Malware Analysis Report

2024-12-01 03:06

Sample ID 241111-c52n5atqhn
Target re-yang-win.exe
SHA256 08a04b950c6031066e2e4ad246b25baef1c48c6227a75060e4ca6cbf440a629b
Tags
discovery collection spyware stealer
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

08a04b950c6031066e2e4ad246b25baef1c48c6227a75060e4ca6cbf440a629b

Threat Level: Likely malicious

The file re-yang-win.exe was found to be: Likely malicious.

Malicious Activity Summary

discovery collection spyware stealer

Contacts a large (718) amount of remote hosts

Reads user/profile data of web browsers

Checks computer location settings

Clipboard Data

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

Unsigned PE

Browser Information Discovery

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-11 02:40

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-11 02:40

Reported

2024-11-11 02:43

Platform

win7-20240903-en

Max time kernel

118s

Max time network

129s

Command Line

"C:\Windows\explorer.exe"

Signatures

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\SndVol.exe N/A
N/A N/A C:\Windows\system32\SndVol.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\SndVol.exe N/A
N/A N/A C:\Windows\system32\SndVol.exe N/A
N/A N/A C:\Windows\system32\SndVol.exe N/A
N/A N/A C:\Windows\system32\SndVol.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1828 wrote to memory of 1736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 1736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 1736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 1772 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 1772 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 1772 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 1772 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 1772 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 1772 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 1772 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 1772 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 1772 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 1772 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 1772 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 1772 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 1772 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 1772 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 1772 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 1772 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 1772 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 1772 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 1772 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 1772 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 1772 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 1772 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 1772 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 1772 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 1772 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 1772 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 1772 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 1772 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 1772 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 1772 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 1772 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 1772 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 1772 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 1772 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 1772 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 1772 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 1772 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 1772 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 1772 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 2944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 2944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 2944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 2936 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 2936 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 2936 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 2936 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 2936 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 2936 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 2936 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 2936 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 2936 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 2936 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 2936 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 2936 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 2936 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 2936 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 2936 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 2936 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 2936 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 2936 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 2936 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Windows\explorer.exe

"C:\Windows\explorer.exe"

C:\Users\Admin\AppData\Local\Temp\re-yang-win.exe

"C:\Users\Admin\AppData\Local\Temp\re-yang-win.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef51a9758,0x7fef51a9768,0x7fef51a9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1112 --field-trial-handle=1380,i,8268093418905490581,12426273987086199671,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1456 --field-trial-handle=1380,i,8268093418905490581,12426273987086199671,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1612 --field-trial-handle=1380,i,8268093418905490581,12426273987086199671,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2300 --field-trial-handle=1380,i,8268093418905490581,12426273987086199671,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2312 --field-trial-handle=1380,i,8268093418905490581,12426273987086199671,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1580 --field-trial-handle=1380,i,8268093418905490581,12426273987086199671,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1508 --field-trial-handle=1380,i,8268093418905490581,12426273987086199671,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3296 --field-trial-handle=1380,i,8268093418905490581,12426273987086199671,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3152 --field-trial-handle=1380,i,8268093418905490581,12426273987086199671,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3296 --field-trial-handle=1380,i,8268093418905490581,12426273987086199671,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3768 --field-trial-handle=1380,i,8268093418905490581,12426273987086199671,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2424 --field-trial-handle=1380,i,8268093418905490581,12426273987086199671,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2852 --field-trial-handle=1380,i,8268093418905490581,12426273987086199671,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3808 --field-trial-handle=1380,i,8268093418905490581,12426273987086199671,131072 /prefetch:1

C:\Windows\system32\SndVol.exe

SndVol.exe -f 45483163 18539

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2460 --field-trial-handle=1380,i,8268093418905490581,12426273987086199671,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3752 --field-trial-handle=1380,i,8268093418905490581,12426273987086199671,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2484 --field-trial-handle=1380,i,8268093418905490581,12426273987086199671,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2316 --field-trial-handle=1380,i,8268093418905490581,12426273987086199671,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3968 --field-trial-handle=1380,i,8268093418905490581,12426273987086199671,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4032 --field-trial-handle=1380,i,8268093418905490581,12426273987086199671,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=1892 --field-trial-handle=1380,i,8268093418905490581,12426273987086199671,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=2460 --field-trial-handle=1380,i,8268093418905490581,12426273987086199671,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=1852 --field-trial-handle=1380,i,8268093418905490581,12426273987086199671,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=3696 --field-trial-handle=1380,i,8268093418905490581,12426273987086199671,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=2444 --field-trial-handle=1380,i,8268093418905490581,12426273987086199671,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=1876 --field-trial-handle=1380,i,8268093418905490581,12426273987086199671,131072 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
GB 216.58.201.106:443 ogads-pa.googleapis.com tcp
GB 216.58.201.110:443 apis.google.com tcp
GB 216.58.201.106:443 ogads-pa.googleapis.com udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.16.238:443 play.google.com tcp
N/A 224.0.0.251:5353 udp
GB 142.250.180.4:443 www.google.com udp
GB 172.217.16.238:443 play.google.com udp
US 8.8.8.8:53 consent.google.com udp
US 8.8.8.8:53 www.pornhub.com udp
US 66.254.114.41:443 www.pornhub.com tcp
US 66.254.114.41:443 www.pornhub.com tcp
GB 142.250.187.227:80 www.gstatic.com tcp
US 66.254.114.41:443 www.pornhub.com tcp
US 66.254.114.41:443 www.pornhub.com tcp
US 66.254.114.41:443 www.pornhub.com tcp
US 8.8.8.8:53 id.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.204.86:443 i.ytimg.com tcp
GB 216.58.204.86:443 i.ytimg.com tcp
GB 216.58.204.86:443 i.ytimg.com tcp
GB 216.58.204.86:443 i.ytimg.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.204.86:443 i.ytimg.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
GB 142.250.180.6:443 static.doubleclick.net tcp
GB 216.58.204.66:443 googleads.g.doubleclick.net udp
GB 172.217.16.238:443 www.youtube.com udp
US 8.8.8.8:53 encrypted-vtbn0.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
GB 142.250.180.14:443 encrypted-vtbn0.gstatic.com tcp
GB 142.250.200.46:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.200.46:443 encrypted-tbn0.gstatic.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 google.com udp
GB 142.250.200.14:443 google.com tcp
GB 216.58.213.3:443 beacons.gcp.gvt2.com tcp
GB 216.58.213.3:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 e2c2.gcp.gvt2.com udp
HK 34.92.53.177:443 e2c2.gcp.gvt2.com tcp
HK 34.92.53.177:443 e2c2.gcp.gvt2.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
GB 172.217.169.35:443 beacons.gvt2.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 camo.githubusercontent.com udp
US 185.199.110.133:443 camo.githubusercontent.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 185.199.109.133:443 user-images.githubusercontent.com tcp
US 185.199.109.133:443 user-images.githubusercontent.com tcp
US 185.199.109.133:443 user-images.githubusercontent.com tcp
US 185.199.109.133:443 user-images.githubusercontent.com tcp
US 185.199.109.133:443 user-images.githubusercontent.com tcp
US 185.199.109.133:443 user-images.githubusercontent.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 api.github.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 140.82.114.21:443 collector.github.com tcp
US 140.82.114.21:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 185.199.110.133:443 user-images.githubusercontent.com tcp
US 140.82.114.21:443 collector.github.com tcp
US 185.199.110.133:443 user-images.githubusercontent.com tcp
US 185.199.109.133:443 user-images.githubusercontent.com tcp
US 185.199.109.133:443 user-images.githubusercontent.com tcp
US 185.199.109.133:443 user-images.githubusercontent.com tcp
US 185.199.109.133:443 user-images.githubusercontent.com tcp
US 185.199.109.133:443 user-images.githubusercontent.com tcp
US 185.199.109.133:443 user-images.githubusercontent.com tcp
US 185.199.110.133:443 user-images.githubusercontent.com tcp
US 185.199.110.133:443 user-images.githubusercontent.com tcp
US 140.82.114.21:443 collector.github.com tcp
US 140.82.114.21:443 collector.github.com tcp
US 140.82.114.21:443 collector.github.com tcp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 185.199.110.133:443 objects.githubusercontent.com tcp
US 185.199.110.133:443 objects.githubusercontent.com tcp
US 185.199.110.133:443 objects.githubusercontent.com tcp

Files

C:\Users\Admin\Downloads\CopyCompare.cab

MD5 e1b1755e0e89fa9847bc4b1eac57d6c9
SHA1 c49bc803600ba17b864a28b6371d264393289706
SHA256 387a02401010c28e554216b2afb827704f27c95fb2c90dd7345d95cfa02ea86e
SHA512 1989c5428c86dd5eaae8afaf74eda55d3d568dc3b1143ef0249173d5f0068d902f4546707395a273fa4a6b28ffb7ae628e6e0415b9510be9ebf55dc26383211e

C:\Users\Admin\Downloads\InitializeUnprotect.3gp

MD5 1e06cc0f3b95e6de4ed4464f33df6ffc
SHA1 871cb4d271fa7c4f13c827d3caeb3400cf4994d5
SHA256 04c995013ae7c9c4e2b3457b5c82c54ace56791eb110a248fc8048c462086b43
SHA512 7a94fd760c5b7cce36b8ca7bfebcc30f13ad1d9e9224231565bfa98dd86e476e5cda2757e76e6c55747f34902f0d12bd42fb4d4e08c6c94cef2cbc83d839d13d

C:\Users\Admin\Downloads\InitializeDisable.edrwx

MD5 86919a69ab0efb57f07d13247ab1ba04
SHA1 46bd7907605bf97c35178764bc1642410ab18b59
SHA256 2630f8f8148c08b89fa7717af262cc87736f694d1025a7012f8807c128f38650
SHA512 15fb10aa2ef0da593f7c595a6569bd4266e85d78061787ef07ed0e0ad37fd66b233713d63c10c49e30c9065a41f981444a7581d360515d13f0ee851ee1722a17

C:\Users\Admin\Downloads\GroupEnable.tmp

MD5 a20b5a48a12895e6f8cd41e94b400d74
SHA1 ce48a66a6196d7f0271fb2bb5ade2d261d2b43f6
SHA256 10fb6d2c6fcc3d8425f1825b70bc15367fe1d5a5d12f66dde8bbfc29ca611ca3
SHA512 9081b03eac41fe3defd8ecfc87a8fda94bad6db3fa8c51bfe48f27b3cc369afc593865dc60d3429e8e8399b26f435559bbd592aca1881e1b92bd9b9d8eb36a2a

