Malware Analysis Report

2024-12-01 02:58

Sample ID 241108-bds28strcn
Target re-yang-win.exe
SHA256 08a04b950c6031066e2e4ad246b25baef1c48c6227a75060e4ca6cbf440a629b
Tags
collection discovery spyware stealer
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

08a04b950c6031066e2e4ad246b25baef1c48c6227a75060e4ca6cbf440a629b

Threat Level: Likely malicious

The file re-yang-win.exe was found to be: Likely malicious.

Malicious Activity Summary

collection discovery spyware stealer

Contacts a large (698) amount of remote hosts

Loads dropped DLL

Reads user/profile data of web browsers

Checks computer location settings

Clipboard Data

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-08 01:02

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-08 01:02

Reported

2024-11-08 01:02

Platform

win7-20241010-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-08 01:02

Reported

2024-11-08 01:05

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\re-yang-win.exe"

Signatures

Contacts a large (698) amount of remote hosts

discovery

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\re-yang-win.exe N/A

Clipboard Data

collection
Description Indicator Process Target
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\re-yang-win.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\re-yang-win.exe N/A

Reads user/profile data of web browsers

spyware stealer

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A discord.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A discord.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2400 wrote to memory of 3664 N/A C:\Users\Admin\AppData\Local\Temp\re-yang-win.exe C:\Windows\system32\cmd.exe
PID 2400 wrote to memory of 3664 N/A C:\Users\Admin\AppData\Local\Temp\re-yang-win.exe C:\Windows\system32\cmd.exe
PID 3664 wrote to memory of 3732 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3664 wrote to memory of 3732 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2400 wrote to memory of 936 N/A C:\Users\Admin\AppData\Local\Temp\re-yang-win.exe C:\Windows\system32\cmd.exe
PID 2400 wrote to memory of 936 N/A C:\Users\Admin\AppData\Local\Temp\re-yang-win.exe C:\Windows\system32\cmd.exe
PID 936 wrote to memory of 3568 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 936 wrote to memory of 3568 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2400 wrote to memory of 3212 N/A C:\Users\Admin\AppData\Local\Temp\re-yang-win.exe C:\Windows\system32\cmd.exe
PID 2400 wrote to memory of 3212 N/A C:\Users\Admin\AppData\Local\Temp\re-yang-win.exe C:\Windows\system32\cmd.exe
PID 3212 wrote to memory of 1052 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3212 wrote to memory of 1052 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2400 wrote to memory of 1200 N/A C:\Users\Admin\AppData\Local\Temp\re-yang-win.exe C:\Windows\system32\cmd.exe
PID 2400 wrote to memory of 1200 N/A C:\Users\Admin\AppData\Local\Temp\re-yang-win.exe C:\Windows\system32\cmd.exe
PID 1200 wrote to memory of 1976 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1200 wrote to memory of 1976 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2400 wrote to memory of 4748 N/A C:\Users\Admin\AppData\Local\Temp\re-yang-win.exe C:\Windows\system32\cmd.exe
PID 2400 wrote to memory of 4748 N/A C:\Users\Admin\AppData\Local\Temp\re-yang-win.exe C:\Windows\system32\cmd.exe
PID 4748 wrote to memory of 3160 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4748 wrote to memory of 3160 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2400 wrote to memory of 1128 N/A C:\Users\Admin\AppData\Local\Temp\re-yang-win.exe C:\Windows\system32\cmd.exe
PID 2400 wrote to memory of 1128 N/A C:\Users\Admin\AppData\Local\Temp\re-yang-win.exe C:\Windows\system32\cmd.exe
PID 1128 wrote to memory of 4940 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1128 wrote to memory of 4940 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2400 wrote to memory of 3780 N/A C:\Users\Admin\AppData\Local\Temp\re-yang-win.exe C:\Windows\system32\cmd.exe
PID 2400 wrote to memory of 3780 N/A C:\Users\Admin\AppData\Local\Temp\re-yang-win.exe C:\Windows\system32\cmd.exe
PID 3780 wrote to memory of 4832 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3780 wrote to memory of 4832 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2400 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\re-yang-win.exe C:\Windows\system32\cmd.exe
PID 2400 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\re-yang-win.exe C:\Windows\system32\cmd.exe
PID 2536 wrote to memory of 540 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2536 wrote to memory of 540 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2400 wrote to memory of 4004 N/A C:\Users\Admin\AppData\Local\Temp\re-yang-win.exe C:\Windows\system32\cmd.exe
PID 2400 wrote to memory of 4004 N/A C:\Users\Admin\AppData\Local\Temp\re-yang-win.exe C:\Windows\system32\cmd.exe
PID 4004 wrote to memory of 3196 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4004 wrote to memory of 3196 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2400 wrote to memory of 3188 N/A C:\Users\Admin\AppData\Local\Temp\re-yang-win.exe C:\Windows\system32\cmd.exe
PID 2400 wrote to memory of 3188 N/A C:\Users\Admin\AppData\Local\Temp\re-yang-win.exe C:\Windows\system32\cmd.exe
PID 3188 wrote to memory of 1288 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3188 wrote to memory of 1288 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2400 wrote to memory of 3944 N/A C:\Users\Admin\AppData\Local\Temp\re-yang-win.exe C:\Windows\system32\cmd.exe
PID 2400 wrote to memory of 3944 N/A C:\Users\Admin\AppData\Local\Temp\re-yang-win.exe C:\Windows\system32\cmd.exe
PID 3944 wrote to memory of 3392 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3944 wrote to memory of 3392 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2400 wrote to memory of 4560 N/A C:\Users\Admin\AppData\Local\Temp\re-yang-win.exe C:\Windows\system32\cmd.exe
PID 2400 wrote to memory of 4560 N/A C:\Users\Admin\AppData\Local\Temp\re-yang-win.exe C:\Windows\system32\cmd.exe
PID 4560 wrote to memory of 452 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4560 wrote to memory of 452 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2400 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\re-yang-win.exe C:\Windows\system32\cmd.exe
PID 2400 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\re-yang-win.exe C:\Windows\system32\cmd.exe
PID 1812 wrote to memory of 4152 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1812 wrote to memory of 4152 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2400 wrote to memory of 5060 N/A C:\Users\Admin\AppData\Local\Temp\re-yang-win.exe C:\Windows\system32\cmd.exe
PID 2400 wrote to memory of 5060 N/A C:\Users\Admin\AppData\Local\Temp\re-yang-win.exe C:\Windows\system32\cmd.exe
PID 5060 wrote to memory of 4860 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 5060 wrote to memory of 4860 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2400 wrote to memory of 768 N/A C:\Users\Admin\AppData\Local\Temp\re-yang-win.exe C:\Windows\system32\cmd.exe
PID 2400 wrote to memory of 768 N/A C:\Users\Admin\AppData\Local\Temp\re-yang-win.exe C:\Windows\system32\cmd.exe
PID 768 wrote to memory of 468 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 768 wrote to memory of 468 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2400 wrote to memory of 3504 N/A C:\Users\Admin\AppData\Local\Temp\re-yang-win.exe C:\Windows\system32\cmd.exe
PID 2400 wrote to memory of 3504 N/A C:\Users\Admin\AppData\Local\Temp\re-yang-win.exe C:\Windows\system32\cmd.exe
PID 3504 wrote to memory of 4036 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3504 wrote to memory of 4036 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Processes

C:\Users\Admin\AppData\Local\Temp\re-yang-win.exe

"C:\Users\Admin\AppData\Local\Temp\re-yang-win.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

