O4 - HKCU\..\RunOnce: [Application Restart #1] = C:\Users\zxc\AppData\Roaming\dolphin_anty\browser\197\anty.exe --disable-field-trial-config --down-port=62374 --load-extension="C:\Users\zxc\AppData\Roaming\dolphin_anty/extensions/anty/5" --locale=de --new-extensions --no-sandbox --origin-trial-disabled-features=WebGPU --proxy-bypass-list="\"*anty-api.com; https://dolphin-anty-api.com\"" --proxy-server=http://dXNlcjkwNjUzOjJkOTZneA:base64@154.16.58.85:8538 --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36" --user-data-dir="C:\Users\zxc\AppData\Roaming\dolphin_anty\browser_profiles\152032159\data_dir" --restore-last-session --restart (not signed)
O4 - HKCU\..\RunOnce: [Application Restart #10] = C:\Users\zxc\AppData\Roaming\dolphin_anty\browser\197\anty.exe --disable-field-trial-config --down-port=62285 --load-extension="C:\Users\zxc\AppData\Roaming\dolphin_anty/extensions/anty/5" --locale=de --new-extensions --no-sandbox --origin-trial-disabled-features=WebGPU --proxy-bypass-list="\"*anty-api.com; https://dolphin-anty-api.com\"" --proxy-server=http://dXNlcjkwNjUzOjJkOTZneA:base64@179.61.187.245:8538 --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36" --user-data-dir="C:\Users\zxc\AppData\Roaming\dolphin_anty\browser_profiles\152032066\data_dir" --restore-last-session --restart (not signed)
O4 - HKCU\..\RunOnce: [Application Restart #11] = C:\Users\zxc\AppData\Roaming\dolphin_anty\browser\197\anty.exe --disable-field-trial-config --down-port=62343 --load-extension="C:\Users\zxc\AppData\Roaming\dolphin_anty/extensions/anty/5" --locale=de --new-extensions --no-sandbox --origin-trial-disabled-features=WebGPU --proxy-bypass-list="\"*anty-api.com; https://dolphin-anty-api.com\"" --proxy-server=http://dXNlcjkwNjUzOjJkOTZneA:base64@31.6.36.185:8538 --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36" --user-data-dir="C:\Users\zxc\AppData\Roaming\dolphin_anty\browser_profiles\152032118\data_dir" --restore-last-session --restart (not signed)
O4 - HKCU\..\RunOnce: [Application Restart #12] = C:\Users\zxc\AppData\Roaming\dolphin_anty\browser\197\anty.exe --disable-field-trial-config --down-port=62398 --load-extension="C:\Users\zxc\AppData\Roaming\dolphin_anty/extensions/anty/5" --locale=de --new-extensions --no-sandbox --origin-trial-disabled-features=WebGPU --proxy-bypass-list="\"*anty-api.com; https://dolphin-anty-api.com\"" --proxy-server=http://dXNlcjkwNjUzOjJkOTZneA:base64@5.180.50.100:8538 --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36" --user-data-dir="C:\Users\zxc\AppData\Roaming\dolphin_anty\browser_profiles\152032222\data_dir" --restore-last-session --restart (not signed)
O4 - HKCU\..\RunOnce: [Application Restart #4] = C:\Users\zxc\AppData\Roaming\dolphin_anty\browser\197\anty.exe --disable-field-trial-config --down-port=52718 --load-extension="C:\Users\zxc\AppData\Roaming\dolphin_anty/extensions/anty/5" --locale=de --new-extensions --no-sandbox --proxy-bypass-list="\"*anty-api.com; https://dolphin-anty-api.com\"" --proxy-server=http://dXNlcjkwNjUzOjJkOTZneA:base64@31.6.36.127:8538 --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36" --user-data-dir="C:\Users\zxc\AppData\Roaming\dolphin_anty\browser_profiles\152030191\data_dir" --restore-last-session --restart (not signed)
O4 - HKCU\..\RunOnce: [Application Restart #6] = C:\Users\zxc\AppData\Roaming\dolphin_anty\browser\197\anty.exe --disable-field-trial-config --down-port=62209 --load-extension="C:\Users\zxc\AppData\Roaming\dolphin_anty/extensions/anty/5" --locale=de --new-extensions --no-sandbox --origin-trial-disabled-features=WebGPU --proxy-bypass-list="\"*anty-api.com; https://dolphin-anty-api.com\"" --proxy-server=http://dXNlcjkwNjUzOjJkOTZneA:base64@179.61.132.36:8538 --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36" --user-data-dir="C:\Users\zxc\AppData\Roaming\dolphin_anty\browser_profiles\152030131\data_dir" --restore-last-session --restart (not signed)
O4 - HKCU\..\RunOnce: [Application Restart #7] = C:\Users\zxc\AppData\Roaming\dolphin_anty\browser\197\anty.exe --disable-field-trial-config --down-port=62238 --load-extension="C:\Users\zxc\AppData\Roaming\dolphin_anty/extensions/anty/5" --locale=de --new-extensions --no-sandbox --origin-trial-disabled-features=WebGPU --proxy-bypass-list="\"*anty-api.com; https://dolphin-anty-api.com\"" --proxy-server=http://dXNlcjkwNjUzOjJkOTZneA:base64@154.16.58.159:8538 --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36" --user-data-dir="C:\Users\zxc\AppData\Roaming\dolphin_anty\browser_profiles\152030172\data_dir" --restore-last-session --restart (not signed)
O4 - HKCU\..\RunOnce: [Application Restart #8] = C:\Users\zxc\AppData\Roaming\dolphin_anty\browser\197\anty.exe --disable-field-trial-config --down-port=62283 --load-extension="C:\Users\zxc\AppData\Roaming\dolphin_anty/extensions/anty/5" --locale=de --new-extensions --no-sandbox --origin-trial-disabled-features=WebGPU --proxy-bypass-list="\"*anty-api.com; https://dolphin-anty-api.com\"" --proxy-server=http://dXNlcjkwNjUzOjJkOTZneA:base64@154.16.58.17:8538 --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36" --user-data-dir="C:\Users\zxc\AppData\Roaming\dolphin_anty\browser_profiles\152032035\data_dir" --restore-last-session --restart (not signed)
O4 - HKCU\..\RunOnce: [Application Restart #9] = C:\Users\zxc\AppData\Roaming\dolphin_anty\browser\197\anty.exe --disable-field-trial-config --down-port=62281 --load-extension="C:\Users\zxc\AppData\Roaming\dolphin_anty/extensions/anty/5" --locale=de --new-extensions --no-sandbox --origin-trial-disabled-features=WebGPU --proxy-bypass-list="\"*anty-api.com; https://dolphin-anty-api.com\"" --proxy-server=http://dXNlcjkwNjUzOjJkOTZneA:base64@154.16.58.53:8538 --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36" --user-data-dir="C:\Users\zxc\AppData\Roaming\dolphin_anty\browser_profiles\152030260\data_dir" --restore-last-session --restart (not signed)
O7 - Policy: HKCU\..\Windows\Explorer: [DisableNotificationCenter ] = 1
O7 - Policy: HKLM\Software\Microsoft\Windows Defender\Features: [TamperProtection] = 4
O7 - Policy: HKLM\Software\Microsoft\Windows Defender\Real-Time Protection: [DisableRealtimeMonitoring] = 1
O27 - RDP: (Port) 3389 TCP opened as inbound - (no service) - (Remote Desktop) - (all applications)