C:\Users\Admin\Downloads\GrantUpdate.wmv

MD5 a12c8d2554b9a2e516ecda5e2a1f8543
SHA1 eef63ff6d88eee22558c2175ac821879c7c22fe1
SHA256 5c3f61ce66ca901236d35112b329b8a64ffcd0691b0f25081f4a70787736b7f1
SHA512 621bae973162d422eeb7f710311ade5230215a9f2ab63dc5dd40e2d891e5e52387080eb084c1202c61d5da9bb8bb7b8fdc84ee4269718a1261c89b20f49c6148

C:\Users\Admin\Downloads\ExitBlock.docm

MD5 4d471b70e56e4dbf6b9a0ce9dea61a58
SHA1 9141eb20f08c397b464e6749ab8776728d2b31d5
SHA256 a42971db505eb67e5e309a1b77facfc56bbb55c0173285dd1b8851af945af96b
SHA512 be02e93771c8076e5dd70178c8761c1b266c79587fbd9f37645c13123c8d5dd1797c436d8886328c31bd95cade0e3ad0a25a657446e7c36c4df60081de13c202

C:\Users\Admin\Downloads\DisableDebug.vsdx

MD5 f01bb8f90e11a3b07dd6b4216cb91fd7
SHA1 f66740193c35e13ae07649506f372c18fe30e6ed
SHA256 cdf7d649e252d8a69b1d77a7435e4eeec4183ad413e3e168010adedc41d3df94
SHA512 6d2cf7f57ca35287050f2c691bce3d8c460a9d5afe2c5af7b7fcc2da7f911088d08ea1b9c200262a8186258e1f0da44210c6aa224940e1548e9f054f8c8cdac1

C:\Users\Admin\Downloads\LimitStep.eprtx

MD5 282a303eb9f3dd167b00e49dc0ea8ec8
SHA1 fb4bc8e14c5971c193f2211bc092cf0c5065f740
SHA256 85bae6f3817d18eb61ba9c46c81aa109181a112ab5eea063f9824045e8e4a37f
SHA512 f447bfb6422306f8a33e407f12ecfc93d3b3bf347122fdadf9c91cc1ebf73933bf84f419cb5931bbe50df1437821530f05086826b45b6ae3098714aa0bc94fac

C:\Users\Admin\Downloads\NewAdd.mp3

MD5 1681ee499818625f1781ddca9c9c64a3
SHA1 cc9ee3cbf61edfca3ec120b155904a1c121c7d7b
SHA256 c7152eb37045ca670ae606f89f50f5d4b38cb250674d0606ba7e750cfa61986e
SHA512 3b7747ef17b8b583ef7a4e729c19ebc65a4eb6258bd1f514918ae3821c4f1529b5ab50c7205e565f7a0f768a980d3ff2cd370877ff6a86ad6044080b647f4ace

C:\Users\Admin\Downloads\NewWait.aifc

MD5 7b1558faff039df2a26d2cdfa1211436
SHA1 40c122e22ccfa7f795a640d5033f4f5f4c673ac9
SHA256 a2c618edf99b955bad4f95d637e0c1f7f2b4b73c897795f46bb3edc15bc4c775
SHA512 cf657ac71210586b265391c441aa0fc8873e2deb54aff1d6b8a962c7dbfcc5341606d9d9c033d713cd5215ee0b95eed86d34e89c44159fbe7e1603522e6eb7ac

C:\Users\Admin\Downloads\OutSelect.lnk

MD5 68667bde97545b387f9a09ce7654e1b3
SHA1 5021c30c6e4f2790f7c3b57b2f385f031eb9b161
SHA256 17e9829daf364b87eff0c2f35184407e8d3665b0e6080f752ef15037bf35899e
SHA512 3a8038390f3c5bb8d3418b5e1195f0959cb683a00f8a43e35819ababb3e4b53d92dc542c0f8e3b495100e4df15733ead4cc236675e5c0c1b9fb9b2285f115cbc

C:\Users\Admin\Downloads\PopEdit.dotm

MD5 fd5d417c4b2bcfbdabfb080c1124bb8a
SHA1 ea5ca5930fdf660ec87d06156e4e1a793bee2f45
SHA256 ca6feb1fb4bd37740fe2dcb7710bf61984e8257c1fff8ded16560271704a753b
SHA512 cf158bbd32ad2d72e895631d627a45d3fc8b2fa7a56c69f84eee809b9c13097bd0060c0f523d8317acb7e565ff6b4c4817898af636f81a9336ab8bba0c8ec985

C:\Users\Admin\Downloads\PopEnter.wmv

MD5 8b45140aa8177c45372a3bc405fc0440
SHA1 38158d35e6d9fd83058c99d42f0a52a184666080
SHA256 5316f2fc5f6e3e9daf102e133d3d41683613150d3d8e517a609f4a28cc9e9b20
SHA512 5f70deee90ffffef6db3b2079f84f3ef506d001203d7a2d95e255aee98edf5a9eb51d02ceedc97272d768913bb4854dd4d88385d134dcb080b6285001c0cbf0b

C:\Users\Admin\Downloads\ProtectPublish.bmp

MD5 5e083191f5c73e0caefb695630664509
SHA1 992fce84a77af18ecdeb7ec5e7ae4aad76ee8550
SHA256 f8b251cfb250048a393de2a3d4dfceddb1269032f7c3010b7ab1ee8a3fbec85f
SHA512 13112cc29d19d0cbeb35efcb40ab91adfd19dc48f7feeada6935d99dcda9efa4046c398d428093f054c160b75ccbdde79027ab0bab8bc5cc3a17f556eb8ac764

C:\Users\Admin\Downloads\ProtectSubmit.xsl

MD5 48abf0c3d8439f2ba78a50d4b30b76e9
SHA1 f00d5f79b02152dbe2fd69ccfdbbc97bb13bacdb
SHA256 fa13bacf0b5270675ca9769b068000b54b5fd8e20a49168374542b538174d284
SHA512 94d88719e78199afee4cc8f01d8eac8f9d522e3311f8ee27dadda183b752637fa79a9ebd86e162fcf0190bbac54bd56bd8487b5a4141b63eb140ad8fe4a16f59

C:\Users\Admin\Downloads\RegisterPing.xltm

MD5 5fb6d7e0387910c43fc0f1d4ffabfdf9
SHA1 7ec84b102e81a4978fb511e671aa54030e0fb097
SHA256 81a7109d5a8b5d7e2abab50cc1b9cc2c57f3a34bb9246ec5f0e07f46f0222317
SHA512 5d4b7a184736f5d1e8d197e956a51157b75187b1052c9d0516a51ec23a6b411b1000469ca7cab43cd54e00df50bb074bd0767c813d3ed097989ed4a7b2f162df

C:\Users\Admin\Downloads\RenameEdit.pdf

MD5 8976ce36765190805f37f3e0e8fb68ca
SHA1 84d8372aecd1707fcd504e48006d63544e9e64b4
SHA256 ed4f4eee3197aa3d6470ee2484f1c6f9e9881fc9726a0b3997dd13bc44ab931e
SHA512 bb9395d8773ed1b40142490d0c15efa9ac5ec6d1537ffd12dc8445df0a347218846ae79d247f80995bcec5bea05e7137bdef62616c99005d7f3fb8878b333c65

C:\Users\Admin\Downloads\SaveSelect.iso

MD5 d5e07269719c8b08919dd9835edcc5d2
SHA1 e55d7afe6ac663164bdc66b6c25373a8310810f2
SHA256 adfb9485ecf9726a10771552fd6a76b2d74aac792e7d601819d1eac98c38aae6
SHA512 7e7246eb7a19545fc69df9ae90fab9e1ac97a0249f4a372022905ab8ca22df767647aeff89a1fc42e3d73ed0bae3bf7ac17505e006d923aeb432777933d92ca0

C:\Users\Admin\Downloads\StartMove.mp4v

MD5 f7e4d4d016007136861890eab1c9bd37
SHA1 d128325f2aeb4e751a7692498f56ee7af82425fc
SHA256 836e2d4e720fbcda971265b4892b421b8b2566c868761c37cb21f8d00f8c6840
SHA512 9b041c63faf95082fcb744c89dac0696dae6c8619b69470fa8bc409f9bb7f8f791ade712d0b9d4e9b456f8b7fee53e4e4296e255c62babd334d57cd919ccbf9f

C:\Users\Admin\Downloads\StepUpdate.m1v

MD5 1a3fc9675d208195237acc4d5668dcd8
SHA1 4a0b91af1a1b766aa8eec4fa14a99838f2037019
SHA256 06077a7c20fd157dfe4685994a375c8b3034f560dfd7993266bb30f12719292e
SHA512 b09530c10075cd5a5c140d42652d58ed988f11613ab0ad2badb9e5ea67ddbd7806e41feca74f656c25d23f873ab12f40d008b0560bf1a3050068e661154ff487

C:\Users\Admin\Downloads\UnblockReset.emf

MD5 c19d6b70e2a89773cefced316abc3107
SHA1 e0564db6492d2000c7948c79f45dfca446fc1e3a
SHA256 5102648bfc76f3f7d5874e6a52b18d88f48fa81139824949f8442bf68d0f91eb
SHA512 990fb6616a97e62e25e1aec59d15327f2699a98c9a7427691abd6ab654ca1dbbfa84e8c9ad158f6143cacf1203cc8d50889d78c1bc5b13fc01120c75fc616596

C:\Users\Admin\Downloads\UninstallResume.wmf

MD5 44f9d2372382a271c249d7f117721a8c
SHA1 0a236acc5b2fb19cff06ff8bd46a786d3fbf8584
SHA256 a18cb83fc034af5a0a0d79b34f4ec4645b10b3a1bd78a7e062a13be5538e2b5c
SHA512 a16e22f818436e1808092a75157de1eac56e95a8cd4046e959032e2612d4b495e816189ef8059dd3756322ff293975dd2b0435ff76179a973ff884988d418f8f