Network

Country Destination Domain Proto
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 8.8.8.8:53 api.proxyscrape.com udp
US 8.8.8.8:53 openproxylist.xyz udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 104.18.10.5:443 api.proxyscrape.com tcp
US 104.18.10.5:443 api.proxyscrape.com tcp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 104.18.10.5:443 api.proxyscrape.com tcp
US 104.21.0.95:443 openproxylist.xyz tcp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 104.21.0.95:443 openproxylist.xyz tcp
US 104.18.10.5:443 api.proxyscrape.com tcp
US 104.21.0.95:443 openproxylist.xyz tcp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 discord.com udp
US 162.159.137.232:443 discord.com tcp
US 8.8.8.8:53 api.ipify.org udp
US 104.26.12.205:443 api.ipify.org tcp
FR 51.178.47.12:80 tcp
CN 58.209.139.191:8089 tcp
AT 185.196.178.40:4145 tcp
PE 181.65.169.35:999 tcp
BG 213.222.34.200:4145 tcp
ID 117.54.230.2:4153 tcp
LY 165.16.27.42:1981 tcp
BR 189.127.182.242:8080 tcp
US 47.252.20.42:8090 discordapp.com tcp
US 63.151.67.7:8080 tcp
IR 109.122.195.16:80 tcp
CA 67.43.227.226:22553 discordapp.com tcp
TR 78.189.32.215:8080 tcp
RU 91.188.246.128:8085 tcp
RU 78.107.235.8:3146 tcp
TH 8.213.195.191:80 discordapp.com tcp
CA 67.43.228.252:27621 discordapp.com tcp
UA 5.58.25.124:8080 tcp
JP 205.177.85.130:39593 tcp
US 162.159.242.174:80 discordapp.com tcp
EG 41.33.99.139:8080 tcp
ID 103.11.106.200:8181 tcp
US 162.210.197.91:13016 tcp
US 192.163.200.196:59365 tcp
US 8.8.8.8:53 discordapp.com udp
BE 78.20.209.210:443 tcp
TH 119.42.110.113:4145 tcp
CA 184.95.235.194:1080 tcp
UA 194.247.173.17:8080 tcp
DE 62.171.165.74:8975 tcp
US 162.159.242.204:80 tcp
KH 110.74.195.152:1080 tcp
US 67.213.210.118:39639 tcp
US 50.217.29.198:80 tcp
PH 8.220.141.8:89 tcp
GB 213.52.130.61:47595 tcp
IN 103.105.40.21:4145 tcp
HK 8.210.37.63:11 tcp
TR 38.156.72.135:9999 tcp
BD 103.234.27.78:1080 tcp
SG 148.72.214.53:56076 tcp
BR 131.221.182.14:4153 tcp
AR 170.150.154.98:5678 tcp
IR 31.47.58.37:80 tcp
CL 179.61.111.209:999 tcp
MX 189.219.53.209:10000 tcp
TH 202.29.218.138:4153 tcp
DE 23.88.121.205:30058 tcp
US 192.111.130.5:17002 tcp
ID 36.89.10.51:44268 tcp
US 206.220.175.2:4145 tcp
US 162.159.242.174:80 discordapp.com tcp
AT 80.120.130.231:80 tcp
US 162.159.242.174:80 discordapp.com tcp
IR 5.160.237.190:3128 tcp
US 162.159.242.174:80 discordapp.com tcp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 5.10.18.104.in-addr.arpa udp
US 8.8.8.8:53 95.0.21.104.in-addr.arpa udp
US 8.8.8.8:53 232.137.159.162.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 205.12.26.104.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 174.242.159.162.in-addr.arpa udp
US 162.159.242.174:80 discordapp.com tcp
US 162.159.242.174:80 discordapp.com tcp
US 162.159.242.174:80 discordapp.com tcp
US 162.159.242.174:80 discordapp.com tcp
SG 94.74.80.88:2020 discordapp.com tcp
US 162.159.242.174:80 discordapp.com tcp
US 162.159.242.174:80 discordapp.com tcp
BG 87.247.251.240:3128 tcp
US 162.159.242.174:80 discordapp.com tcp
US 162.159.242.174:80 discordapp.com tcp
US 162.159.242.174:80 discordapp.com tcp
US 8.8.8.8:53 204.242.159.162.in-addr.arpa udp
US 8.8.8.8:53 42.20.252.47.in-addr.arpa udp
US 8.8.8.8:53 226.227.43.67.in-addr.arpa udp
US 8.8.8.8:53 252.228.43.67.in-addr.arpa udp
US 8.8.8.8:53 17.173.247.194.in-addr.arpa udp
US 8.8.8.8:53 37.58.47.31.in-addr.arpa udp
US 8.8.8.8:53 5.130.111.192.in-addr.arpa udp
US 8.8.8.8:53 191.195.213.8.in-addr.arpa udp
US 8.8.8.8:53 231.130.120.80.in-addr.arpa udp
US 8.8.8.8:53 2.175.220.206.in-addr.arpa udp
US 8.8.8.8:53 8.141.220.8.in-addr.arpa udp
US 8.8.8.8:53 88.80.74.94.in-addr.arpa udp
US 8.8.8.8:53 63.37.210.8.in-addr.arpa udp
US 162.159.242.174:80 discordapp.com tcp
US 162.159.242.174:80 discordapp.com tcp
US 162.159.242.174:80 discordapp.com tcp
US 162.159.242.174:80 discordapp.com tcp
PL 46.227.37.49:1088 tcp
US 162.159.242.174:80 discordapp.com tcp
US 162.159.242.174:80 discordapp.com tcp
US 162.159.242.174:80 discordapp.com tcp
US 162.159.242.174:80 discordapp.com tcp
US 162.159.242.174:80 discordapp.com tcp
US 50.200.12.82:80 tcp
TH 8.213.195.191:80 api.ipify.org tcp
NP 103.155.20.61:8082 tcp
US 172.67.53.71:80 tcp
ID 36.66.200.132:8080 tcp
RU 91.188.247.196:8085 tcp
IN 103.41.35.153:58080 tcp
HK 8.210.17.35:8080 discordapp.com tcp
IN 103.75.228.108:6187 discordapp.com tcp
PL 212.127.93.44:8081 tcp
ES 37.32.98.160:29776 tcp
FR 212.83.137.165:28483 tcp
US 165.227.104.122:48500 tcp
US 8.8.8.8:53 71.53.67.172.in-addr.arpa udp
US 8.8.8.8:53 108.228.75.103.in-addr.arpa udp
US 8.8.8.8:53 44.93.127.212.in-addr.arpa udp
US 8.8.8.8:53 35.17.210.8.in-addr.arpa udp
CN 117.160.250.138:80 tcp
US 104.219.42.115:52354 tcp
TH 183.89.13.163:8080 tcp
CL 45.181.123.97:999 tcp
US 45.32.1.78:11788 tcp
HK 8.210.17.35:8080 api.ipify.org tcp
JP 161.34.40.114:3128 tcp
ID 121.101.133.195:8080 tcp
US 47.88.29.108:9999 tcp
CA 184.95.235.194:1080 tcp
AU 47.91.45.235:8009 tcp
US 8.8.8.8:53 194.235.95.184.in-addr.arpa udp
US 8.8.8.8:53 108.29.88.47.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
JP 131.186.37.99:8080 tcp
DE 8.209.96.245:1099 tcp
ID 43.229.252.28:53281 tcp
HK 49.0.253.51:87 discordapp.com tcp
