea2ecca8715eaa9689be3f25c3d4898e7a4b42c413f258eda729a70f5ad8bc314a742082b5a6a8e9ff1 |
C:\Users\Admin\AppData\Local\Temp\vbcCFB7D68EBD324713A3816F68378EFD6F.TMP
| MD5 | abeaa4a5b438ffa58d07d9459e5c1d6c |
| SHA1 | 69631de7891162dd4840112a251f6531feae7509 |
| SHA256 | ce174412cb2889bbf162b7ebe4476da5a9c928ba5b13111d338753ccc4c0f5fd |
| SHA512 | c9cae8bcc14661e993d97a3c7b658310a8b9c19044817589f92eab66f1bcfcecb3468b0de8b45cd68e218c23cd9c60aeef1d391af36ec03afab5c8b86d7937d4 |
C:\Users\Admin\AppData\Local\Temp\RESFAC3.tmp
| MD5 | 7cf3bf0ae67b740bb79b01f4c793d3c1 |
| SHA1 | 9b42c7d49cd484fc4517311dd3dd62305effed26 |
| SHA256 | 97712384b49f535c256ce94bb0d2f63e8d6c31d8e1fbfa667e2ca4cfe87c1faf |
| SHA512 | 68d4a0e2e4df790cd328f43902046b3d653046e601bae15f6450f5752df4e20bac4fee8661e0206d2178b9cc61d90828d0f14b6260b92b057a709586c84bd54d |
C:\Users\Admin\AppData\Local\Temp\e9em0fiw.cmdline
| MD5 | 296108d2869e1a13ec7fad333479fa8e |
| SHA1 | 561092d2d5855f37774b5d8341ec8a2bae4b8817 |
| SHA256 | dcf72b4b84deaa720101b1fc81fb7ec3a48b200fcb2cfd55a21c01985dd64e4c |
| SHA512 | 2299dd086a3f443d4ec2c7220ca5d0956ed06a4adc7832ebadc3febd60f8d3ba224eba62b5991e9ad1d1ea5abbcb3aff0cc7d97549059e420d8d62fc86b18899 |
C:\Users\Admin\AppData\Local\Temp\e9em0fiw.0.vb
| MD5 | 83f6067bca9ba771f1e1b22f3ad09be3 |
| SHA1 | f9144948829a08e507b26084b1d1b83acef1baca |
| SHA256 | 098cd6d0243a78a14ce3b52628b309b3a6ac6176e185baf6173e8083182d2231 |
| SHA512 | b93883c7018fdd015b2ef2e0f4f15184f2954c522fd818e4d8680c06063e018c6c2c7ae9d738b462268b0a4a0fe3e8418db49942105534361429aa431fb9db19 |
C:\Users\Admin\AppData\Local\Temp\vbc4B5FE0CD4834A4AA2B8AC25E27AD6D.TMP
| MD5 | d01de1982af437cbba3924f404c7b440 |
| SHA1 | ccbd4d8726966ec77be4dbe1271f7445d4f9b0ce |
| SHA256 | 518d9922618db6eea409cee46b85252f0d060b45c2f896cb82eeca22eb715598 |
| SHA512 | a219cd3df17bcf16cb57bdeea804e206a60be50084e2cb99d6d5e77d88957d79535d110b34735a4b549d3fcae528cdff8bfa5286582028ef22e8b4d60e146878 |
C:\Users\Admin\AppData\Local\Temp\RESFB4F.tmp
| MD5 | f05c04acd171db2084c096be31d3bdf1 |
| SHA1 | fa2d4b6db75936e58590ca82d5b74c79dbd8499a |
| SHA256 | 2d5074ec7dd35e7ce0c382cbfac50d086fc3cf8932e2bbb8403ec566d9f26211 |
| SHA512 | 2d1c1632f68a053b8c7c1cfd50585f98dba87aab1b2fed8968c0d66ef867ef3784cebafbd69d8980f9da3f121d314c5fe2891c9540b036c6ed1a1a63605a9354 |
C:\Users\Admin\AppData\Local\Temp\5lgx21s2.cmdline
| MD5 | d48df0ce0e715e8ebf2eab2fc27f7b28 |
| SHA1 | 85c5d4ea4c28373b6f92732542f2041602fb1211 |
| SHA256 | d5e6ce8df29e40b7ea1a0040050c5c91b641e2ba8418eeef11e99c07d8845946 |
| SHA512 | bc0a7f1332f10a79c9ecd7a7b7bf16e47163c3cb08dcf658074283b030c8a57c8a1a56013829c3d1a6f7c53a82f9178a9250cf97f6c83907f105371542a2b944 |
C:\Users\Admin\AppData\Local\Temp\5lgx21s2.0.vb
| MD5 | 6e4e3d5b787235312c1ab5e76bb0ac1d |
| SHA1 | 8e2a217780d163865e3c02c7e52c10884d54acb6 |
| SHA256 | aec61d3fe3554246ea43bd9b993617dd6013ad0d1bc93d52ac0a77410996e706 |
| SHA512 | b2b69516073f374a6554483f5688dcdb5c95888374fb628f11a42902b15794f5fa792cf4794eae3109f79a7454b41b9be78296c034dd881c26437f081b4eaea8 |