C:\Users\Admin\Downloads\UnlockPing.jpeg

MD5 e394a16deb3ea7a73a0439f67a1c664a
SHA1 e6d329c8fbc94e3b72d8ed7afe11197536b4a66f
SHA256 60c79184c6d79eff0208dc751867e20870aa5918cc988b931d203d6bff82a824
SHA512 abbba45210cc0fb07a75bce01a7a52a95f08cba00e5e518b3d02f525ce046745304466bf03530df5066567bc6e9cae1c3bfd0f104465722bbb97b1eb6ee69a0d

C:\Users\Admin\Downloads\WriteConfirm.wmv

MD5 22e547d2bf9791bef15969e8f54385d3
SHA1 fd33f5e36c908458f58ccca1d64e949338bcc81f
SHA256 bd48c160642a980d1414cc144f0628a784ddf6305994b6b3f9f168d67305628c
SHA512 1f983f6399349da17067b7f28aaaaa91bb064afd8b5ccd82ad778c2e8892ba07ddfdd689a2816a040973ca99099e6a74b14de5332345574dbf92349ec613c9de

C:\Users\Admin\Downloads\AssertReset.bin

MD5 8bccdf2f1f3a9a2f23aba3642289d5ac
SHA1 725cd8d70437d5ad1ea4d88a2c6dded1d8710f0c
SHA256 6ed0e22e58700e702b5433b89e45b0ceaf9e412ce7354ecdf051bb73d70a0322
SHA512 1f0db0b115c11a8fb5ec7e7a02967f8e73ce3aa6c63e2ade4c0ef3772b338e05269b4c59cc001ea02d384cca81a520ad4372d948a1ebf62ea2234b5d16eb3ec2

C:\Users\Admin\Downloads\AssertImport.7z

MD5 1791ec1f9bc361c83ba6783ebd169f03
SHA1 96e02a5e8a1a95f00998f83d0a70d8ffce341658
SHA256 7bd628b4cc89c8d687b36dcc799399e27b50d414b797d018e606bbd4b477f2dd
SHA512 657bc352203003dffd415debc2aba2ba8a085ae16592de1179efaa1bb36815f0670280c7f0366ffc2d9cb16fea33d93c0dbce8d17800c775412095e8f1ce4a35

C:\Users\Admin\Downloads\UnpublishAdd.mpa

MD5 c72a1be038f714593e17770f851c6769
SHA1 c769815d392df9dd8623056530897ed337ff777c
SHA256 4a29963576a1904cafb6dcda794f5f3b24b0b2869ab4ecbffc241e814c4813db
SHA512 5a89c38027d2f984bc383eea0ca36f18c8729aaa6d908ecbf731f1ea41b89af55f97e5321057bd4270d7d8fa88291ae5ce86c437fef0489ab2a27005514ca808

C:\Users\Admin\Downloads\CheckpointWrite.jfif

MD5 cce17cf6fbba7a51d88ff60e089a1215
SHA1 a48895b8c198465523b742f9245e577c1ed4b973
SHA256 072253b0f875be9638ec36ed39afa918604091b8db7e0a5824752b77dfb5c77d
SHA512 7f0d840e29855e3a54909a47ac70c22f79f62a233330cb4aae9b554771184e5879d6944a5924a676daba919b2821bfd966b7ddd5b66cc2ee1d9ab448a5e22eec

C:\Users\Admin\Downloads\ConvertPublish.bmp

MD5 80ef6fdcdee839815588c99a5b8c6e39
SHA1 1f7783caba1c1c1264137f1aad47bda7f847f5e9
SHA256 a733b2524ce137ee68c21cb5edf56710e2fbc116fa17e0a92f68ef9f29276b39
SHA512 6b0d237a786889898f3c5f16dcf4fdc5e3c4ececb99da70c8a3a286218a97d8a42cb47bce9266fa17f2773453a71b0eb56b9733aae09410669eb7dca390037c0

C:\Users\Admin\Downloads\ConvertFromLimit.mp3

MD5 bafa5ee7dd81069ec7934c80d365c854
SHA1 18591da62098a935130593cb15282d70857e3199
SHA256 484af51f65e35ba636a92a8dc948e06dba7cc43899a630dd61ab5c0b59f68e3a
SHA512 17bc8a36308452eb16c8756162fd734313f83ce20fe13f0d7981e4dd4e483d2e194dc52b767ee9d28ebf9b8db17054e9ce34384012fc3118607337d2bbab5779

C:\Users\Admin\Downloads\ConnectRequest.odp

MD5 52769a4c205f9a1a68f06e2084888c9c
SHA1 67bcd3d42e9efcdc3f709832fee1b7a8e27435ef
SHA256 f490392d879661255e6883711d8735e7acf9a93cb338f96f35f98c64ae7ad6c2
SHA512 a606d94737fe5aebd82069a116d53250aee30e49f4465de6f7eaf96c46372b70193d5504b7b650b2eee31f0caf42de6895c2278cb8296d77658834cbad5c9c6c

\??\pipe\crashpad_1828_LXZYORIWHMMTQEZK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Temp\Cab6367.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar6389.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

memory/2032-207-0x00000000005B0000-0x00000000005B1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a7ccc37de3a6b8bc55088b47d274a916
SHA1 3f711b60bb8f36578990273886ab5833b8ba5a4d
SHA256 a964260c6ccbadb7353dcdf0fb2231119196fdfb280a43bd50e3acb13aa883c5
SHA512 384b85e46395c4ab2a35bdabc6aa2519b2b3f5e01c3ba50055bdb5910cc33260280d6ccf5f54bf86e0fcf2fffac343c050453bdd1031affefe5b0f6f34e592d8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8564cc484315357ba7cf4ac6d799ef03
SHA1 07221f084e4d46bbb9fc27571a7f3d22848ba57d
SHA256 174c5e4d7ef43f05d986e229de448821c7b7aed7dc81298e28c46ca58c9f69e5
SHA512 4f2a9cffed6b65f4b3f7be2e31f6d6b6a44fc650e9d7c9fac3331c35b1f2a3901c1b71c790aea1d93e8d72eb551345c04c3eb28d2fe8702b407621e9e4d7430b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1623bc5767a3de0cd1179166c1aec91a
SHA1 bc614ff9f7c07596afb5e3a0032f9d35b797d67d
SHA256 c7f11e28a85c7338dd49fbc0d551213106a66b0050befbc77dd45c9b8409152d
SHA512 96ea164285f56c27307cdd0133d7737222e2df2a14426448479ede982de404d28aaddab57cec056b26ffc60573cb74e5501bcf6e68909f9bee18d0309f7cff9c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c8b941eaa3996c086d20c35efef42751
SHA1 b191deaaf2af088d297c94604ef2dbcc334a8353
SHA256 f4750064c37d15a27d0b764fbcf928ff93b9b48145307af4ffff87034bbadac5
SHA512 4b7280096eb2bb177e0fe160cde6b0afd509fa09dd913ef880fa40d8ccd598de8ab0a7e60dc007734615ae651e459890020dc7bc09b7973fe33efde020455847

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 708fba346daa178c68bcc7b4176b5906
SHA1 42a3c9e98103b280bfda5433ab63d9460e4c431f
SHA256 2ac66c2dbdfc90caccb40feafe140bf38bc5857eb25725f5ca7bfcf00104f255
SHA512 41b480f089f0ae9eff107721f4ed569223d8e6f538836e81060f8bfae5e94e5a4f0e39876cb46486632d24b519a52ef5730cc375afdfe5aafd81a9f2f58a8f71

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf77ccd1.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 79d3969f224739be4e950ce8363051bb
SHA1 43bcd9685208db962592c2b870b5f6f312673fee
SHA256 39da6d3a158bab001104f7e93b087ca9f66b00dec3e0e673c8208758a8f03cd9
SHA512 f951a69941e45ad842e2f0a0d009e5b7f97453ee0e8083c7f66d6de6580496ec18b0929addfcfbb6d815418396e15644432545443e832078a34b7e9269b9973b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 795bdde37fa5577de0ba6cc7ee378e29
SHA1 377a82ca7a882b2b02ac59584ee93f894b2c75d0
SHA256 0fee880e87b499fde8b5e2277338ec068713f13c8656f9c628a92e59de126bd8
SHA512 495c9724325c70124dcc5b8995186d79068d524c5dfffcdfd31158ce25434fdc45ebf5ff43dcac61d36e5ec8a48b483e1a33d1afd601ac8204bd2e47a3c130f0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d8eacb337ae909916d670170b3709b97
SHA1 0769848734ddef4404b1dd274dac29195dbd6306
SHA256 87d73613a307eba5f3f30a3db680ea327ea8635fa1b06e418d161ee468f0bb08
SHA512 2497e483a0f412d94665c8809c798edc507d9e4b7f6425ad1b164edfdb847be5011e51467273ce845f189ecb4507ee9f4876dfcbfbb910b0caf8c42fe9d3998a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1d816cc7a65b6c1e629fea1d670b362d
SHA1 d15ebd770609060d16200dcc2df14dcd2b93e439
SHA256 d7b9b47e351ba58b75cd5bf97ff7fa75483a0094ef30e105b13d25b078fbbf5d
SHA512 1403627ace58a38dc9f4cc9ba8c5633a42744984a63f939c2fe0871f758574341ee4c05ab70ec0c2b10ec629a0592e19caddbb2faf3745d079cece45fb28eda3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 353d6a11ac50f5c9a01d23164d992b4a
SHA1 dd81c94e7f7a66ff31710b5f5ce37013706e81c2
SHA256 f307a3ec00c6f7722c1bb15f1ebc78679fefaa7aec6952e4f828b3975ede8c40
SHA512 296b291e64a2bd506ca50f5203959eff31f1186084ba1a5533951150b88b0b4090ecd3776400ce1889351adc932ac2d2fd4614da2d9cd50cfafb3df942241c98

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

MD5 6e16a0e00a70defc9c40ae9ece97c9e5
SHA1 9772b4012ee94ed05356c98ba7e27e71283211d7
SHA256 82c83658c88de47b8e7da9904ca19299fc174763fcee974dd3c087b80b9bd532
SHA512 5e3984a7985a21d5644f5b579f32f408b28bfcb4de59764f403e4e10e08085e7b3f099748fa6e22180b6097edb4d8c20b676de182999155b13fdec4fae93367d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

MD5 c38ba740afd4d9ab26e57eaf753494e8
SHA1 cd5335de2af058232688f57ebce8d5b1e0440f4d
SHA256 cc5f63853e59e46e0c06de52459c1289b17bb935480674d85a713cb2d06dab28
SHA512 16c6bd8fe90c087b814820c8f34478ae0becdfee1defc545a5f89b70367fe0ecf1d44a42b0cf4efcdf8261d3ddd2bf7441340ce5462017b4074351b49aba7a3a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