TR 92.44.200.30:1453 tcp
US 50.230.222.202:80 tcp
CA 72.10.160.170:23177 discordapp.com tcp
CA 72.10.160.91:8561 discordapp.com tcp
GB 85.92.178.111:60606 tcp
CO 190.121.153.93:999 tcp
US 98.182.196.231:1080 tcp
UA 91.202.72.105:8080 tcp
FR 147.135.129.229:26527 tcp
SY 82.137.244.59:4145 tcp
AE 47.91.115.179:8080 tcp
US 154.202.98.233:3128 tcp
BE 45.128.133.141:1080 tcp
US 8.8.8.8:53 179.115.91.47.in-addr.arpa udp
US 8.8.8.8:53 51.253.0.49.in-addr.arpa udp
US 207.55.243.85:64403 tcp
CN 114.233.70.184:9000 tcp
TR 185.169.181.25:4145 tcp
UA 176.36.190.253:8080 tcp
VE 190.52.97.25:999 tcp
CO 8.242.179.184:999 tcp
TH 49.49.189.162:8080 tcp
IN 157.245.97.60:80 tcp
KR 222.122.110.26:80 tcp
ID 103.169.254.186:8061 tcp
US 8.8.8.8:53 170.160.10.72.in-addr.arpa udp
SG 8.219.43.134:2020 tcp
DE 47.254.158.115:20201 tcp
TH 8.213.215.187:9098 discordapp.com tcp
US 8.8.8.8:53 134.43.219.8.in-addr.arpa udp
US 8.8.8.8:53 115.158.254.47.in-addr.arpa udp
US 8.8.8.8:53 187.215.213.8.in-addr.arpa udp
ID 103.152.232.194:8080 tcp
CO 177.93.33.92:999 tcp
TH 8.213.195.191:8095 tcp
TH 8.213.215.187:9098 api.ipify.org tcp
ID 103.186.90.18:8080 tcp
CN 61.129.2.212:8080 tcp
NL 217.12.201.56:11337 tcp
US 204.111.233.60:8888 discordapp.com tcp
CA 72.10.160.171:4901 discordapp.com tcp
US 162.216.204.146:1080 tcp
US 162.223.90.130:80 tcp
BR 187.19.200.217:8090 tcp
DE 87.123.56.163:80 tcp
ID 123.231.230.58:39365 tcp
VN 113.161.248.125:1080 tcp
SG 216.137.184.253:80 tcp
DE 213.136.75.65:44072 tcp
HK 112.118.59.97:80 tcp
US 104.19.22.177:80 tcp
CN 223.241.24.90:8080 tcp
SG 128.199.131.156:29717 tcp
US 8.8.8.8:53 130.90.223.162.in-addr.arpa udp
US 8.8.8.8:53 171.160.10.72.in-addr.arpa udp
US 8.8.8.8:53 60.233.111.204.in-addr.arpa udp
US 8.8.8.8:53 177.22.19.104.in-addr.arpa udp
US 172.67.185.169:80 tcp
DE 94.130.54.171:7396 tcp
IN 20.219.177.38:3129 tcp
ID 202.43.191.10:5430 tcp
US 8.8.8.8:53 97.59.118.112.in-addr.arpa udp
US 8.8.8.8:53 169.185.67.172.in-addr.arpa udp
TR 95.9.214.128:1453 tcp
BD 27.147.185.219:8090 tcp
MY 47.250.11.111:102 discordapp.com tcp
US 50.222.245.46:80 tcp
CA 67.43.227.227:15335 tcp
BR 187.111.144.102:8080 tcp
US 184.178.172.14:4145 tcp
US 50.170.90.26:80 tcp
ID 103.176.97.166:8080 tcp
US 8.8.8.8:53 111.11.250.47.in-addr.arpa udp
US 8.8.8.8:53 14.172.178.184.in-addr.arpa udp
FR 51.210.21.189:1080 tcp
CN 223.113.89.138:1080 tcp
DE 173.249.33.122:49382 tcp
AU 47.91.45.198:8058 tcp
FR 163.172.171.22:16379 tcp
CN 114.106.134.117:8089 tcp
ES 195.219.98.27:5678 tcp
US 8.8.8.8:53 91.160.10.72.in-addr.arpa udp
MY 47.250.11.111:102 api.ipify.org tcp
FR 51.68.244.19:58826 tcp
IN 103.125.154.233:8080 tcp
ES 195.219.98.27:5678 tcp
TZ 154.118.228.212:80 tcp
US 50.222.245.42:80 tcp
US 8.8.8.8:53 27.98.219.195.in-addr.arpa udp
TH 110.238.116.82:80 tcp
ID 36.89.180.103:58841 tcp
US 8.8.8.8:53 82.116.238.110.in-addr.arpa udp
GH 41.204.53.17:80 tcp
FR 54.36.122.16:26850 tcp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 172.93.213.177:80 tcp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
CN 123.60.109.71:9080 tcp
RS 185.38.111.1:8080 tcp
KZ 93.170.73.47:35497 tcp
US 8.8.8.8:53 1.111.38.185.in-addr.arpa udp
KR 221.167.75.138:5156 tcp
DE 207.180.253.143:49646 tcp
PL 185.32.6.131:8070 tcp
US 173.0.9.3:5586 discordapp.com tcp
KR 183.100.14.134:8000 discordapp.com tcp
ID 103.246.78.21:8080 tcp
US 45.56.76.203:1338 tcp
ID 103.248.9.226:8181 tcp
CN 153.101.67.170:9002 tcp
BG 77.238.66.20:80 tcp
US 155.50.215.37:3128 tcp
FR 185.87.150.236:80 tcp
US 184.105.182.254:3128 tcp
TH 159.192.139.178:8080 tcp
IN 103.155.54.26:83 tcp
US 8.8.8.8:53 3.9.0.173.in-addr.arpa udp
US 8.8.8.8:53 134.14.100.183.in-addr.arpa udp
RU 62.182.204.81:88 discordapp.com tcp
JP 8.209.249.96:8080 tcp
AU 51.161.131.84:41597 tcp
RU 62.182.204.81:88 discordapp.com tcp
GE 80.241.251.54:8080 tcp
RU 62.182.204.81:88 discordapp.com tcp
RU 193.124.181.93:8888 discordapp.com tcp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 81.204.182.62.in-addr.arpa udp
US 8.8.8.8:53 96.249.209.8.in-addr.arpa udp
RU 62.182.204.81:88 discordapp.com tcp
GB 154.201.34.197:3128 tcp
US 207.2.120.19:80 tcp
US 172.67.182.155:80 tcp
US 64.225.4.17:10007 tcp
BD 103.180.203.1:8085 tcp
RU 176.197.219.74:1080 tcp
CN 218.4.192.62:7302 tcp
US 8.8.8.8:53 93.181.124.193.in-addr.arpa udp
US 8.8.8.8:53 155.182.67.172.in-addr.arpa udp
ID 101.255.118.86:8080 tcp
GB 82.69.16.184:80 tcp
US 47.252.20.42:8088 tcp
ID 103.242.105.238:8080 tcp
KE 196.202.210.73:32650 tcp
US 146.190.114.113:10000 tcp
US 47.252.27.174:6789 discordapp.com tcp
TH 110.238.116.82:1234 tcp
US 176.113.73.104:3128 tcp
US 8.8.8.8:53 174.27.252.47.in-addr.arpa udp
ID 103.99.27.78:8085 tcp
TH 1.179.148.9:55636 tcp
TH 110.238.113.119:10101 tcp
CY 45.8.105.16:80 tcp
UA 134.249.185.223:41890 tcp
ID 103.155.246.180:8081 tcp
PL 193.59.26.186:4153 tcp
KR 175.208.59.76:8080 discordapp.com tcp
KR 175.208.59.76:8080 discordapp.com tcp
US 8.8.8.8:53 76.59.208.175.in-addr.arpa udp
ID 103.163.175.28:8080 tcp
KR 175.208.59.76:8080 discordapp.com tcp
IN 43.249.224.172:83 tcp
KR 175.208.59.76:8080 discordapp.com tcp
US 8.8.8.8:53 226.9.248.103.in-addr.arpa udp
DE 88.99.249.96:8177 tcp
US 50.170.90.25:80 tcp
US 72.195.34.60:27391 tcp