C:\Users\Admin\AppData\Local\Temp\vbc577095179CB4E3F89238E21B43426E1.TMP
| MD5 | d56475192804e49bf9410d1a5cbd6c69 |
| SHA1 | 215ecb60dc9a38d5307acb8641fa0adc52fea96c |
| SHA256 | 235e01afd8b5ad0f05911689146c2a0def9b73082998ac02fd8459682f409eee |
| SHA512 | 03338d75dd54d3920627bd4cb842c8c3fefad3c8130e1eeb0fa73b6c31b536b3d917e84578828219b4ffd2e93e1775c163b69d74708e4a8894dd437db5e22e51 |
C:\Users\Admin\AppData\Local\Temp\RESFBDC.tmp
| MD5 | c4c16dda146238bc0d6c82b60b2fb9e5 |
| SHA1 | 1eb112507fb0b4eefc0d7b5410024468519823a2 |
| SHA256 | 7385c9c7f5cd39f2f627894d68cb6cd0a4d2e1af4bc0158aafcb0d7fce6dc40a |
| SHA512 | 70249459ffb5ad911ccb86f7af5c486a5d7e533d1311a3698ae59bef8b5ddf7a9a6830693544748b8b22b5853d6652d403d475d16bd2ed41ed0644880157260b |
C:\Users\Admin\AppData\Local\Temp\kfzd4tp6.cmdline
| MD5 | ceb9d4ac2fe1cc5cc07d803791698d10 |
| SHA1 | 301d8a3ee6db4382fb416635eeac05300ac8f5ca |
| SHA256 | 08d053a4fa688009936b32e1b05a81722ade45afd295ef21b72182fc49f123df |
| SHA512 | 9343aab62b52a8144cb745293ad2e396e47cd359a544d7b99fe5101c874dcaa149ccefe09b114cf4a0362bfbe0485f6ede427bc0b80e785fdd3acf601d73770b |
C:\Users\Admin\AppData\Local\Temp\kfzd4tp6.0.vb
| MD5 | 197e7c770644a06b96c5d42ef659a965 |
| SHA1 | d02ffdfa2e12beff7c2c135a205bbe8164f8f4bc |
| SHA256 | 786a6fe1496a869b84e9d314cd9ca00d68a1b6b217553eff1e94c93aa6bc3552 |
| SHA512 | 7848cdc1d0ec0ca3ec35e341954c5ca1a01e32e92f800409e894fd2141a9304a963ada6a1095a27cc8d05417cd9c9f8c97aed3e97b64819db5dd35898acac3b7 |
C:\Users\Admin\AppData\Local\Temp\vbc471EC9589E9041DA938235B8C96A291.TMP
| MD5 | 2f97904377030e246bb29672a31d9284 |
| SHA1 | b6d7146677a932a0bd1f666c7a1f98f5483ce1f9 |
| SHA256 | 7e033003d0713f544de1f18b88b1f5a7a284a13083eb89e7ce1fe817c9bb159f |
| SHA512 | ddf2c3a3ec60bed63e9f70a4a5969b1647b1061c6ff59d3b863771c8185904d3937d1f8227f0e87572329060300096a481d61e8dc3207df6fe0568da37289f54 |
C:\Users\Admin\AppData\Local\Temp\RESFC59.tmp
| MD5 | 8dec1ce846875d72c6d47731f03ea0af |
| SHA1 | 4765bee4bb1296bd8c7aba3f88dd0255adab70c7 |
| SHA256 | c8a04e42010efbf6020c16215b71c8a288885fdb90fd64faa0ec9d5922dd5418 |
| SHA512 | e8b280136070bc21edb386d19913c40f20fa28a7412eb169436cb18595db4c080ac9593a55c3d9decfe856b4d7d3bb9536177cc6d4a84f05cd397fa6435b945d |
C:\Users\Admin\AppData\Local\Temp\cpwaqokg.cmdline
| MD5 | 907de00fb871e2972deddf70d4f3e5e9 |
| SHA1 | 7c1dacc4415a4b69b3901ba1caf5ef8feed179f4 |
| SHA256 | 37b94e1767a8634dd472678da93873a941830312cd00763dbeb3241775fcbb64 |
| SHA512 | 37f04ba523638752beca0dd39319fb2b15c21c8d5eee7e6a7e7c9c333fc1c1ab1c2e765076bb529fdab2781632b5d1df74aaa312af2ee19e9db3cdbce3bf7130 |
C:\Users\Admin\AppData\Local\Temp\cpwaqokg.0.vb
| MD5 | 7a8e43324d0d14c80d818be37719450f |
| SHA1 | d138761c6b166675a769e5ebfec973435a58b0f4 |
| SHA256 | 733f757dc634e79bdc948df6eff73581f4f69dd38a8f9fafae1a628180bf8909 |
| SHA512 | 7a84dbe0f6eebdc77fd14dd514ed83fb9f4b9a53b2db57d6d07c5ff45c421eac15fdc5e71c3bc9b5b5b7c39341d8e3157a481d9dacefe9faff092478a0cea715 |
C:\Users\Admin\AppData\Local\Temp\vbc82544E8F6EEE4DFCA8EA41323ED37DC.TMP