MD5 1bc16342586543c6af7c4a0a1e79854e
SHA1 587fccbbd81611d3b0628f54820edbf9941f2be8
SHA256 94781f24054f1bbf35a3a581676d8a7cdf0a4cacc1b8d2f2b0fdb37501921efe
SHA512 3ae3f2fc2a4054ff5b20724214850b8e336704a2ec4e05f62ca0817b3379906a9d17da574b609714244ea0d4ad6176d3ff3d7c0b9003e549e52070d38fffb8a7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 ae1bccd6831ebfe5ad03b482ee266e4f
SHA1 01f4179f48f1af383b275d7ee338dd160b6f558a
SHA256 1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649
SHA512 baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 b2a1d7b6d34b0c67da7f121d0d79f7ce
SHA1 5e9ea19cfd1aa908c79d34b83b5904b19149366a
SHA256 81d8001d4dfcc93507063eafcdd7bf233141755126f076ff5629abcb4fbd40b8
SHA512 e874407d0b19b804983d24cb6502fbf35b90519f5c680e8616cda9596cc476cdb525ae66f1fa1803ed470d6def57065cd86dba1003161682344c04b1695aeb5d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7238137d53b8275025cdfe0b16eefb92
SHA1 d215b00d29daedd1257b9dd23432e844f1f02185
SHA256 279153f4638f3efd93f190f88c4e8e686b15846c29c46605b068c9c197478620
SHA512 16107e2ddf0813d8a97bec1793bebe9112e4da32f4df2edcff0eb255163bfcd3c8aaa1c162886a2cb2389bd7bc04a7fa5714e615bb8090ddb9b0a96fd9679c5d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 29d5d66c00c096eb64ad9c6cedc7e91e
SHA1 9ae7fd054366f5e6cad80e0fc1a6962cfc5d1c61
SHA256 a1b37766c4d7cb70fcb18afb3208d5ae7fc5b13cf105dbb0bd45e584ca6564ff
SHA512 e6b8f0046fa5071169e2a6b9fd960639f9ad9c66861a7c65f6c498cf1ce3ea916c97cb25854082de30b1e7e53ce6fa219b6cba548ecb9263a871ee1d2632fc52

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 449d35c9deb7dc1322ad9586fddbcfd3
SHA1 76fb77be9d5e167f1781ec462d00e404db7b69dd
SHA256 26589bd2b996d06e70c6862ac0bbaf2f9895d13b810b8c57eac89b694f99e084
SHA512 f2f1cd703ae5c4c948dfd11441ce00d25244bbda2d4a229873d1d738f97bf99314a27443ed6e6cd38339181282170aee1c8b3440fd849fd0af852b42889432c1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5b33ec388aeb9bee5f1c6e2142e285b8
SHA1 96e5a87ecad66cb3bd4e563fe6328e32dabc6ea6
SHA256 e7f8156232b675da1bb819a12378b80c9218e20664a5c1bda2bea78edaca025d
SHA512 162f1815992f0ddd1cc60c407a6324d4359f06a34ad0c005e963ea578dc19daf1d53b88af4870fd8318be52fc331468e11cafdb1e8818941969f5c6dd7ccc418

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c15542c6cf7d2a8fe79f585824211bd6
SHA1 4ee9f83718128cca58cdccb731cb3cec9106888e
SHA256 ed88e34083dfdd7c73b9315532bf5c72609346176d69581af9c54ff56194a3ee
SHA512 1c4fa71290d06edc40c03b1298eae65a40f3d652a8cadbfd3d4a08d6d55fef71724a99e61f07114c094f307fa9672f07bea5f2bf862f39b18fa668b5797c2627

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2fdb2f16aa00e60728535893b2eb4c15
SHA1 19a8c36162a3126b980664e7cf621a54021f85d9
SHA256 c8f9a81d79d125bdf0d833a124f1e2328adc722117a096d131e395e3d9961b14
SHA512 89518931a564394fffcc99ee301a8c8a70ec1428ce8001ae7f8e2b13a21b332f9519ad6b790d77e4064961bfbe7cb3e351d098de79c351246402485a0edc909c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8b894bd5a5b14ad2c7cbaa330ca12408
SHA1 dcf42b61f485cb2422959b0a29f8afe643dc3c82
SHA256 df9253a38e692fa5f560fff1812b9663924a038e21a4001cf48eb322d77c529b
SHA512 2bb3f77f93aa2eede3cb38dc594d94fc9e0d31103b67783cafdd8ae815caed0a0883ed922415c39cb307abf2e83e7412792093a648464c4324db216d01c2456b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 51d44a03f09375db26d46455c9a0b915
SHA1 a2dc6fc1a8a86dd3367b99e62bd5a0eb804634f4
SHA256 17859a949a5e62afd4963ee30e6b7e58689d41a7f22be00e41c78ec779725f36
SHA512 b202a3b2631bea3851586f68583d737ada025ba6b45dbea4a4f4c831c8c7e99c345de144fedcc80e1cb917132f8364f9bd2a12fa0b2b4a85c0beddf24f91603f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 89571d3d25f22345f11ca2b88af90d8c
SHA1 6499bd5e82f7525272de548d3c553e3af23ae232
SHA256 14fe8a3a57f9a223fb6c843a35a00337a1db6cb0c1ffa7b5d37dfc24998da355
SHA512 0530be9ad698e6502304b55a206d840a1ecbca1ce1c599c863c35547c761a13834147d46b048ee77a4a4e97e8cd1c84e33c62efca67f7612e7111a1306eb2d22

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\f02db254-0d35-4c40-81bb-9855aad9b80f.tmp

MD5 be4036b756d4571c4ddee720fa3f48ae
SHA1 a7f65f8d1f5b5667c5a287589f77ba4ec4688218
SHA256 8216006ba73f6ad36332dba0317bc961e85818cbd8b0d08b2babe0e3a6a7c60c
SHA512 37be37be3c15a4fd6bc9493fc60b7316cd70af6e6b0973e89b7132a94c451f68ba232cc76356f4cb4e1744e4b61845bf15975a6dcbc9435da32cad243c9dc4fc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 db916d6659e2416521644d0190a3661f
SHA1 d61394d3a0cf843830ed9740506988282e56acb5
SHA256 8dd21137871e2b9fead12076441697109aeb3aa2930ea201eea6b1445b3d1fae
SHA512 3449460b8f7adc769025dd944a1caf7b6785f9756854a4b64ce716f03276a078c290d451e6b0c643e5d99c45880397b888fbfc8de5a3ca1edeacc5e33c4463f1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 6da71f11798889ebd401e1ef6088a350
SHA1 1cb3433120b5546cefba4bf1503da6ffcd933683
SHA256 129733a91a0ade294e133644f7348896bf91d93b0f57cc01520165c4e0af798b
SHA512 b8dc6e6d5452513d04050ebae96ca15329c41394c5e45b2ffe2e204956b71e83e7433524b9972d782a8cfcec1ff4f3dfaade23dbfd695434c64e18af055fc2d0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 7eda2cef340c3ea34e8ccf4d2616f2d9
SHA1 55500fa2c46c7e4d5dc446fd86ed8c8cffb80843
SHA256 6292bdee0d3eaed76c64f98159d61b0eaa49fcdb4ff4183ea236e9b1c1f097e5
SHA512 efde249a019e376da89f2000ea484082e06f9fb83f412de7ef5a1edf116cbe60d43592912374cf8778b5e113e64efe941c3a315703b81da80cb9398a5fe5be3e

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-11 02:40

Reported

2024-11-11 02:43

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\re-yang-win.exe"

Signatures

Contacts a large (718) amount of remote hosts

discovery

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\re-yang-win.exe N/A

Clipboard Data

collection
Description Indicator Process Target
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\re-yang-win.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\re-yang-win.exe N/A