CL 200.54.194.13:53281 tcp
GT 181.209.253.168:35010 tcp
US 8.8.8.8:53 60.34.195.72.in-addr.arpa udp
UZ 87.237.234.187:3128 tcp
US 104.248.59.38:80 tcp
JP 47.245.34.161:8080 discordapp.com tcp
IN 20.198.96.26:80 tcp
SG 8.219.169.172:8053 tcp
GB 102.165.56.87:8080 tcp
DE 138.201.21.218:46367 tcp
FR 81.250.223.126:80 tcp
SG 68.178.161.107:80 tcp
SG 109.123.233.239:3128 tcp
US 8.8.8.8:53 172.169.219.8.in-addr.arpa udp
US 8.8.8.8:53 161.34.245.47.in-addr.arpa udp
ID 202.179.184.35:5430 discordapp.com tcp
ID 103.121.199.142:8080 tcp
US 167.71.100.140:4065 tcp
KR 121.147.3.119:56452 tcp
FR 45.155.169.229:8009 tcp
IR 31.47.37.118:8080 tcp
BR 45.237.75.6:8080 tcp
IN 122.175.58.131:80 tcp
US 8.8.8.8:53 35.184.179.202.in-addr.arpa udp
US 8.8.8.8:53 229.169.155.45.in-addr.arpa udp
IN 20.219.177.38:3129 tcp
BR 191.253.106.140:8080 tcp
ID 103.160.57.61:10101 tcp
RU 85.172.0.30:8080 tcp
HK 101.36.120.133:30010 tcp
PL 46.227.39.1:1088 tcp
HK 49.0.253.51:87 tcp
FR 212.47.232.161:16379 discordapp.com tcp
FR 51.159.24.172:3166 tcp
RU 87.249.214.52:8080 tcp
US 8.8.8.8:53 161.232.47.212.in-addr.arpa udp
VN 203.205.35.201:4145 tcp
PL 157.25.92.74:3128 tcp
FR 92.205.25.148:1090 tcp
UG 102.223.88.10:8080 tcp
BD 182.252.66.206:9990 tcp
UA 176.98.22.224:8181 tcp
VN 115.72.89.145:1080 tcp
KR 8.213.128.6:443 tcp
BD 119.148.40.186:9990 tcp
DE 116.202.232.57:10415 tcp
US 198.23.239.224:6630 discordapp.com tcp
TR 212.253.80.174:1453 tcp
ID 103.51.47.9:4145 tcp
SG 128.199.109.115:14505 tcp
US 8.8.8.8:53 224.239.23.198.in-addr.arpa udp
RU 178.65.171.6:8080 tcp
IR 217.218.234.221:4153 tcp
US 142.111.1.21:5053 tcp
BR 187.102.16.66:51327 tcp
DE 79.137.203.245:1080 tcp
CO 38.56.23.193:999 tcp
US 8.8.8.8:53 6.128.213.8.in-addr.arpa udp
US 8.8.8.8:53 115.109.199.128.in-addr.arpa udp
US 8.8.8.8:53 21.1.111.142.in-addr.arpa udp
HU 81.183.253.34:4145 tcp
BR 186.194.234.18:4153 tcp
US 155.50.209.50:3128 tcp
FR 51.68.230.210:62164 tcp
CN 39.175.92.35:30001 tcp
US 66.29.128.241:12795 tcp
SG 34.87.103.220:80 tcp
RU 178.49.234.94:5678 tcp
US 8.8.8.8:53 210.230.68.51.in-addr.arpa udp
US 47.252.27.174:20000 discordapp.com tcp
IR 185.173.130.148:3128 tcp
SA 129.208.117.105:8080 tcp
US 192.111.135.18:18301 discordapp.com tcp
MX 45.174.87.18:999 tcp
GB 156.253.170.204:3128 discordapp.com tcp
US 104.200.152.30:4145 tcp
JP 13.208.56.180:80 discordapp.com tcp
US 47.251.73.54:8443 tcp
US 8.8.8.8:53 18.135.111.192.in-addr.arpa udp
US 8.8.8.8:53 204.170.253.156.in-addr.arpa udp
BG 87.126.65.11:1388 tcp
IN 103.206.225.133:4145 tcp
CU 190.15.158.183:9090 tcp
US 134.122.5.111:42404 tcp
SG 128.199.109.115:14505 tcp
US 8.8.8.8:53 54.73.251.47.in-addr.arpa udp
US 8.8.8.8:53 180.56.208.13.in-addr.arpa udp
US 8.8.8.8:53 30.152.200.104.in-addr.arpa udp
ML 197.155.158.22:80 tcp
ID 101.255.117.242:3125 tcp
IN 123.253.124.28:5678 tcp
TH 171.100.155.93:8080 tcp
ID 36.64.132.91:3127 tcp
US 50.168.72.122:80 tcp
CY 213.149.182.98:8080 tcp
US 104.21.80.83:80 tcp
US 208.65.90.21:4145 tcp
MD 89.28.48.254:5678 tcp
VE 190.94.212.149:999 tcp
US 176.113.73.99:3128 tcp
BG 151.237.6.139:60606 tcp
RU 91.213.249.200:80 tcp
US 8.8.8.8:53 83.80.21.104.in-addr.arpa udp
US 8.8.8.8:53 21.90.65.208.in-addr.arpa udp
US 8.8.8.8:53 122.72.168.50.in-addr.arpa udp
US 52.9.37.116:80 tcp
US 68.183.29.98:64684 tcp
BR 189.52.87.19:8080 tcp
ID 36.93.157.49:5678 tcp
ID 8.215.15.163:8022 tcp
US 65.49.67.161:48324 tcp
ZA 197.245.83.20:5678 tcp
IR 185.172.212.233:8080 tcp
CA 72.10.160.90:20317 tcp
US 8.8.8.8:53 163.15.215.8.in-addr.arpa udp
TR 185.169.183.9:8080 tcp
CA 67.43.236.20:28473 tcp
RU 82.146.37.145:80 discordapp.com tcp
FR 51.68.230.210:62164 tcp
GB 154.201.34.252:3128 tcp
UA 194.247.173.17:8080 tcp
CN 114.218.165.63:8089 tcp
CN 47.92.248.197:8001 tcp
FR 31.207.38.66:80 discordapp.com tcp
ID 139.255.94.122:57853 tcp
KR 110.12.211.140:80 tcp
US 8.8.8.8:53 66.38.207.31.in-addr.arpa udp
BG 80.78.237.2:55443 tcp
FR 141.95.241.100:80 tcp
CN 47.122.62.83:9098 tcp
FI 95.216.164.36:80 tcp
RU 154.205.128.153:8888 tcp
TR 92.45.19.35:5678 tcp
DE 51.89.21.99:37982 tcp
US 8.8.8.8:53 145.37.146.82.in-addr.arpa udp
US 8.8.8.8:53 140.211.12.110.in-addr.arpa udp
US 8.8.8.8:53 36.164.216.95.in-addr.arpa udp
US 8.8.8.8:53 153.128.205.154.in-addr.arpa udp
US 50.207.253.118:80 tcp
US 50.207.199.80:80 tcp
US 47.253.214.60:1604 discordapp.com tcp
US 162.241.115.85:58045 tcp
KR 1.224.3.122:3888 tcp
US 8.8.8.8:53 60.214.253.47.in-addr.arpa udp
US 8.8.8.8:53 80.199.207.50.in-addr.arpa udp
SE 77.221.139.76:8000 tcp
US 107.178.9.186:8080 tcp
ZA 105.214.55.211:5678 tcp
US 3.90.100.12:80 tcp
ID 38.9.141.28:80 tcp
SE 176.74.192.44:24822 tcp
RO 188.215.245.235:80 tcp
US 8.8.8.8:53 12.100.90.3.in-addr.arpa udp
CO 8.242.85.3:999 tcp
SG 208.109.15.133:17556 tcp
VN 210.57.31.0:24 tcp
DO 190.113.40.41:999 tcp
NP 110.44.124.220:55443 tcp
RU 176.62.188.158:3629 tcp
US 8.8.8.8:53 235.245.215.188.in-addr.arpa udp
IN 47.247.78.128:80 tcp
ES 91.142.223.245:62474 tcp
DE 8.211.51.115:9080 discordapp.com tcp
US 50.207.199.83:80 discordapp.com tcp
CL 216.155.89.66:999 tcp
KH 202.8.74.14:8080 tcp
NL 147.75.34.103:9443 discordapp.com tcp
HK 43.129.210.41:10809 tcp
EC 177.234.210.7:999 tcp
US 8.8.8.8:53 115.51.211.8.in-addr.arpa udp