| MD5 | 5fb831248c686023c8b35fa6aa5f199c |
| SHA1 | 39760507c72d11c33351b306e40decaad7eb2757 |
| SHA256 | d062acbeea69acb031b014cff19bed988cf9df34c230ee23d494457461b41908 |
| SHA512 | 2244f84bff19e1f43a245569d03712ab62a9655bc6f3eb4ae78ca3472ddfc6ad7950dc76d10cdc1c7b2235a9045582554c200e93c3cd34c18e494ed60dd3b3ea |
C:\Users\Admin\AppData\Local\Temp\RESFD05.tmp
| MD5 | 3f3854927ada121a84f38f0dfe63f0a6 |
| SHA1 | ca06b7905e470791e9bf7bb6a9cfce5534a88302 |
| SHA256 | 65957891e6f37785e2b6c33e66469e7a4119b96adc2183b7062ae065b0551107 |
| SHA512 | e7dd70a7e4d41d9aef38e37c33adabac54e8fdef8b99c68f4b334399d3cfad47b6d10729493fb293aacadadd46dc04f146003fce7327e0bc6f86a3951dc18bab |
C:\Users\Admin\AppData\Local\Temp\05z0t5y3.cmdline
| MD5 | 745611612de6b63ac95f0b91e7aba81f |
| SHA1 | 227d50da47e1144570f857467a436aaadf9bca4b |
| SHA256 | 3b60436aad2957e385a2bcced7768053088ee16c29562d6e155259633d5cac81 |
| SHA512 | 02b5b08f8cc36ac0fe7e58c2d1833d7d8c50372d5e88b72016678f1fe3465d39f5d2e885ce85788d8bc8984ceb1023512213381475fcfb5026bd43bb62a6f6b6 |
C:\Users\Admin\AppData\Local\Temp\05z0t5y3.0.vb
| MD5 | 7d0d85a69a8fba72e1185ca194515983 |
| SHA1 | 8bd465fb970b785aa87d7edfa11dbff92c1b4af6 |
| SHA256 | 9f78b435099106c2c3486c5db352f7d126b3532c1b4e8fe34ef8931c7b8968d5 |
| SHA512 | e5ef339dc329dbba2ab06678a9e504aa594d2f21ade45e49bccd83a44a76dc657f5f44dcf368f4d112bb3b01af2e577a487c6078751943770e90780fad202989 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 17a647909a0ded6abb13b8061ef8019a |
| SHA1 | d00aca5b756b49a15f793b25a4738c793031145d |
| SHA256 | 21326d9c71e0db8eb566a0b04e0aca0fab658b0be5decb5d425b17363e1034bd |
| SHA512 | 13c32eef8fdbf306c0779fa8658c530bf7f8f201369900b5ec09fbd6f859dbfa09f9294b2fd1fd4f4516963681ec1ba7637d7e95a5becabe9607d800965c20ea |
F:\svchost\svchost.exe:SmartScreen
| MD5 | 4047530ecbc0170039e76fe1657bdb01 |
| SHA1 | 32db7d5e662ebccdd1d71de285f907e3a1c68ac5 |
| SHA256 | 82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750 |
| SHA512 | 8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | dd64bc490428170133299f0fa5387101 |
| SHA1 | a5923c05c661b54786d8cf17918c8302946f39a8 |
| SHA256 | 8ba6a3c27b80158d9978345b058eeab6f2c83e52eb87e29bfb98785bdfc77926 |
| SHA512 | 983f19efd3269a5000bdc93aba55f5b59be919081eb3b6be4f65bfbe1c9b68e0450990fcc1c7fb8b415529a5aec885f350eb3ef916b4c19ec980d8ac5f03875a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 4b71f50afee385d714d11ac82cc52bec |
| SHA1 | 8ff381189031a52e93176fd13c179c9c8cf1e6f4 |
| SHA256 | 223be836e1405d66ee2aa07351655037b1a8d9e82808ad494c98677b6266687e |
| SHA512 | ba3c8450d5cbcdf50f1067cf73468473bb9a1c71467a21d003de312cbf06456ef7dd45ff38ba7bff7db9b4b4f65db8bfe4951383c4cb73e349aa949c510a25a9 |
C:\Users\Admin\AppData\Local\Temp\vbcA337FD03A05D421688F422743463513.TMP
| MD5 | 3906bddee0286f09007add3cffcaa5d5 |
| SHA1 | 0e7ec4da19db060ab3c90b19070d39699561aae2 |
| SHA256 | 0deb26dcfb2f74e666344c39bd16544fcaae1a950be704b1fd4e146e77b12c00 |