Reads user/profile data of web browsers

spyware stealer

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A discord.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A discord.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3920 wrote to memory of 4212 N/A C:\Users\Admin\AppData\Local\Temp\re-yang-win.exe C:\Windows\system32\cmd.exe
PID 3920 wrote to memory of 4212 N/A C:\Users\Admin\AppData\Local\Temp\re-yang-win.exe C:\Windows\system32\cmd.exe
PID 4212 wrote to memory of 4200 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4212 wrote to memory of 4200 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3920 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\re-yang-win.exe C:\Windows\system32\cmd.exe
PID 3920 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\re-yang-win.exe C:\Windows\system32\cmd.exe
PID 2596 wrote to memory of 2560 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2596 wrote to memory of 2560 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3920 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Temp\re-yang-win.exe C:\Windows\system32\cmd.exe
PID 3920 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Temp\re-yang-win.exe C:\Windows\system32\cmd.exe
PID 2188 wrote to memory of 2768 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2188 wrote to memory of 2768 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3920 wrote to memory of 4412 N/A C:\Users\Admin\AppData\Local\Temp\re-yang-win.exe C:\Windows\system32\cmd.exe
PID 3920 wrote to memory of 4412 N/A C:\Users\Admin\AppData\Local\Temp\re-yang-win.exe C:\Windows\system32\cmd.exe
PID 4412 wrote to memory of 4684 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4412 wrote to memory of 4684 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3920 wrote to memory of 64 N/A C:\Users\Admin\AppData\Local\Temp\re-yang-win.exe C:\Windows\system32\cmd.exe
PID 3920 wrote to memory of 64 N/A C:\Users\Admin\AppData\Local\Temp\re-yang-win.exe C:\Windows\system32\cmd.exe
PID 64 wrote to memory of 3300 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 64 wrote to memory of 3300 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3920 wrote to memory of 1892 N/A C:\Users\Admin\AppData\Local\Temp\re-yang-win.exe C:\Windows\system32\cmd.exe
PID 3920 wrote to memory of 1892 N/A C:\Users\Admin\AppData\Local\Temp\re-yang-win.exe C:\Windows\system32\cmd.exe
PID 1892 wrote to memory of 2784 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1892 wrote to memory of 2784 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3920 wrote to memory of 3196 N/A C:\Users\Admin\AppData\Local\Temp\re-yang-win.exe C:\Windows\system32\cmd.exe
PID 3920 wrote to memory of 3196 N/A C:\Users\Admin\AppData\Local\Temp\re-yang-win.exe C:\Windows\system32\cmd.exe
PID 3196 wrote to memory of 4848 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3196 wrote to memory of 4848 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3920 wrote to memory of 3392 N/A C:\Users\Admin\AppData\Local\Temp\re-yang-win.exe C:\Windows\system32\cmd.exe
PID 3920 wrote to memory of 3392 N/A C:\Users\Admin\AppData\Local\Temp\re-yang-win.exe C:\Windows\system32\cmd.exe
PID 3392 wrote to memory of 1404 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3392 wrote to memory of 1404 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3920 wrote to memory of 4744 N/A C:\Users\Admin\AppData\Local\Temp\re-yang-win.exe C:\Windows\system32\cmd.exe
PID 3920 wrote to memory of 4744 N/A C:\Users\Admin\AppData\Local\Temp\re-yang-win.exe C:\Windows\system32\cmd.exe
PID 4744 wrote to memory of 3132 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4744 wrote to memory of 3132 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3920 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Temp\re-yang-win.exe C:\Windows\system32\cmd.exe
PID 3920 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Temp\re-yang-win.exe C:\Windows\system32\cmd.exe
PID 2388 wrote to memory of 1180 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2388 wrote to memory of 1180 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3920 wrote to memory of 2192 N/A C:\Users\Admin\AppData\Local\Temp\re-yang-win.exe C:\Windows\system32\cmd.exe
PID 3920 wrote to memory of 2192 N/A C:\Users\Admin\AppData\Local\Temp\re-yang-win.exe C:\Windows\system32\cmd.exe
PID 2192 wrote to memory of 716 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2192 wrote to memory of 716 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3920 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\re-yang-win.exe C:\Windows\system32\cmd.exe
PID 3920 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\re-yang-win.exe C:\Windows\system32\cmd.exe
PID 1920 wrote to memory of 1472 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1920 wrote to memory of 1472 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3920 wrote to memory of 4048 N/A C:\Users\Admin\AppData\Local\Temp\re-yang-win.exe C:\Windows\system32\cmd.exe
PID 3920 wrote to memory of 4048 N/A C:\Users\Admin\AppData\Local\Temp\re-yang-win.exe C:\Windows\system32\cmd.exe
PID 4048 wrote to memory of 4684 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4048 wrote to memory of 4684 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3920 wrote to memory of 232 N/A C:\Users\Admin\AppData\Local\Temp\re-yang-win.exe C:\Windows\system32\cmd.exe
PID 3920 wrote to memory of 232 N/A C:\Users\Admin\AppData\Local\Temp\re-yang-win.exe C:\Windows\system32\cmd.exe
PID 232 wrote to memory of 4652 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 232 wrote to memory of 4652 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3920 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\re-yang-win.exe C:\Windows\system32\cmd.exe
PID 3920 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\re-yang-win.exe C:\Windows\system32\cmd.exe
PID 2332 wrote to memory of 1408 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2332 wrote to memory of 1408 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3920 wrote to memory of 728 N/A C:\Users\Admin\AppData\Local\Temp\re-yang-win.exe C:\Windows\system32\cmd.exe
PID 3920 wrote to memory of 728 N/A C:\Users\Admin\AppData\Local\Temp\re-yang-win.exe C:\Windows\system32\cmd.exe
PID 728 wrote to memory of 4080 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 728 wrote to memory of 4080 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Processes