US 8.8.8.8:53 83.199.207.50.in-addr.arpa udp
US 8.8.8.8:53 103.34.75.147.in-addr.arpa udp
US 71.14.23.121:8080 tcp
DE 89.145.162.81:1080 tcp
US 198.46.161.237:5287 tcp
ID 103.157.117.8:8080 tcp
IN 103.242.119.88:80 tcp
TR 213.74.223.75:4153 discordapp.com tcp
GT 190.61.97.229:999 tcp
JP 185.160.26.114:80 tcp
NA 196.20.12.5:8080 tcp
CN 117.160.250.138:8899 tcp
IN 142.93.208.14:80 discordapp.com tcp
US 8.8.8.8:53 81.162.145.89.in-addr.arpa udp
US 8.8.8.8:53 237.161.46.198.in-addr.arpa udp
US 8.8.8.8:53 75.223.74.213.in-addr.arpa udp
CO 131.196.212.172:80 tcp
GB 18.135.133.116:80 tcp
US 50.168.210.238:80 tcp
US 156.228.118.11:3128 tcp
US 47.88.11.3:8123 tcp
ES 81.43.68.47:8080 tcp
US 8.8.8.8:53 14.208.93.142.in-addr.arpa udp
US 8.8.8.8:53 116.133.135.18.in-addr.arpa udp
US 8.8.8.8:53 3.11.88.47.in-addr.arpa udp
US 8.8.8.8:53 11.118.228.156.in-addr.arpa udp
DE 8.211.51.115:9080 api.ipify.org tcp
ID 147.139.213.199:8080 tcp
RU 185.189.102.178:4153 tcp
IT 185.241.238.17:8080 tcp
BR 45.71.169.145:80 tcp
CN 182.204.181.134:8089 tcp
CN 101.231.64.89:8443 tcp
US 8.42.68.109:39593 tcp
TR 188.132.222.165:8080 tcp
CN 223.113.89.138:1080 tcp
NZ 180.189.196.167:8080 tcp
EG 154.236.177.100:1977 tcp
US 50.228.141.96:80 tcp
BD 103.141.70.18:8080 tcp
JP 132.226.7.23:30277 discordapp.com tcp
DE 167.172.109.12:40825 tcp
AT 194.182.187.78:3128 tcp
IN 103.122.84.108:5678 tcp
ID 103.135.225.195:3128 tcp
SG 8.219.167.110:5000 discordapp.com tcp
US 8.8.8.8:53 23.7.226.132.in-addr.arpa udp
BR 177.73.186.12:8080 tcp
CA 72.10.160.170:2657 tcp
US 8.8.8.8:53 110.167.219.8.in-addr.arpa udp
US 154.83.8.167:3128 tcp
FI 95.217.122.41:29288 tcp
US 132.148.245.112:13082 tcp
CO 181.57.131.122:8080 tcp
NL 134.122.55.214:1414 tcp
HK 47.243.242.70:10 tcp
BD 45.251.57.49:4153 tcp
BR 200.229.224.221:8080 tcp
IQ 45.81.144.23:8080 tcp
KR 112.221.46.117:4153 tcp
ID 202.3.219.29:1001 tcp
SG 94.74.80.88:9992 tcp
US 192.210.132.197:6167 tcp
US 8.8.8.8:53 70.242.243.47.in-addr.arpa udp
US 8.8.8.8:53 17.238.241.185.in-addr.arpa udp
US 8.8.8.8:53 197.132.210.192.in-addr.arpa udp
US 8.8.8.8:53 29.219.3.202.in-addr.arpa udp
BG 194.182.178.90:3128 tcp
CN 122.224.65.197:3128 tcp
IQ 5.8.240.90:4153 tcp
DE 78.47.138.199:4000 tcp
IN 20.219.183.188:3129 tcp
CN 120.35.200.44:8089 tcp
EG 45.240.156.188:1981 tcp
US 67.213.210.62:35833 tcp
SG 188.166.197.129:3128 discordapp.com tcp
US 64.225.8.179:10003 tcp
VN 27.77.148.85:10004 tcp
BD 119.18.149.34:8080 tcp
US 8.8.8.8:53 129.197.166.188.in-addr.arpa udp
VE 190.121.239.194:999 tcp
GB 107.181.148.217:6077 discordapp.com tcp
IN 43.224.10.19:6666 tcp
CA 72.10.160.91:5167 tcp
US 209.145.60.213:80 tcp
US 72.37.216.68:4145 discordapp.com tcp
IN 47.247.78.134:80 tcp
TR 185.208.101.89:8080 tcp
CO 181.48.217.158:5678 tcp
US 8.8.8.8:53 68.216.37.72.in-addr.arpa udp
US 8.8.8.8:53 217.148.181.107.in-addr.arpa udp
BR 187.94.211.15:8080 tcp
CO 186.155.230.114:999 tcp
ID 103.122.1.69:8181 tcp
KR 8.220.204.215:8081 discordapp.com tcp
US 8.8.8.8:53 215.204.220.8.in-addr.arpa udp
TH 110.238.116.82:8015 tcp
IN 103.41.90.49:83 tcp
RU 45.11.95.165:6012 tcp
ES 141.105.107.34:5678 tcp
EC 45.4.203.115:999 tcp
RU 195.46.124.94:4444 tcp
BR 187.0.163.71:80 tcp
US 67.205.60.167:17360 tcp
CN 223.215.176.120:8089 tcp
PE 190.232.196.205:5678 tcp
FR 195.14.22.173:80 tcp
CO 207.230.8.3:999 tcp
IN 20.219.180.149:3129 tcp
SG 156.67.214.232:80 tcp
TH 61.7.146.7:80 tcp
BD 103.106.201.70:1088 tcp
US 50.206.25.104:80 tcp
AL 77.242.16.30:8080 tcp
IN 103.69.20.36:58080 tcp
BR 170.238.90.14:80 tcp
VN 118.69.123.180:80 discordapp.com tcp
IQ 176.241.82.149:5678 tcp
CL 186.103.130.91:8080 tcp
ID 103.53.79.115:8080 tcp
US 158.51.201.233:8080 tcp
KE 102.0.2.104:8080 tcp
US 8.8.8.8:53 180.123.69.118.in-addr.arpa udp
US 21.139.73.195:8080 tcp
BG 213.191.194.24:80 tcp
US 50.207.199.86:80 tcp
CA 67.43.228.254:8095 tcp
ID 117.102.81.3:53281 tcp
US 8.8.8.8:53 86.199.207.50.in-addr.arpa udp
RU 178.207.11.148:3129 tcp
SG 97.74.87.226:80 tcp
US 64.225.4.17:10003 tcp
BR 45.227.195.121:8082 tcp
MN 202.21.115.202:4153 tcp
CN 114.106.134.117:8089 tcp
US 154.202.115.137:3128 tcp
IR 185.134.99.62:4153 tcp
AU 60.242.169.1:80 discordapp.com tcp
US 8.8.8.8:53 226.87.74.97.in-addr.arpa udp
US 52.73.224.54:3128 tcp
IR 185.171.52.101:4153 tcp
DE 141.147.9.254:80 tcp
US 8.8.8.8:53 54.224.73.52.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
FR 194.250.197.206:80 tcp
US 47.253.105.175:1234 tcp
AU 60.242.169.1:80 discordapp.com tcp
BD 103.129.115.241:8080 tcp
US 8.8.8.8:53 1.169.242.60.in-addr.arpa udp
US 8.8.8.8:53 175.105.253.47.in-addr.arpa udp
AU 60.242.169.1:80 discordapp.com tcp
AL 37.26.86.206:47464 discordapp.com tcp
FR 109.238.11.197:41162 tcp
CN 61.183.234.226:9091 tcp
AU 60.242.169.1:80 tcp
TH 49.48.104.190:8080 tcp
CA 72.10.164.178:9547 tcp
US 47.252.20.42:1111 tcp
RU 94.19.0.131:80 tcp
US 8.8.8.8:53 131.0.19.94.in-addr.arpa udp
US 45.33.11.133:80 discordapp.com tcp
CN 115.159.48.235:55480 tcp
CN 182.106.220.252:9091 tcp
IN 27.116.51.115:8080 tcp
US 199.58.184.97:4145 discordapp.com tcp
RU 31.163.204.156:8080 tcp
US 8.8.8.8:53 133.11.33.45.in-addr.arpa udp
US 8.8.8.8:53 206.86.26.37.in-addr.arpa udp
US 50.222.245.43:80 tcp
US 8.8.8.8:53 97.184.58.199.in-addr.arpa udp