| SHA512 | 0a73de0e70211323d9a8469ec60042a6892426e30ad798a39864ba123c1905d6e22cb8458a446e2f45ec19cf0233fa18d90e5f87ec987b657a35e35a49fea3b0 |
C:\Users\Admin\AppData\Local\Temp\vbcB962F834D0CC46ADBD3810B3527E210.TMP
| MD5 | 85c61c03055878407f9433e0cc278eb7 |
| SHA1 | 15a60f1519aefb81cb63c5993400dd7d31b1202f |
| SHA256 | f0c9936a6fa84969548f9ffb4185b7380ceef7e8b17a3e7520e4acd1e369234b |
| SHA512 | 7099b06ac453208b8d7692882a76baceec3749d5e19abc1287783691a10c739210f6bdc3ee60592de8402ca0b9a864eb6613f77914b76aec1fc35157d0741756 |
C:\Users\Admin\AppData\Local\Temp\vbcE3012802D13D496E85394AA4C824461.TMP
| MD5 | dac60af34e6b37e2ce48ac2551aee4e7 |
| SHA1 | 968c21d77c1f80b3e962d928c35893dbc8f12c09 |
| SHA256 | 2edc4ef99552bd0fbc52d0792de6aaa85527621f5c56d0340d9a2963cbc9eed6 |
| SHA512 | 1f1badd87be7c366221eaa184ae9b9ae0593a793f37e3c1ce2d4669c83f06de470053550890ad6781b323b201a8b9d45a5e2df5b88e01c460df45278e1228084 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f43573d941665b241778ce9db4e51ce8 |
| SHA1 | 51fd61bfe3a9bc3f471232467407388650c68f44 |
| SHA256 | b62fb47ee516acc5eee71c5b671be34fb0045a2aa13ecb9fbada0747d97710ef |
| SHA512 | 61c031cb9f3782dbdce248d50f8dc01d9e977a03f34c3553bc0b680ee6c267ce2c35bd7275e8ed16a1b99563c7e645ddeef136bf05b7211f68006985b5972831 |
C:\Users\Admin\Downloads\Happy99.exe
| MD5 | 02dd0eaa9649a11e55fa5467fa4b8ef8 |
| SHA1 | a4a945192cb730634168f79b6e4cd298dbe3d168 |
| SHA256 | 4ebe3e1af5e147c580ecce052fe7d7d0219d5e5a2f5e6d8a7f7291735923db18 |
| SHA512 | 3bf69de674737ca15d6ff7ce73396194f3631dc4b8d32cc570adeeacdc210acee50fd64c97172ce7cc77f166c681d2ccd55955b3aca9188813b7ff6f49280441 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e1b6ad096f7ca824b235d65db6cffc91 |
| SHA1 | a0399a8087aaa5850f23ac3dd02bfca432a2930d |
| SHA256 | ba1462fbdfa52b198e6359e29a490606498e71dd48eb1da2607413515e92dd8b |
| SHA512 | be84e0bf569eca4ffeb25a377f39767dce7fcf0c53fa16fc2985e28a18c69393e40b0a0c28e87a1609015c3211c5b2d6243fc3be10bd38bb36ac8eb6bf1edc7f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 182e6eabada321b305a3f4deddb15878 |
| SHA1 | 6ba29bc68aad54adb1897004fc154e8749fe7630 |
| SHA256 | 7b7f208275c6f325bc6d6565142028ca51d5c56e0b6d636b1fc17a402954caae |
| SHA512 | 888e7a945682de59ee648c0b743b34025a83d9c1ab5e5f11807097719cf592fe5ef77c6dbabe30a5bc5ffe763cf88e7261aee29067567ff29d68505345b21487 |
C:\Users\Admin\Downloads\Unconfirmed 132963.crdownload
| MD5 | da9dba70de70dc43d6535f2975cec68d |
| SHA1 | f8deb4673dff2a825932d24451cc0a385328b7a4 |
| SHA256 | 29ceeb3d763d307a0dd7068fa1b2009f2b0d85ca6d2aa5867b12c595ba96762a |
| SHA512 | 48bbacb953f0ffbe498767593599285ea27205a21f6ec810437952b0e8d4007a71693d34c8fc803950a5454738bea3b0bafa9ff08cd752bf57e14fedf4efb518 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e80b5b41fe794fbd8c944c0474822388 |
| SHA1 | c6b7ee1b458a9e3439ec6b9e5af28e2a5db16b06 |
| SHA256 | 5f54c4911fade355913a0a07443648bc474a122b51128c9227a8c0bb2011bdc3 |
| SHA512 | 71c415ce705041c8871e527d6f56174350934eeac2cb7e808a6fb2aace78ffd7d5f63baebdd600378875e3aabf5f01dedf119985c38eff72941b7a13b688e7ca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2d99eced26370144c7801cf2b070cc3f |