C:\Users\Admin\AppData\Local\Temp\re-yang-win.exe

"C:\Users\Admin\AppData\Local\Temp\re-yang-win.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 8.8.8.8:53 api.proxyscrape.com udp
US 8.8.8.8:53 openproxylist.xyz udp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 104.18.10.5:443 api.proxyscrape.com tcp
US 104.18.10.5:443 api.proxyscrape.com tcp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 104.18.10.5:443 api.proxyscrape.com tcp
US 104.21.0.95:443 openproxylist.xyz tcp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 104.21.0.95:443 openproxylist.xyz tcp
US 104.18.10.5:443 api.proxyscrape.com tcp
US 104.21.0.95:443 openproxylist.xyz tcp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 discord.com udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 133.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 5.10.18.104.in-addr.arpa udp
US 162.159.138.232:443 discord.com tcp
US 8.8.8.8:53 95.0.21.104.in-addr.arpa udp
US 8.8.8.8:53 232.138.159.162.in-addr.arpa udp
US 8.8.8.8:53 api.ipify.org udp
US 104.26.13.205:443 api.ipify.org tcp
BR 177.23.54.13:6006 discordapp.com tcp
BD 27.147.209.215:8080 tcp
IQ 45.81.145.128:8080 tcp
PK 202.69.38.82:8080 tcp
TR 178.254.168.12:4782 tcp
US 83.171.225.145:8085 tcp
US 107.152.98.5:4145 discordapp.com tcp
US 67.213.210.61:48785 tcp
TH 61.7.157.51:8080 tcp
RU 94.45.4.102:80 tcp
BR 131.72.69.209:8080 tcp
HK 47.242.121.232:5522 tcp
ID 203.89.29.41:6060 tcp
JP 160.16.109.252:18080 tcp
DE 5.189.172.158:3128 tcp
GB 154.201.34.11:3128 tcp
EC 45.70.236.194:999 discordapp.com tcp
DE 91.107.231.48:3128 tcp
KE 102.209.18.96:8080 discordapp.com tcp
US 104.19.22.177:80 discordapp.com tcp
US 8.8.8.8:53 discordapp.com udp
US 198.199.96.195:80 tcp
TH 182.52.27.44:8080 tcp
ID 36.91.46.26:8080 tcp
IN 103.51.21.250:83 tcp
US 72.210.252.134:46164 tcp
IN 103.85.103.1:5678 tcp
AR 200.106.184.11:999 tcp
CN 121.230.210.106:8089 tcp
US 50.200.12.86:80 tcp
SG 20.24.43.214:8123 tcp
FR 51.91.109.83:80 tcp
PH 112.205.92.14:8080 tcp
TR 178.18.207.72:44435 tcp
VE 38.41.5.75:999 tcp
KR 58.234.116.197:8197 tcp
ZM 155.0.72.251:3128 tcp
ID 103.187.86.10:8182 tcp
CL 179.57.170.143:999 tcp
TH 125.25.133.236:8080 tcp
IN 45.126.21.75:5678 tcp
EG 41.33.219.132:8080 tcp
LY 165.16.46.193:8080 tcp
FR 51.83.34.150:34214 tcp
CN 122.9.4.213:80 tcp
CN 139.196.214.238:3128 tcp
UA 195.66.156.196:1080 tcp
US 162.241.46.40:34295 tcp
US 74.208.177.198:80 tcp
US 104.25.206.32:80 tcp
CA 207.34.88.177:80 tcp
US 104.19.22.177:80 discordapp.com tcp
BR 177.69.118.177:8080 tcp
US 104.19.22.177:80 discordapp.com tcp
US 104.19.22.177:80 discordapp.com tcp
BR 186.224.225.82:42648 tcp
BD 124.6.225.124:1088 discordapp.com tcp
US 104.19.22.177:80 discordapp.com tcp
US 104.19.22.177:80 discordapp.com tcp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 205.13.26.104.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 177.22.19.104.in-addr.arpa udp
US 8.8.8.8:53 32.206.25.104.in-addr.arpa udp
US 8.8.8.8:53 83.109.91.51.in-addr.arpa udp
US 8.8.8.8:53 5.98.152.107.in-addr.arpa udp
US 8.8.8.8:53 195.96.199.198.in-addr.arpa udp
US 8.8.8.8:53 13.54.23.177.in-addr.arpa udp
US 8.8.8.8:53 214.43.24.20.in-addr.arpa udp
US 104.19.22.177:80 discordapp.com tcp
US 104.19.22.177:80 discordapp.com tcp
US 104.19.22.177:80 discordapp.com tcp
US 104.19.22.177:80 discordapp.com tcp
US 104.19.22.177:80 discordapp.com tcp
US 104.19.22.177:80 discordapp.com tcp
US 104.19.22.177:80 discordapp.com tcp
US 104.19.22.177:80 discordapp.com tcp
US 104.19.22.177:80 discordapp.com tcp
US 104.19.22.177:80 discordapp.com tcp
US 8.8.8.8:53 194.236.70.45.in-addr.arpa udp
US 104.19.22.177:80 discordapp.com tcp
US 104.19.22.177:80 discordapp.com tcp
US 104.19.22.177:80 discordapp.com tcp
US 104.19.22.177:80 discordapp.com tcp
US 104.19.22.177:80 discordapp.com tcp
US 104.19.22.177:80 discordapp.com tcp
US 107.1.93.219:80 tcp
US 23.231.2.17:19481 tcp
US 50.168.49.108:80 tcp
US 159.65.39.161:80 tcp
TR 88.250.72.224:1453 tcp
HK 183.87.158.141:8080 tcp
IR 194.31.108.52:55555 tcp
CI 213.136.101.36:3128 tcp
US 173.208.239.42:17007 tcp
BR 179.108.158.204:4145 tcp
CA 72.10.160.173:3209 tcp
US 131.153.151.250:35158 tcp
US 8.8.8.8:53 161.39.65.159.in-addr.arpa udp
US 8.8.8.8:53 96.18.209.102.in-addr.arpa udp
US 8.8.8.8:53 42.239.208.173.in-addr.arpa udp
US 72.210.221.197:4145 tcp
VN 115.72.160.16:10001 discordapp.com tcp
US 8.8.8.8:53 124.225.6.124.in-addr.arpa udp
CN 103.88.35.200:1080 tcp
BR 45.71.167.129:8080 tcp
ID 36.91.148.36:8080 tcp
CN 223.166.109.94:7891 tcp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
CN 117.160.250.131:80 tcp
UA 176.37.139.137:5678 discordapp.com tcp
TH 118.173.230.19:1080 tcp
US 193.227.129.196:22846 tcp
SG 47.237.92.86:4916 discordapp.com tcp
UA 45.134.173.237:8085 tcp
EG 41.33.14.23:1976 tcp
US 5.161.98.204:45055 tcp
US 50.200.12.87:80 tcp
TZ 41.59.90.171:80 tcp
PE 164.163.185.204:80 tcp
US 92.204.135.37:39957 tcp
CN 116.63.128.247:3333 tcp
US 72.210.208.101:4145 tcp
US 50.230.222.202:80 tcp
CN 114.106.134.117:8089 tcp
US 104.143.251.234:6496 tcp
US 208.102.51.6:58208 tcp
TR 188.132.222.168:8080 tcp
ID 103.55.22.246:8199 tcp
CN 47.113.230.224:21025 tcp
CN 123.73.242.119:1080 tcp
US 149.28.221.67:9060 tcp
DE 3.127.62.252:80 discordapp.com tcp
US 132.148.128.88:61777 tcp
US 8.8.8.8:53 234.251.143.104.in-addr.arpa udp
US 8.8.8.8:53 6.51.102.208.in-addr.arpa udp
US 8.8.8.8:53 86.92.237.47.in-addr.arpa udp
US 8.8.8.8:53 252.62.127.3.in-addr.arpa udp
ID 103.189.123.246:7777 tcp
US 8.8.8.8:53 16.160.72.115.in-addr.arpa udp
DE 141.147.33.121:80 tcp
GB 195.208.61.116:52803 tcp
TH 182.52.67.122:50801 tcp
SG 43.156.0.125:8888 tcp
GB 139.59.172.98:80 discordapp.com tcp
NL 212.123.230.25:8181 tcp
ZA 105.214.25.196:5678 tcp
BD 27.147.145.51:1088 tcp
TR 31.223.22.21:1080 tcp
CA 148.113.143.72:3128 tcp
EG 154.239.9.94:8080 tcp
US 8.8.8.8:53 98.172.59.139.in-addr.arpa udp
US 8.8.8.8:53 137.139.37.176.in-addr.arpa udp
ZA 102.132.201.202:80 tcp
NL 185.182.194.145:32754 tcp
PH 124.105.102.167:8082 tcp
PL 46.227.36.152:1080 tcp
US 8.8.8.8:53 145.194.182.185.in-addr.arpa udp
JP 160.248.80.91:137 tcp
US 32.223.6.94:80 discordapp.com tcp
CN 113.204.4.142:10800 tcp
US 38.127.179.26:42908 tcp
US 104.131.58.165:3128 tcp
IN 45.119.114.203:3128 tcp
US 8.8.8.8:53 94.6.223.32.in-addr.arpa udp
US 8.8.8.8:53 91.80.248.160.in-addr.arpa udp
US 8.8.8.8:53 203.114.119.45.in-addr.arpa udp
US 174.77.111.197:4145 tcp
US 8.8.8.8:53 197.111.77.174.in-addr.arpa udp
US 24.249.199.4:4145 tcp
CN 222.174.252.54:7300 tcp
US 64.225.4.17:10001 tcp
HK 16.163.88.228:80 discordapp.com tcp
US 8.8.8.8:53 4.199.249.24.in-addr.arpa udp
MZ 41.76.149.62:8080 tcp
HU 85.238.74.91:8080 tcp
UA 93.171.224.41:8080 tcp
CA 67.43.227.226:16819 discordapp.com tcp
BR 177.70.243.1:8080 tcp
DO 38.10.179.195:999 tcp
US 20.163.56.142:10000 tcp
GT 45.5.119.222:999 tcp
HK 188.253.112.218:80 tcp
SG 139.180.140.254:1080 tcp
US 104.239.81.6:6541 tcp
PY 181.120.28.228:80 tcp
ID 103.124.137.251:1080 tcp
US 132.148.155.180:45578 tcp
KH 110.74.195.34:25 tcp
SG 119.13.103.211:8002 tcp
CO 38.51.243.173:5678 tcp
US 8.8.8.8:53 228.88.163.16.in-addr.arpa udp
US 8.8.8.8:53 226.227.43.67.in-addr.arpa udp
US 8.8.8.8:53 6.81.239.104.in-addr.arpa udp
US 8.8.8.8:53 196.25.214.105.in-addr.arpa udp
US 8.8.8.8:53 218.112.253.188.in-addr.arpa udp
CN 8.136.100.59:8888 tcp
AU 51.161.130.195:57398 tcp
ID 103.146.196.66:8080 tcp
FR 51.15.223.12:16379 tcp
CO 190.2.211.146:999 tcp
RU 91.235.220.122:80 tcp
US 152.53.36.109:41588 tcp
GB 107.181.130.35:5656 tcp
US 97.74.229.3:45644 tcp
TH 101.109.245.200:4153 tcp
CY 212.31.100.138:4153 tcp
TH 110.78.148.57:4145 tcp
AZ 185.43.189.182:3629 tcp
US 162.240.208.119:49188 tcp
US 8.8.8.8:53 211.103.13.119.in-addr.arpa udp
US 8.8.8.8:53 35.130.181.107.in-addr.arpa udp
US 8.8.8.8:53 138.100.31.212.in-addr.arpa udp
BD 124.6.225.124:1088 tcp
TR 188.132.222.12:8080 discordapp.com tcp
US 172.67.126.201:80 tcp
GB 8.208.90.243:443 tcp
DO 38.156.233.75:999 tcp
US 198.11.175.180:4444 tcp
US 104.16.63.118:80 discordapp.com tcp
US 104.16.63.118:80 discordapp.com tcp
ZA 154.73.159.10:8585 tcp