DE 62.143.94.238:8080 tcp
US 50.192.195.69:39792 tcp
US 66.235.200.8:80 tcp
CN 47.95.10.74:8888 tcp
ID 117.54.114.96:80 tcp
US 8.8.8.8:53 8.200.235.66.in-addr.arpa udp
US 50.204.219.231:80 tcp
IN 103.102.144.244:5678 tcp
US 98.162.25.23:4145 tcp
CN 123.60.109.71:30001 tcp
NL 212.32.242.111:3128 tcp
ID 103.167.171.150:8181 tcp
US 204.236.176.61:3128 tcp
EC 45.171.108.253:999 tcp
CA 67.43.227.227:6939 tcp
RU 46.191.237.90:1080 tcp
TR 188.132.221.22:8080 tcp
RU 62.33.207.202:3128 tcp
US 172.108.208.74:80 tcp
US 8.8.8.8:53 61.176.236.204.in-addr.arpa udp
JP 132.226.7.23:30277 tcp
CO 177.93.45.154:999 tcp
BD 182.252.66.205:9990 tcp
GB 8.211.194.85:8443 tcp
RU 94.181.33.149:40840 tcp
EG 41.65.236.53:1981 tcp
US 8.8.8.8:53 85.194.211.8.in-addr.arpa udp
RU 176.119.159.98:3128 tcp
FR 163.172.171.22:16379 tcp
TR 85.105.147.63:1453 tcp
US 172.67.181.2:80 discordapp.com tcp
US 172.67.181.2:80 discordapp.com tcp
US 172.67.181.2:80 discordapp.com tcp
US 172.67.181.2:80 discordapp.com tcp
US 172.67.181.2:80 discordapp.com tcp
CO 200.10.30.77:8083 tcp
US 172.67.181.2:80 discordapp.com tcp
US 8.8.8.8:53 2.181.67.172.in-addr.arpa udp
US 172.67.181.2:80 discordapp.com tcp
IN 216.10.249.154:80 discordapp.com tcp
AR 200.70.19.94:4153 tcp
ID 103.79.155.2:8080 tcp
ES 185.161.186.82:54321 tcp
FI 95.217.122.41:54339 tcp
PK 210.56.2.106:8080 tcp
ID 103.184.67.37:1080 tcp
BR 45.184.183.240:4145 tcp
US 8.8.8.8:53 154.249.10.216.in-addr.arpa udp
IN 202.12.80.7:84 tcp
GE 185.139.56.133:6961 tcp
ES 185.161.186.82:54321 tcp
KE 41.215.85.74:8080 tcp
ID 103.80.77.1:443 tcp
US 195.123.241.97:1245 tcp
US 8.8.8.8:53 82.186.161.185.in-addr.arpa udp
DE 78.47.122.82:40088 tcp
US 172.67.181.2:80 discordapp.com tcp
HR 212.92.204.54:80 tcp
US 172.67.181.2:80 discordapp.com tcp
CN 124.71.157.181:808 tcp
US 172.67.181.2:80 discordapp.com tcp
US 172.67.181.2:80 discordapp.com tcp
US 47.252.1.180:8083 tcp
FR 178.32.112.229:60289 tcp
US 8.8.8.8:53 180.1.252.47.in-addr.arpa udp
DE 95.111.226.235:3128 tcp
IR 46.32.25.18:7070 tcp
US 172.67.181.2:80 discordapp.com tcp
US 172.67.181.2:80 discordapp.com tcp
DE 47.91.95.174:8002 discordapp.com tcp
ID 101.255.150.94:80 tcp
CN 113.195.207.249:9091 tcp
US 172.67.181.2:80 discordapp.com tcp
ID 202.159.121.225:443 tcp
US 50.207.199.81:80 tcp
US 172.67.181.2:80 discordapp.com tcp
US 172.67.181.2:80 discordapp.com tcp
US 172.67.181.2:80 discordapp.com tcp
ID 103.239.165.29:5678 tcp
AE 31.59.27.71:6648 discordapp.com tcp
SG 128.199.104.190:41354 tcp
RU 95.64.144.66:1080 tcp
US 8.8.8.8:53 174.95.91.47.in-addr.arpa udp
US 8.8.8.8:53 81.199.207.50.in-addr.arpa udp
US 8.8.8.8:53 71.27.59.31.in-addr.arpa udp
US 181.215.47.60:3389 tcp
CL 201.238.248.139:9229 tcp
TR 195.174.248.40:8080 tcp
CN 112.2.34.103:10800 tcp
AR 181.166.55.183:8081 tcp
US 172.67.181.2:80 discordapp.com tcp
US 172.67.181.2:80 discordapp.com tcp
ES 185.66.59.251:42647 tcp
US 172.67.181.2:80 discordapp.com tcp
US 172.67.181.2:80 discordapp.com tcp
US 172.67.181.2:80 discordapp.com tcp
AR 190.104.213.175:1080 tcp
IN 103.76.253.66:3129 tcp
US 162.159.251.182:80 tcp
NL 167.71.5.83:3128 tcp
US 8.8.8.8:53 182.251.159.162.in-addr.arpa udp
US 154.16.116.166:57444 tcp
BD 103.127.1.130:80 tcp
US 8.8.8.8:53 130.1.127.103.in-addr.arpa udp
TH 1.0.170.50:80 tcp
ID 36.92.60.234:8080 tcp
CZ 85.163.87.4:60606 tcp
US 154.202.96.193:3128 tcp
BD 115.127.105.75:5020 tcp
HK 8.217.183.117:15673 tcp
US 45.61.125.118:6129 discordapp.com tcp
US 198.12.251.108:4175 tcp
CA 67.43.236.20:28473 tcp
EG 41.65.236.48:1981 tcp
US 44.219.175.186:80 discordapp.com tcp
NL 193.38.244.17:3128 discordapp.com tcp
US 8.8.8.8:53 118.125.61.45.in-addr.arpa udp
US 8.8.8.8:53 4.87.163.85.in-addr.arpa udp
US 45.55.41.15:10743 tcp
TH 125.27.253.117:8080 tcp
US 8.8.8.8:53 17.244.38.193.in-addr.arpa udp
US 8.8.8.8:53 186.175.219.44.in-addr.arpa udp
US 8.8.8.8:53 15.41.55.45.in-addr.arpa udp
AR 200.34.215.1:4153 tcp
BD 180.94.28.114:6969 tcp
UA 91.225.48.111:8888 tcp
AR 143.202.97.171:999 tcp
SG 8.219.43.134:9091 tcp
HK 8.218.60.8:15673 tcp
US 50.235.117.234:39593 tcp
EG 41.65.251.86:1981 tcp
CO 177.93.59.54:999 tcp
IN 139.5.31.222:8080 tcp
CN 106.86.152.136:7891 tcp
US 50.207.199.81:80 tcp
US 162.0.220.214:64078 tcp
SG 15.235.141.35:51921 tcp
US 198.23.147.18:5033 tcp
DE 82.165.105.48:80 tcp
US 8.8.8.8:53 18.147.23.198.in-addr.arpa udp
ID 36.92.87.73:5678 tcp
DO 204.157.240.53:999 tcp
ID 103.109.154.54:80 tcp
DE 47.254.158.115:8080 tcp
FR 161.123.130.74:5745 tcp
GB 37.120.133.137:3128 tcp
US 8.8.8.8:53 74.130.123.161.in-addr.arpa udp
TH 1.179.147.5:52210 tcp
CN 123.60.139.197:1337 tcp
DE 95.111.226.235:3128 tcp
ID 103.53.76.82:8080 tcp
TR 188.132.222.24:8080 tcp
CL 45.181.123.97:999 tcp
BR 138.122.74.55:57775 tcp
US 64.64.118.3:6586 discordapp.com tcp
NP 182.93.69.74:5678 tcp
BR 200.179.72.132:80 tcp
PH 124.105.79.237:8080 tcp
US 8.8.8.8:53 3.118.64.64.in-addr.arpa udp
ID 182.16.175.164:5678 tcp
US 107.1.93.214:80 tcp
HK 154.223.182.139:3128 tcp
IR 81.12.119.171:8080 tcp
SG 8.219.43.134:55553 tcp
NP 103.153.232.41:8080 tcp
GB 92.207.253.226:38157 discordapp.com tcp
EC 181.188.203.203:999 tcp
BD 103.114.96.93:1080 tcp
IT 45.141.80.151:5877 discordapp.com tcp