| SHA1 | 2d41bc7a9f37d548e1a8e29a560ef5a04c39c81b |
| SHA256 | 022ac01696510ce585d16340185d821a9a421f27f4cefa90ac0242402539ade3 |
| SHA512 | 9a5b1724ca4f2a5027b183e48dbf2ae58d1a2d9e7a0c42d678c3f53fa341e05a83cb09dcaf25f862297d0d986c185fe805cbef3abb28711577001f2dec26bcd6 |
C:\Users\Admin\Downloads\Unconfirmed 688646.crdownload
| MD5 | 0e10993050e5ed199e90f7372259e44b |
| SHA1 | 2e7a515c81926ef8a3e1e533c2f58f57fdbfade7 |
| SHA256 | 8f533a5adb18c8e02779636e9d7dbb4a6cf13e4f60ee435b9afc3504b308d68a |
| SHA512 | d98b5c7a2d307451866a11bae8b3c7524d968c03e40bf1daa5110b8650c9edbf6b64cfed1052574ebd723e73b4c614358b3bc6442d1a21134c157971989f4d1d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 98ef8dfb1db2c6e1898b8ea9bdbb2e6f |
| SHA1 | 8e2fa2e39490ff99ee2c3626a6703ef8db5104e3 |
| SHA256 | d67122e6ea384e627fb8cac0855e2237fc69ddad3c5d2646fb4ce5d2fd6c353c |
| SHA512 | d8fd5a436bb04ff3e3ad3e59f29d4eac1ba2753cf8bba45e7976a074261983d7253041ee6500dd3f682ff28efa2357c4ceaf9dce4cbdba3bf9c5da78bf130477 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e5c223491d5763401be2c39f6c6d1c4c |
| SHA1 | 42127e888551edba98d3344b6aba2ece6e308234 |
| SHA256 | 0813b83eb30cbd9e9cb4ec07b4583f3a90f336262e67dd427ddad8378bd4c7d6 |
| SHA512 | 3ad18b4cadf44d1735f21d31b4f5e3eb7c7cd7833d387ba34a9d6739085809f6c92c2442894cb6ea30a7be6b7d07f7bc9083137e7e84e2d7a84cd691ba5ffe09 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 837db94a6463adc3ac07cdd4a4f3b3ac |
| SHA1 | 4f8231fb72f092f906f5100208611d0337e70fee |
| SHA256 | 7ab8b72e81323de26df27bf403945248047eeec470341db939a7c2796f65e03d |
| SHA512 | d4b037f300b3e630195f73481b690d7bf697a102741152bfd30e3d1821b6c8af43eb0b38f8e82f1bacb4257cd74957c2b04b50bbc449e6e0e22e2c8e08a21dc3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c6d3f7f52372c4ecd0282b790d28eeb8 |
| SHA1 | 31e638b2da9a7f57244a3a035ab7305cb0b9da6d |
| SHA256 | 3ad044cf6d8a2f5a7f7973473c12a661b226916699812d6863da0fa1b3d1b28e |
| SHA512 | cc240f462eba17370d2077fb9c01d0596f464a50b61834e36117c25025923d697b6ee8f33aeb048b294390a3362b9b2923de2526ea8a8e07d14a6be182fdc431 |
memory/4680-1899-0x0000000000400000-0x0000000000438000-memory.dmp
memory/4680-1913-0x0000000000400000-0x0000000000438000-memory.dmp
C:\Users\Admin\Downloads\Unconfirmed 754449.crdownload
| MD5 | 6f5767ec5a9cc6f7d195dde3c3939120 |
| SHA1 | 4605a2d0aae8fa5ec0b72973bea928762cc6d002 |
| SHA256 | 59fe169797953f2046b283235fe80158ebf02ba586eabfea306402fba8473dae |
| SHA512 | c0fbba6ecaef82d04157c5fcf458817bf11ce29cdaf3af6cac56724efcf4305565c6e665cdcf2106c675ba0574c60606be81d9baafe804fc7d2d3a50fed0baf6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 486de52b2391ad5179f384797e4db5d2 |
| SHA1 | 03451a98465f1698f4b6b40a05efa45b8055d9b1 |
| SHA256 | e19ed5771a091798ab1c4c9c27fe708de3d7418c86ce60f196b1420debb17b1a |
| SHA512 | 08897e809ac212061e6640e8e0ee39c07bea081573c7ed21f3babe591df2240bdda325814cfbd2ee1dd9c3b921f4d75a091bc4c4358483c4fdd2547d71818614 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 252a4f2bc2e3ac0726148519e5d10b16 |