US 104.16.63.118:80 discordapp.com tcp
US 104.16.63.118:80 discordapp.com tcp
SG 8.219.169.172:808 tcp
ID 103.109.2.94:4153 tcp
US 104.16.63.118:80 discordapp.com tcp
ID 8.215.3.250:9080 tcp
VN 27.77.228.212:1080 discordapp.com tcp
CU 190.15.158.183:9090 tcp
US 8.8.8.8:53 201.126.67.172.in-addr.arpa udp
US 8.8.8.8:53 243.90.208.8.in-addr.arpa udp
US 8.8.8.8:53 180.175.11.198.in-addr.arpa udp
US 8.8.8.8:53 118.63.16.104.in-addr.arpa udp
US 8.8.8.8:53 12.222.132.188.in-addr.arpa udp
IN 117.242.232.86:5678 tcp
GB 82.206.131.58:10801 tcp
US 67.205.60.167:17360 tcp
IN 103.159.46.34:84 tcp
DE 176.9.239.181:80 tcp
US 104.16.63.118:80 discordapp.com tcp
US 8.8.8.8:53 172.169.219.8.in-addr.arpa udp
US 8.8.8.8:53 250.3.215.8.in-addr.arpa udp
US 104.16.63.118:80 discordapp.com tcp
GB 213.52.130.61:47595 tcp
US 104.16.63.118:80 discordapp.com tcp
US 104.16.63.118:80 discordapp.com tcp
US 104.16.63.118:80 discordapp.com tcp
US 104.16.63.118:80 discordapp.com tcp
US 104.16.63.118:80 discordapp.com tcp
US 104.16.63.118:80 discordapp.com tcp
US 104.16.63.118:80 discordapp.com tcp
US 104.16.63.118:80 discordapp.com tcp
US 104.16.63.118:80 discordapp.com tcp
US 8.8.8.8:53 212.228.77.27.in-addr.arpa udp
US 104.16.63.118:80 discordapp.com tcp
ID 115.124.64.74:8080 tcp
US 104.16.63.118:80 discordapp.com tcp
US 104.16.63.118:80 discordapp.com tcp
US 104.16.63.118:80 discordapp.com tcp
ID 103.22.99.93:7777 tcp
US 104.16.63.118:80 discordapp.com tcp
US 104.16.63.118:80 discordapp.com tcp
CA 72.10.160.90:27323 discordapp.com tcp
US 206.189.237.170:80 tcp
CN 223.215.176.37:8089 tcp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 90.160.10.72.in-addr.arpa udp
JP 43.250.175.170:38080 tcp
US 162.243.102.207:9764 tcp
US 47.89.184.18:3128 discordapp.com tcp
FR 162.19.7.56:63781 tcp
IN 175.101.80.134:8080 tcp
US 50.168.49.107:80 tcp
US 172.67.181.89:80 tcp
CA 142.44.212.57:30439 tcp
FR 62.210.122.213:44256 tcp
US 8.8.8.8:53 207.102.243.162.in-addr.arpa udp
US 8.8.8.8:53 56.7.19.162.in-addr.arpa udp
US 8.8.8.8:53 18.184.89.47.in-addr.arpa udp
US 8.8.8.8:53 89.181.67.172.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 23.82.137.157:80 discordapp.com tcp
VN 27.77.145.231:10008 tcp
GH 41.204.53.19:80 discordapp.com tcp
US 173.208.239.42:17007 discordapp.com tcp
BG 213.16.57.50:8080 tcp
KR 8.213.129.20:8024 tcp
GH 41.204.53.19:80 discordapp.com tcp
US 8.8.8.8:53 19.53.204.41.in-addr.arpa udp
ID 36.67.136.21:8080 tcp
GH 41.204.53.19:80 tcp
SG 8.219.83.253:15673 tcp
CA 104.207.51.211:3128 tcp
US 141.98.85.36:8085 tcp
TW 59.124.224.180:3128 tcp
SG 68.178.168.41:80 tcp
BD 113.21.228.106:80 tcp
CL 45.4.0.28:999 tcp
US 148.72.169.225:30110 tcp
US 8.8.8.8:53 211.51.207.104.in-addr.arpa udp
US 8.8.8.8:53 20.129.213.8.in-addr.arpa udp
US 65.169.38.73:26592 tcp
KR 175.207.13.144:3128 discordapp.com tcp
RU 109.236.52.12:8085 tcp
ID 36.82.106.238:80 tcp
AU 47.91.45.198:8080 tcp
PY 190.104.173.62:80 tcp
EG 41.33.219.132:8080 tcp
CO 179.49.161.74:999 tcp
DE 45.80.188.183:25326 tcp
FR 37.187.120.71:2354 tcp
CA 67.43.228.253:11979 tcp
US 8.8.8.8:53 62.173.104.190.in-addr.arpa udp
US 8.8.8.8:53 144.13.207.175.in-addr.arpa udp
ES 213.97.161.224:3128 tcp
CA 159.203.3.234:80 tcp
BD 103.141.70.18:8080 tcp
US 8.8.8.8:53 181.239.9.176.in-addr.arpa udp
HK 18.163.56.126:80 tcp
PS 213.6.68.210:4145 tcp
CN 113.78.190.20:1111 tcp
US 50.168.72.117:80 tcp
ID 103.167.71.39:8080 tcp
ML 197.155.158.22:80 tcp
BD 111.221.0.118:8674 tcp
PH 58.69.201.117:8082 tcp
CA 51.222.25.113:52962 tcp
US 8.8.8.8:53 117.72.168.50.in-addr.arpa udp
BD 103.161.183.59:80 tcp
US 172.64.197.2:80 discordapp.com tcp
US 172.64.197.2:80 discordapp.com tcp
US 172.64.197.2:80 discordapp.com tcp
US 172.64.197.2:80 discordapp.com tcp
US 8.8.8.8:53 2.197.64.172.in-addr.arpa udp
US 172.64.197.2:80 discordapp.com tcp
US 172.64.197.2:80 discordapp.com tcp
US 172.64.197.2:80 discordapp.com tcp
PY 200.85.52.254:5678 tcp
US 172.64.197.2:80 discordapp.com tcp
US 172.64.197.2:80 discordapp.com tcp
US 172.64.197.2:80 discordapp.com tcp
US 172.64.197.2:80 discordapp.com tcp
FR 51.158.124.167:16379 tcp
US 172.64.197.2:80 discordapp.com tcp
BD 103.161.183.59:80 tcp
US 172.64.197.2:80 discordapp.com tcp
US 172.64.197.2:80 discordapp.com tcp
US 50.173.140.144:80 tcp
US 172.64.197.2:80 discordapp.com tcp
ID 117.102.224.38:1080 tcp
US 172.64.197.2:80 discordapp.com tcp
US 172.64.197.2:80 discordapp.com tcp
CO 200.10.30.77:8083 tcp
PR 198.52.243.9:7777 tcp
US 172.64.197.2:80 discordapp.com tcp
CN 58.242.249.31:33987 tcp
ID 119.47.90.74:5678 tcp
US 68.183.122.221:15422 tcp
US 172.64.197.2:80 discordapp.com tcp
AR 200.32.105.86:4153 tcp
VN 150.95.104.109:8080 discordapp.com tcp
UA 46.98.196.243:5678 tcp
TR 185.87.121.5:8975 tcp
TW 118.163.120.181:58837 tcp
US 8.8.8.8:53 109.104.95.150.in-addr.arpa udp
VE 201.71.2.161:999 tcp
ID 180.244.99.6:8080 tcp
SE 82.209.165.206:4153 tcp
GB 107.181.141.212:6609 tcp
EG 154.236.179.226:1981 tcp
US 8.8.8.8:53 212.141.181.107.in-addr.arpa udp
TH 159.138.252.45:8989 discordapp.com tcp
GR 84.254.0.86:32650 tcp
IN 59.92.70.176:3127 tcp
US 104.219.42.115:64912 tcp
SG 8.222.250.149:3128 tcp
CN 103.30.201.39:3001 tcp
IR 37.235.28.194:8080 tcp
GB 45.43.82.15:6009 tcp
ID 103.105.196.130:3128 tcp
BD 119.148.36.249:9898 tcp
US 8.8.8.8:53 45.252.138.159.in-addr.arpa udp
TW 125.229.149.168:65110 tcp
US 8.8.8.8:53 15.82.43.45.in-addr.arpa udp
US 8.8.8.8:53 39.201.30.103.in-addr.arpa udp
HK 47.243.177.210:8088 tcp
RU 188.244.38.134:7999 discordapp.com tcp
EC 179.0.43.45:999 tcp
TR 88.250.204.251:1453 tcp
NG 102.216.181.6:8080 tcp
US 107.1.93.213:80 tcp
ID 117.102.78.163:1080 tcp
US 74.208.47.100:22905 tcp
TW 118.163.13.200:8080 tcp
US 8.8.8.8:53 157.137.82.23.in-addr.arpa udp
EG 41.65.55.10:1976 tcp
KG 77.235.19.2:8080 tcp
MX 170.78.211.33:1080 tcp
GT 190.115.0.17:999 tcp
RU 31.28.4.192:80 discordapp.com tcp
BR 138.0.206.87:9292 tcp
TH 110.238.116.82:80 tcp
CN 106.75.86.143:1080 tcp
PA 190.123.226.109:5678 tcp
US 104.129.205.15:10289 tcp
US 8.8.8.8:53 192.4.28.31.in-addr.arpa udp
US 8.8.8.8:53 82.116.238.110.in-addr.arpa udp
KH 103.17.213.102:8080 tcp
CN 111.1.61.47:3128 tcp
CN 117.21.14.245:8000 tcp
US 50.84.48.130:8080 tcp
US 52.41.249.10:80 tcp
TH 183.88.240.139:4153 tcp
TW 211.22.151.163:60808 tcp
RU 212.3.154.210:80 tcp
US 8.8.8.8:53 194.28.235.37.in-addr.arpa udp
AM 217.113.30.218:8080 tcp
BG 92.247.12.139:9510 tcp
NL 145.40.97.148:10006 tcp
US 8.8.8.8:53 134.38.244.188.in-addr.arpa udp
US 12.186.205.122:80 tcp
CN 223.85.12.114:2222 tcp
US 23.82.137.157:80 tcp
SG 8.219.5.240:20201 tcp
IN 103.62.237.102:8080 tcp
US 154.38.161.76:58381 tcp
BA 91.148.127.56:8080 tcp
US 165.22.32.217:51871 tcp
US 8.8.8.8:53 148.97.40.145.in-addr.arpa udp
US 8.8.8.8:53 240.5.219.8.in-addr.arpa udp
ES 84.236.185.247:61710 tcp
EC 45.4.203.115:999 tcp
US 174.77.111.197:4145 discordapp.com tcp
AR 128.201.82.87:999 tcp
US 47.252.20.42:443 discordapp.com tcp
ID 103.165.238.114:4145 tcp
GB 8.208.90.194:81 tcp
US 198.12.250.231:5091 tcp
VE 191.97.19.66:999 tcp
US 8.8.8.8:53 42.20.252.47.in-addr.arpa udp
US 8.8.8.8:53 231.250.12.198.in-addr.arpa udp
DO 38.56.70.75:999 tcp
JP 8.221.138.111:8443 discordapp.com tcp
US 147.28.155.20:10067 discordapp.com tcp
GB 86.38.236.42:6326 discordapp.com tcp
ID 103.76.13.234:8080 tcp
EG 217.52.247.87:1981 tcp
VE 200.82.188.28:999 tcp
US 82.180.132.69:80 tcp
VN 116.97.9.74:5101 tcp
US 13.56.192.187:80 discordapp.com tcp
BD 103.138.123.65:8090 tcp
UA 193.106.138.52:3128 tcp
US 8.8.8.8:53 42.236.38.86.in-addr.arpa udp
US 8.8.8.8:53 194.90.208.8.in-addr.arpa udp
US 8.8.8.8:53 20.155.28.147.in-addr.arpa udp
US 8.8.8.8:53 111.138.221.8.in-addr.arpa udp
US 8.8.8.8:53 187.192.56.13.in-addr.arpa udp
BR 201.149.102.241:8085 tcp
IN 13.126.79.133:80 tcp
CN 123.60.109.71:30001 tcp
AT 212.236.38.166:8081 tcp
KR 221.156.247.86:53232 tcp
US 8.8.8.8:53 133.79.126.13.in-addr.arpa udp
CN 106.45.221.168:3256 tcp
JP 8.221.138.111:8443 api.ipify.org tcp
VN 116.118.48.208:35050 tcp
SG 119.13.111.169:502 tcp
US 198.12.253.239:20612 tcp
US 8.8.8.8:53 169.111.13.119.in-addr.arpa udp
SG 34.87.84.105:80 tcp
US 50.173.140.151:80 tcp