DE 136.243.151.123:8080 tcp
US 8.8.8.8:53 151.80.141.45.in-addr.arpa udp
VN 14.188.109.105:8080 tcp
GB 154.201.34.246:3128 tcp
US 198.12.253.239:20612 tcp
BR 170.238.90.14:80 tcp
BR 187.32.20.249:5678 tcp
DE 144.76.96.180:5566 tcp
US 207.244.229.34:9710 tcp
AT 185.196.176.77:4145 tcp
US 50.174.7.152:80 tcp
RS 91.150.77.57:56921 tcp
US 8.8.8.8:53 152.7.174.50.in-addr.arpa udp
ID 8.215.15.163:8022 tcp
NL 167.99.39.82:29529 tcp
ID 103.175.224.93:4444 tcp
SG 194.31.53.250:80 discordapp.com tcp
GH 41.204.53.27:80 tcp
AM 185.215.53.193:3629 tcp
BG 213.226.11.149:41878 tcp
ID 36.90.119.63:8080 tcp
AU 47.74.64.65:7777 tcp
CA 67.43.236.20:8973 tcp
US 47.88.11.3:8989 discordapp.com tcp
PH 119.93.148.191:8080 tcp
US 8.8.8.8:53 250.53.31.194.in-addr.arpa udp
CO 209.14.119.198:999 tcp
KH 119.82.252.25:42914 tcp
AR 181.209.111.147:999 tcp
CA 72.10.164.178:6639 tcp
CL 45.230.51.4:999 tcp
CN 39.165.0.137:9002 tcp
CN 113.195.207.249:9091 tcp
VE 200.109.66.90:4153 tcp
IN 139.59.1.14:3128 tcp
GB 212.110.188.193:34409 discordapp.com tcp
US 50.168.72.114:80 tcp
ID 118.137.103.85:8080 tcp
NL 46.175.147.169:3128 tcp
CA 184.95.235.194:1080 tcp
ID 36.94.12.210:4145 tcp
US 142.11.232.45:80 tcp
RU 185.251.91.19:8080 tcp
US 8.8.8.8:53 14.1.59.139.in-addr.arpa udp
US 8.8.8.8:53 114.72.168.50.in-addr.arpa udp
LV 85.115.112.178:80 tcp
SA 51.223.90.205:8080 tcp
UA 46.98.196.243:5678 tcp
TW 211.78.63.115:80 tcp
US 50.206.25.108:80 tcp
AT 178.189.89.193:11579 tcp
US 135.148.9.18:25055 tcp
PL 185.32.4.110:4153 tcp
FR 51.38.238.99:3128 tcp
SG 94.74.80.88:77 discordapp.com tcp
CH 84.39.112.144:3128 tcp
US 167.71.250.32:53661 tcp
GB 212.110.188.204:34411 tcp
SG 194.233.78.142:42258 tcp
US 8.8.8.8:53 144.112.39.84.in-addr.arpa udp
US 50.218.57.67:80 tcp
CI 213.136.101.37:3128 tcp
VE 190.94.213.6:999 tcp
JP 8.221.141.88:80 tcp
US 141.148.63.29:80 discordapp.com tcp
US 143.198.237.236:9050 tcp
US 8.8.8.8:53 29.63.148.141.in-addr.arpa udp
JP 220.152.114.161:34432 tcp
US 141.148.63.29:80 kmafiles.com tcp
EG 41.65.236.43:1976 tcp
US 141.148.63.29:80 kmafiles.com tcp
CH 84.39.112.144:3128 discordapp.com tcp
US 141.148.63.29:80 kmafiles.com tcp
CZ 213.151.79.84:8080 tcp
BR 177.200.82.190:5678 tcp
CH 84.39.112.144:3128 discordapp.com tcp
US 141.148.63.29:80 kmafiles.com tcp
TW 114.32.176.158:4145 tcp
VE 143.255.85.180:999 tcp
US 137.184.236.15:3128 tcp
US 8.8.8.8:53 88.141.221.8.in-addr.arpa udp
US 8.8.8.8:53 226.253.207.92.in-addr.arpa udp
US 141.148.63.29:80 kmafiles.com tcp
US 104.143.248.63:6673 discordapp.com tcp
ID 103.23.100.1:4145 tcp
US 141.148.63.29:80 kmafiles.com tcp
AL 91.187.113.50:8080 tcp
US 141.148.63.29:80 kmafiles.com tcp
AR 190.122.88.118:8080 tcp
US 74.208.177.198:80 tcp
US 141.148.63.29:80 kmafiles.com tcp
US 216.215.126.106:48324 tcp
US 8.8.8.8:53 63.248.143.104.in-addr.arpa udp
US 141.148.63.29:80 kmafiles.com tcp
US 141.148.63.29:80 kmafiles.com tcp
US 141.148.63.29:80 kmafiles.com tcp
IN 103.248.30.14:8080 tcp
US 141.148.63.29:80 kmafiles.com tcp
TR 213.14.31.123:35314 tcp
US 8.8.8.8:53 193.188.110.212.in-addr.arpa udp
US 141.148.63.29:80 kmafiles.com tcp
ID 103.247.21.225:3128 tcp
BD 115.127.138.18:1080 tcp
US 141.148.63.29:80 kmafiles.com tcp
US 141.148.63.29:80 kmafiles.com tcp
US 107.178.11.226:8080 tcp
HK 152.104.71.103:8081 tcp
US 141.148.63.29:80 kmafiles.com tcp
US 141.148.63.29:80 kmafiles.com tcp
US 141.148.63.29:80 kmafiles.com tcp
CM 102.244.120.10:45413 discordapp.com tcp
US 47.251.43.115:33333 discordapp.com tcp
US 141.148.63.29:80 kmafiles.com tcp
TH 183.89.139.38:4153 tcp
US 141.148.63.29:80 kmafiles.com tcp
ID 103.138.40.202:8080 tcp
US 8.8.8.8:53 115.43.251.47.in-addr.arpa udp
US 141.148.63.29:80 kmafiles.com tcp
MY 175.140.159.244:3128 tcp
CA 104.207.32.88:3128 tcp
FR 194.250.197.206:80 tcp
JP 8.209.255.13:3128 tcp
JP 20.27.86.185:8080 tcp
ID 103.153.63.136:3125 tcp
SG 128.199.202.122:3128 discordapp.com tcp
PE 164.163.185.199:80 tcp
US 8.8.8.8:53 88.32.207.104.in-addr.arpa udp
US 198.37.103.71:62220 tcp
US 173.82.208.231:20407 tcp
CN 47.121.183.107:8443 tcp
SG 128.199.202.122:3128 188.40.59.208 tcp
CO 190.90.22.106:999 tcp
SG 128.199.202.122:3128 188.40.59.208 tcp
US 47.251.43.115:33333 discordapp.com tcp
US 8.8.8.8:53 122.202.199.128.in-addr.arpa udp
US 8.8.8.8:53 13.255.209.8.in-addr.arpa udp
SG 128.199.202.122:3128 188.40.59.208 tcp
SG 128.199.202.122:3128 188.40.59.208 tcp
CO 181.78.23.170:4153 tcp
SG 128.199.202.122:3128 188.40.59.208 tcp
ID 103.188.174.2:5678 tcp
US 8.8.8.8:53 10.120.244.102.in-addr.arpa udp
IR 185.171.54.29:4153 tcp
US 104.143.250.221:5853 tcp
SG 128.199.202.122:3128 188.40.59.208 tcp
BR 191.240.153.165:8080 tcp
SG 128.199.202.122:3128 188.40.59.208 tcp
AT 185.236.202.170:3128 tcp
US 8.8.8.8:53 221.250.143.104.in-addr.arpa udp
RU 212.33.248.45:1080 tcp
RU 94.103.92.163:3128 tcp
SG 128.199.202.122:3128 188.40.59.208 tcp
SG 128.199.202.122:3128 188.40.59.208 tcp
TR 91.151.88.220:6618 tcp
EG 195.246.54.31:8080 tcp
ID 41.216.186.183:8181 tcp
TH 1.10.133.134:4145 tcp
SG 128.199.202.122:3128 188.40.59.208 tcp
GB 144.48.81.145:8080 tcp
SG 128.199.202.122:3128 188.40.59.208 tcp
EG 41.65.236.37:1976 tcp
CO 181.129.183.19:53281 tcp
SG 128.199.202.122:3128 tcp
GB 149.102.133.9:80 tcp