| SHA1 | 79bfe73e99db0a12d0beadcaf2e30c84474eef5b |
| SHA256 | a9d735276c73c3605ec4c63a2ebd7622540c1aff0f2478e49b2366b7f8cf47c0 |
| SHA512 | b59ae9a73313d77e910d72c92cf47093290cc224a82d9f6475cc16ee671507dcd80f39702a94d2d77abdd169602fc31fdd8510b71f30655b098de97d6cafc351 |
memory/4680-1959-0x0000000000400000-0x0000000000438000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e531f266-abea-4638-84e4-96786cdc776e.tmp
| MD5 | 9dc72cd5d7f70b1cedf9c9229b733af6 |
| SHA1 | 9807f100db6c3e294d39cac2db7cab117c413a1f |
| SHA256 | be08faea6e3e4f1657946d99e469bb5deb881c08084794e0b277217fbafaef61 |
| SHA512 | 7984bb247a44abaf4b0462d07faec7ca968eafbb1c27a955b8ee9bff43ddbf99670b16214fa1f8c70328bb4c981348d654dca8ffe4c668ede85b611f71034bf1 |
C:\Users\Admin\Downloads\Unconfirmed 172535.crdownload
| MD5 | c52f20a854efb013a0a1248fd84aaa95 |
| SHA1 | 8a2cfe220eebde096c17266f1ba597a1065211ab |
| SHA256 | cf8533849ee5e82023ad7adbdbd6543cb6db596c53048b1a0c00b3643a72db30 |
| SHA512 | 07b057d4830d3e2d17c7400d56f969c614a8bae4ba1a13603bb53decd1890ddcfbaad452c59cc88e474e2fd3abd62031bf399c2d7cf6dc69405dc8afcea55b9a |
memory/4680-2002-0x0000000000400000-0x0000000000438000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ae071671019add96d4325ba295928d22 |
| SHA1 | a7f63f9cd0581361a4f604a8169817fe9b630fb8 |
| SHA256 | 6bf12029b4732833dc83be247b74fce36ae5a036946322bc7ebc06cc8651e27f |
| SHA512 | 18ef2c21e1e76c1ea68256cf27d23759a3159b65fba2c7bbd8d74591ff7798edbe58cf3dfa997f73c096655cf30b68d6db172c24a89c1bbf5f551c0af7e999c4 |
memory/2556-2012-0x000000001BC10000-0x000000001C03E000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 176aa2d1941b5728981c2881b7052d71 |
| SHA1 | 6ae382ddd8c46017e67b9b5ce0795053806b67d1 |
| SHA256 | e58628f64f32af79ec8679f5a64f168a7333c22b49b11fcfa94370fd786832ce |
| SHA512 | c0305547833af5fccab05781c85c542ce24601db20b5c48d7b58c3a7b0754ff323c64ab427083d23be25232dcefca8fc7ac8cd24a582041ab2823aa2dc46e1f0 |
memory/2556-2099-0x000000001DA60000-0x000000001DF6E000-memory.dmp
memory/2556-2100-0x000000001E010000-0x000000001E0AC000-memory.dmp
memory/2556-2101-0x0000000001650000-0x0000000001658000-memory.dmp
memory/4680-2111-0x0000000000400000-0x0000000000438000-memory.dmp
memory/4680-2120-0x0000000000400000-0x0000000000438000-memory.dmp
C:\Users\Admin\Downloads\metrofax.doc
| MD5 | 28e855032f83adbd2d8499af6d2d0e22 |
| SHA1 | 6b590325e2e465d9762fa5d1877846667268558a |
| SHA256 | b13b29772c29ccb412d6ab360ff38525836fcf0f65be637a7945a83a446dfd5e |
| SHA512 | e401cbd41e044ff7d557f57960d50fb821244eaa97ce1218191d58e0935f6c069e6a0ff4788ed91ead279f36ba4eddfaa08dc3de01082c41dc9c2fc3c4b0ae34 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | db96d555d48d5e42ff4361519ab580a1 |
| SHA1 | 602db3847d347d8f571f64bf1b62a202acae448d |
| SHA256 | a764c408e170008cae65fd47a2ba6891fcb31d1ff7217a4b1cd89fa992e08519 |
| SHA512 | fbf55ecdd12ea7387125035eb4e22eba762f67251ccc7e01bff57536650cd89b4f38ecc671713b777546fc7caaa5e82e2d4125553299d4bbd93e0efb9bafe0e9 |