Files

C:\Users\Admin\AppData\Local\Temp\pkg-FLlkzU\5c9a74674baa49a8cc3965a2d84a4f89cd4ea1a459a9b493fc02a581c95bf3a8

MD5 04bfbfec8db966420fe4c7b85ebb506a
SHA1 939bb742a354a92e1dcd3661a62d69e48030a335
SHA256 da2172ce055fa47d6a0ea1c90654f530abed33f69a74d52fab06c4c7653b48fd
SHA512 4ea97a9a120ed5bee8638e0a69561c2159fc3769062d7102167b0e92b4f1a5c002a761bd104282425f6cee8d0e39dbe7e12ad4e4a38570c3f90f31b65072dd65

C:\Users\Admin\AppData\Local\Temp\pkg-FLlkzU\b9a7b76665d92af2d90cc6a15ffdc1a79635559cbc1c40bd1f83c4c4449cd442

MD5 66a65322c9d362a23cf3d3f7735d5430
SHA1 ed59f3e4b0b16b759b866ef7293d26a1512b952e
SHA256 f806f89dc41dde00ca7124dc1e649bdc9b08ff2eff5c891b764f3e5aefa9548c
SHA512 0a44d12852fc4c74658a49f886c4bc7c715c48a7cb5a3dcf40c9f1d305ca991dd2c2cb3d0b5fd070b307a8f331938c5213188cbb2d27d47737cc1c4f34a1ea21

memory/3732-135-0x00007FF81D913000-0x00007FF81D915000-memory.dmp

memory/3732-136-0x00000199344F0000-0x0000019934512000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_yz1c3eub.jza.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/3732-146-0x00007FF81D910000-0x00007FF81E3D1000-memory.dmp

memory/3732-147-0x00007FF81D910000-0x00007FF81E3D1000-memory.dmp

memory/3732-151-0x00007FF81D910000-0x00007FF81E3D1000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

MD5 8740e7db6a0d290c198447b1f16d5281
SHA1 ab54460bb918f4af8a651317c8b53a8f6bfb70cd
SHA256 f45b0efc0833020dfeeaad0adc8ed10b0f85e0bc491baf9e1a4da089636bccf5
SHA512 d91fe9666c4923c8e90e5a785db96e5613b8cb3bf28983296a2f381ccdcd73d15254268548e156c8150a9a531712602313ba65f74cec5784341c8d66b088750b

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 50a8221b93fbd2628ac460dd408a9fc1
SHA1 7e99fe16a9b14079b6f0316c37cc473e1f83a7e6
SHA256 46e488628e5348c9c4dfcdeed5a91747eae3b3aa49ae1b94d37173b6609efa0e
SHA512 27dda53e7edcc1a12c61234e850fe73bf3923f5c3c19826b67f2faf9e0a14ba6658001a9d6a56a7036409feb9238dd452406e88e318919127b4a06c64dba86f0

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 446dd1cf97eaba21cf14d03aebc79f27
SHA1 36e4cc7367e0c7b40f4a8ace272941ea46373799
SHA256 a7de5177c68a64bd48b36d49e2853799f4ebcfa8e4761f7cc472f333dc5f65cf
SHA512 a6d754709f30b122112ae30e5ab22486393c5021d33da4d1304c061863d2e1e79e8aeb029cae61261bb77d0e7becd53a7b0106d6ea4368b4c302464e3d941cf7

C:\Users\Admin\AppData\Local\Temp\config.yml

MD5 98d55c31ac02b32ac3c147cad3a97ed0
SHA1 1d72218c5cdd5cfe65187d66833eeaa16fad9368
SHA256 b61bac80531f43058953c0747218203b4794908db361ed0a032d79f1168f6bdc
SHA512 36e48ab538dc41350ad4cb2a0127a1727db54b136e65f12526ac1648d884e462a28ebf7f7ca85eff37da5e7de9baddac9b28819395e65a7eb3dc83dbdd50f78e

memory/1200-724-0x0000018775AF0000-0x0000018775D0C000-memory.dmp