memory/4680-2147-0x0000000000400000-0x0000000000438000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 52b321603415466462ff53f7f08f1cd3 |
| SHA1 | 6778f63d19fe3796b23d71644ab8f8a3a0e7c27b |
| SHA256 | 3715e6677fe848fe50e967757e3ea19b1a12e30266572a30ffb661eeb299e737 |
| SHA512 | a199425f60288baea1502a57130a04bca76c108fb35de16a88fea34af8e453db0b8980788cabbd2436df20c9d62d43817efd7cacb2c0eb154b8ee076de56da25 |
memory/4680-2180-0x0000000000400000-0x0000000000438000-memory.dmp
C:\Users\Admin\Downloads\Blaster.A.exe
| MD5 | 5ae700c1dffb00cef492844a4db6cd69 |
| SHA1 | bed8e439f28a1a0d3876366cbd76a43cdccf60fa |
| SHA256 | 258f82166d20c68497a66d82349fc81899fde8fe8c1cc66e59f739a9ea2c95a9 |
| SHA512 | 2cc1ec68df94edc561dd08c4e3e498f925907955b6e54a877b8bc1fb0dd48a6276f41e44756ed286404f6a54f55edb03f8765b21e88a32fd4ca1eb0c6b422980 |
C:\Users\Admin\Downloads\Blaster.E.exe
| MD5 | 8676210e6246948201aa014db471de90 |
| SHA1 | 86b30d1a8b7515dcab6c8d2781b85c6983709dbf |
| SHA256 | 2e481059b9bc9686c676d69a80202eed5022c9a53ecd8cac215e70c601dd7fdc |
| SHA512 | 5130e6ea6c5e1924af7d630a7b1c6e614b1482edcad3117a8dc56371269260b97793a7ccdbf3249054815b7c3b9c364b30e73e0f8e4cc230502b01d0d2f70bda |
memory/3512-2193-0x0000000000400000-0x0000000000409000-memory.dmp
memory/5044-2200-0x0000000000400000-0x0000000000409000-memory.dmp
memory/3864-2204-0x0000000000400000-0x0000000000409000-memory.dmp
memory/4680-2203-0x0000000000400000-0x0000000000438000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9fb96f3373361ce61e70590a4402f699 |
| SHA1 | 55c6f9f0b561d9eaf1229b314a6a063135cee80b |
| SHA256 | 6cc58e7c0b5c87d11d01e6d01b6d92eb095f3c7cf051ed320f0e9b9aac9bfc2a |
| SHA512 | 1e65f759f6f0215d252101f19bce987dff07f9d20e493d57081e835ce44be1c090167ab760196576285452be0f176cfa0af5cc82bc855870bc4619a9690acfbe |
memory/4980-2225-0x0000000000400000-0x0000000000409000-memory.dmp
memory/2976-2228-0x0000000000400000-0x0000000000409000-memory.dmp
memory/2976-2226-0x0000000000400000-0x0000000000409000-memory.dmp
memory/4028-2230-0x0000000000400000-0x0000000000409000-memory.dmp
memory/3512-2233-0x0000000000400000-0x0000000000409000-memory.dmp
memory/5044-2234-0x0000000000400000-0x0000000000409000-memory.dmp
memory/4680-2235-0x0000000000400000-0x0000000000438000-memory.dmp
memory/3512-2245-0x0000000000400000-0x0000000000409000-memory.dmp
memory/3512-2246-0x0000000000400000-0x0000000000409000-memory.dmp
memory/5044-2247-0x0000000000400000-0x0000000000409000-memory.dmp
memory/4680-2250-0x0000000000400000-0x0000000000438000-memory.dmp
memory/5044-2251-0x0000000000400000-0x0000000000409000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 33aae50f1910fa336d1ea317c2a0a54d |
| SHA1 | fba5371a3ffd3f54fc581bcb6b1db8ca9a85087e |
| SHA256 | 0730e3b275ad9745de35e91e15e6cef95792ccedd8ef1c5c0cfdbb07e1b14856 |
| SHA512 | fb279e1ae0c687568d29aba0e62cfc9381d72b88bb356add328d6e50551031f36ca42a9bfaeec79abf7dc2a0fe71d567931108aa4e0f716ef435d01d38fa838d |
memory/4680-2261-0x0000000000400000-0x0000000000438000-memory.dmp
memory/5044-2263-0x0000000000400000-0x0000000000409000-memory.dmp
memory/3512-2262-0x0000000000400000-0x0000000000409000-memory.dmp
C:\Users\Admin\Downloads\Unconfirmed 748009.crdownload
| MD5 | 30cdab5cf1d607ee7b34f44ab38e9190 |
| SHA1 | d4823f90d14eba0801653e8c970f47d54f655d36 |
| SHA256 | 1517527c1d705a6ebc6ec9194aa95459e875ac3902a9f4aab3bf24b6a6f8407f |
| SHA512 | b465f3b734beaea3951ff57759f13971649b549fafca71342b52d7e74949e152c0fbafe2df40354fc00b5dc8c767f3f5c6940e4ba308888e4395d8fd21e402b3 |
memory/3512-2272-0x0000000000400000-0x0000000000409000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | aea404ca77fc38faab71330176dbc409 |
| SHA1 | 15fe31b969b9ba827b8dcb8512d66f526fd49e0a |
| SHA256 | d1545d40a7e3431f05ccb854c79a3abfcd76a34c3afe1227e2d0cf92c2bd7df5 |
| SHA512 | 22eadb45706720a72aad3dce280e5c20cb034c959f217a8aefc0696768cc16d2a1e1835dc994096a47c258fa41db0081ce5ef7a4ba1aeb2e3f020672e1f45821 |
memory/4680-2299-0x0000000000400000-0x0000000000438000-memory.dmp
memory/5044-2300-0x0000000000400000-0x0000000000409000-memory.dmp
memory/4680-2368-0x0000000000400000-0x0000000000438000-memory.dmp
memory/5044-2370-0x0000000000400000-0x0000000000409000-memory.dmp
memory/3512-2369-0x0000000000400000-0x0000000000409000-memory.dmp
memory/4344-2372-0x0000000000400000-0x0000000000463000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | 6e098e39f45a409454cc480684ee7a18 |
| SHA1 | b5ff95575e1bf4a3531b6a4373ce2b5db4eca9d7 |
| SHA256 | 16d53184a1346d11efd5552491d4fdf61d1160a35ebed3232282f92713f8685c |
| SHA512 | 860a9d34b9575606ce51a978e8d5d6ee55b001c0396c34addbf42ddb5c0954a8223976beaf94c4e540fb6442fee452060f08433692bb5751e7dad98a674e9148 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\f20f2f04-9814-4935-a893-fe48fdb7964d.dmp
| MD5 | 818a5e6d1b259baca9aceccfffad2a0e |
| SHA1 | 78948caf66a4d6ae0fd8a0eb3e02a707abde3d77 |
| SHA256 | 0647569e4dcf87996ead09b7712da1a7484187b4246f88643f784daffccf7a86 |
| SHA512 | 0b7a31077628f826e5e23e5107e3208716c8075ae5b06971feed9124588bd486bef508ca4df9023cfc8ccc438d3dbcd3bef7b1919197b8955cac8781031289f3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8e15789507476b605fade754a53b9f5e |
| SHA1 | e778e1ca975d87b747a261bb4f60eece12c66a35 |
| SHA256 | 8e3a2477c027554de5d5c7bfd15e2e5db685eda931f5aa266b9177a4b81a7571 |
| SHA512 | b9b76f41aba379f9b3c19ff4fb07918e55ad7add4c4d20205c9844a931fc3f516a3a29ef990548ffe8f7e4e98cd4cb070eae9a97e93a95c499dca75c0cdefd5b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 55f1502f64d553dd1a4a45619d7273dc |
| SHA1 | 3f3bfb1ccf29ab73989e5e1324bba248e49efd23 |
| SHA256 | cf07bf8b2d418fa5b4ee450e3c023333ee4e15c26f102db4aa7a0a84d097a7f6 |
| SHA512 | f5a1e4ed739e4d18c5f15ff1ac2f9a106bf22a000540047b35cac05322adace49f85d33977aad7fef68c5edd72693aac152e02e20a01aa1d467f21762bd5f836 |
memory/4680-2412-0x0000000000400000-0x0000000000438000-memory.dmp
memory/5044-2416-0x0000000000400000-0x0000000000409000-memory.dmp
memory/3512-2414-0x0000000000400000-0x0000000000409000-memory.dmp