CL 201.238.248.134:443 tcp
ID 103.172.71.123:8080 tcp
US 47.253.105.175:2080 tcp
IN 103.60.138.2:4153 tcp
US 8.8.8.8:53 175.105.253.47.in-addr.arpa udp
US 8.8.8.8:53 134.248.238.201.in-addr.arpa udp
US 65.49.67.161:48324 tcp
CI 213.136.101.40:3128 tcp
CN 117.160.250.132:8899 tcp
VN 103.176.108.105:1414 tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 31.204.28.20:20937 tcp
VN 171.225.224.132:54400 discordapp.com tcp
CN 175.153.130.158:3256 tcp
JP 161.202.226.194:8123 tcp
IN 103.204.54.50:1080 tcp
IQ 188.72.43.162:47193 tcp
US 8.8.8.8:53 50.54.204.103.in-addr.arpa udp
CO 190.242.126.170:999 tcp
ID 103.156.141.100:8010 tcp
PL 185.32.4.65:4153 tcp
US 198.12.250.231:5091 tcp
RU 109.197.153.121:8888 tcp
US 103.54.57.117:50460 tcp
AR 190.111.209.207:3128 tcp
GB 18.135.211.182:3128 tcp
US 154.53.49.83:11289 tcp
UA 193.200.151.158:8192 tcp
UA 193.34.93.221:33861 tcp
CN 113.87.225.78:7891 tcp
BR 187.86.153.254:30660 tcp
KR 101.101.217.36:80 tcp
TH 118.172.47.97:51327 tcp
CA 74.56.228.180:4145 tcp
CA 158.51.210.75:7777 discordapp.com tcp
US 8.8.8.8:53 182.211.135.18.in-addr.arpa udp
FR 51.15.242.202:8888 tcp
FR 188.165.45.156:9996 tcp
GB 154.202.101.15:3128 tcp
US 8.8.8.8:53 75.210.51.158.in-addr.arpa udp
CN 116.114.20.148:3128 tcp
ID 101.255.150.94:80 tcp
CL 200.39.138.45:999 tcp
US 129.213.153.223:80 tcp
FR 135.125.9.103:13895 tcp
SG 184.168.121.153:30305 tcp
CN 183.215.23.242:9091 tcp
MX 201.174.73.70:11337 tcp
ZA 165.165.170.102:8080 tcp
HK 47.243.175.55:8080 tcp
US 72.167.8.5:44774 tcp
BR 20.33.5.27:8888 tcp
GB 154.201.33.5:3128 tcp
US 154.202.126.93:3128 tcp
MM 103.200.135.226:4145 tcp
US 8.8.8.8:53 55.175.243.47.in-addr.arpa udp
US 47.253.105.175:7302 tcp
DE 5.9.151.189:30000 tcp
BD 220.247.162.70:8080 tcp
CO 190.1.201.58:8080 tcp
US 8.8.8.8:53 226.135.200.103.in-addr.arpa udp
ID 103.124.137.251:1080 tcp
TH 14.207.58.42:8080 tcp
PT 2.83.198.171:80 tcp
DE 173.212.237.43:43648 tcp
MZ 41.76.149.62:8080 tcp
JP 160.16.56.40:80 tcp
LY 165.16.22.130:9999 tcp
RU 188.191.164.55:4890 tcp
BG 77.238.79.111:8080 tcp
BD 103.234.26.113:8080 tcp
SE 185.139.155.155:11813 tcp
US 31.204.28.20:20937 tcp
AU 119.17.42.150:8080 tcp
US 162.214.170.144:3434 tcp
RU 31.211.82.158:3128 tcp
PL 212.127.78.79:39811 tcp
DO 38.156.235.113:999 tcp
CO 190.7.138.78:8080 discordapp.com tcp
CH 195.15.215.146:80 tcp
US 172.67.181.165:80 tcp
US 67.213.210.175:34051 tcp
PL 80.52.223.98:5678 tcp
GB 154.201.34.11:3128 tcp
US 74.119.144.60:4145 tcp
US 8.8.8.8:53 165.181.67.172.in-addr.arpa udp
US 8.8.8.8:53 78.138.7.190.in-addr.arpa udp
US 74.48.78.52:80 tcp
DE 94.130.54.171:7449 tcp
CA 167.114.96.27:9300 tcp
US 8.8.8.8:53 155.155.139.185.in-addr.arpa udp
US 8.8.8.8:53 60.144.119.74.in-addr.arpa udp
US 45.196.151.73:5432 tcp
ID 103.155.196.36:5445 tcp
VN 113.161.131.43:80 tcp
RS 46.40.6.201:7777 tcp
PE 190.119.76.68:8080 tcp
BD 121.200.62.246:4153 tcp
US 8.8.8.8:53 132.224.225.171.in-addr.arpa udp
US 8.8.8.8:53 73.151.196.45.in-addr.arpa udp
BD 202.40.182.82:60606 tcp
US 204.48.31.211:80 tcp
BO 181.115.207.118:1080 tcp
DE 8.209.64.208:6666 tcp
US 8.8.8.8:53 211.31.48.204.in-addr.arpa udp
US 8.8.8.8:53 208.64.209.8.in-addr.arpa udp
US 193.227.129.194:22902 tcp
RU 85.235.184.186:3129 tcp
US 72.195.34.58:4145 tcp
ID 103.189.250.65:8080 tcp
US 8.8.8.8:53 58.34.195.72.in-addr.arpa udp
IN 203.115.98.30:5678 tcp
PE 45.189.118.196:999 tcp
SE 193.15.14.198:80 tcp
LT 213.252.245.221:6116 tcp
CN 117.40.176.42:9091 tcp
BD 202.40.178.34:2930 tcp
NL 104.40.148.100:8080 tcp
US 8.8.8.8:53 198.14.15.193.in-addr.arpa udp
TR 88.248.145.176:1453 tcp
FR 51.178.86.221:3128 tcp
US 50.171.32.229:80 tcp
CL 190.13.147.93:5678 tcp
CA 67.43.227.230:4961 tcp
BZ 45.131.7.54:80 tcp
ID 8.215.15.163:8008 tcp
KR 121.148.186.182:51214 tcp
US 47.88.59.79:82 discordapp.com tcp
RU 46.188.2.42:5678 tcp
RU 93.157.248.108:88 tcp
ID 202.180.20.114:1080 tcp
GB 45.12.31.192:80 tcp
TH 110.238.116.82:50001 tcp
IT 185.72.40.30:8080 tcp
KH 119.82.251.250:31678 tcp
BR 168.232.220.1:4153 tcp
US 50.236.148.246:31699 tcp
GB 176.253.53.25:80 tcp
CA 67.43.236.20:11091 tcp
US 8.8.8.8:53 54.7.131.45.in-addr.arpa udp
US 8.8.8.8:53 79.59.88.47.in-addr.arpa udp
US 8.8.8.8:53 163.15.215.8.in-addr.arpa udp
US 8.8.8.8:53 192.31.12.45.in-addr.arpa udp
BD 103.123.168.165:83 tcp
BR 187.32.20.249:5678 tcp
FR 147.135.128.218:80 tcp
EG 41.33.203.227:1976 tcp
GB 178.128.162.94:80 tcp
IT 94.198.211.217:5678 tcp
US 8.8.8.8:53 94.162.128.178.in-addr.arpa udp
ID 202.51.114.210:3128 tcp
NL 178.159.39.153:8118 tcp
CN 117.160.250.130:8899 tcp
IN 47.247.78.133:80 tcp
CN 47.116.126.57:3128 tcp
US 154.202.125.156:3128 tcp
CA 67.43.236.22:32249 discordapp.com tcp
BD 119.18.149.9:5020 tcp
BR 186.201.63.83:3128 tcp
TH 159.192.143.241:4153 tcp
US 8.8.8.8:53 22.236.43.67.in-addr.arpa udp
KH 36.37.244.41:5678 tcp
US 156.228.100.47:3128 tcp
PH 222.127.50.56:8082 tcp
US 54.172.119.74:80 tcp
US 8.8.8.8:53 47.100.228.156.in-addr.arpa udp
IN 103.242.119.88:80 tcp
GB 154.201.34.124:3128 tcp
US 184.178.172.14:4145 tcp
US 132.148.16.169:11835 tcp
CA 72.10.164.178:2007 tcp
IR 46.209.73.165:8080 tcp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
BD 180.211.179.82:5678 tcp
UA 193.105.62.11:58973 tcp
CO 181.129.74.58:30431 tcp
US 8.8.8.8:53 14.172.178.184.in-addr.arpa udp
ID 103.15.242.212:47424 tcp
BD 115.127.30.28:8674 tcp
US 47.252.20.42:1081 tcp
BR 177.25.40.146:4343 tcp
VN 103.176.108.105:1414 tcp
EG 41.65.236.53:1976 tcp
DE 3.71.239.218:80 discordapp.com tcp
TH 49.49.184.179:8080 tcp
CO 186.30.116.46:999 tcp
BR 181.233.95.18:5678 tcp
VN 113.160.234.147:57921 tcp
US 8.8.8.8:53 218.239.71.3.in-addr.arpa udp
SG 68.178.168.41:80 tcp
SG 148.72.212.198:43614 tcp
CN 117.160.250.133:8899 tcp
US 64.225.4.63:9993 tcp
CO 38.56.23.33:999 tcp
FR 217.182.210.152:80 discordapp.com tcp
RU 79.99.110.254:18080 tcp
ID 103.175.238.106:8082 tcp
TR 38.156.73.61:8080 tcp
EG 41.65.146.171:1981 discordapp.com tcp
US 8.8.8.8:53 171.146.65.41.in-addr.arpa udp
ID 103.10.97.154:4153 tcp
EG 41.65.146.171:1981 7.7.7.71 tcp
US 23.82.137.158:80 tcp
N/A 127.0.0.7:80 tcp
EG 41.65.146.171:1981 7.7.7.71 tcp
SG 20.24.43.214:80 tcp
EG 41.65.146.171:1981 7.7.7.71 tcp
CZ 89.187.157.180:8080 tcp
EG 41.65.146.171:1981 7.7.7.71 tcp
EC 45.224.22.177:999 tcp
EG 41.65.146.171:1981 7.7.7.71 tcp
KH 103.73.164.190:32650 tcp
EG 41.65.146.171:1981 7.7.7.71 tcp
MX 170.78.211.33:1080 tcp
EG 41.65.146.171:1981 7.7.7.71 tcp
US 66.248.237.227:56740 tcp
EG 41.65.146.171:1981 7.7.7.71 tcp
EG 41.65.146.171:1981 7.7.7.71 tcp
EG 41.65.146.171:1981 7.7.7.71 tcp
CN 223.241.77.93:8089 tcp
EG 41.65.146.171:1981 7.7.7.71 tcp
EG 41.65.146.171:1981 7.7.7.71 tcp
EG 41.65.146.171:1981 7.7.7.71 tcp
DE 43.157.8.79:8888 tcp
GB 157.245.41.92:80 discordapp.com tcp
EG 41.65.146.171:1981 7.7.7.71 tcp
US 8.8.8.8:53 152.210.182.217.in-addr.arpa udp
GB 178.128.172.154:3128 tcp
PY 201.217.51.9:4145 tcp
CA 142.44.247.105:61967 tcp
US 104.143.226.74:5677 tcp
US 191.101.1.116:80 tcp
US 162.243.237.104:12763 tcp
EG 41.65.146.171:1981 7.7.7.71 tcp
HK 49.0.252.39:6666 tcp
US 8.8.8.8:53 74.226.143.104.in-addr.arpa udp
CA 67.43.228.253:11323 discordapp.com tcp
EG 41.65.146.171:1981 7.7.7.71 tcp
CA 67.43.228.252:27201 tcp
EG 41.65.146.171:1981 7.7.7.71 tcp
EG 41.65.146.171:1981 7.7.7.71 tcp
EG 41.65.146.171:1981 7.7.7.71 tcp
ID 36.92.28.34:8080 tcp
US 141.193.213.3:80 discordapp.com tcp
EG 41.65.146.171:1981 7.7.7.71 tcp
US 141.193.213.3:80 discordapp.com tcp
US 141.193.213.3:80 discordapp.com tcp
US 8.8.8.8:53 253.228.43.67.in-addr.arpa udp
US 8.8.8.8:53 39.252.0.49.in-addr.arpa udp
US 8.8.8.8:53 3.213.193.141.in-addr.arpa udp
EG 41.65.146.171:1981 7.7.7.71 tcp
US 141.193.213.3:80 discordapp.com tcp
US 141.193.213.3:80 discordapp.com tcp
VN 115.79.27.106:1001 discordapp.com tcp
FR 13.37.73.214:3128 tcp
US 141.193.213.3:80 discordapp.com tcp
US 141.193.213.3:80 discordapp.com tcp
US 141.193.213.3:80 discordapp.com tcp
US 141.193.213.3:80 discordapp.com tcp
TR 188.132.222.167:8080 tcp
US 198.12.255.193:34321 tcp
US 141.193.213.3:80 discordapp.com tcp
US 141.193.213.3:80 discordapp.com tcp
TH 8.213.197.208:80 discordapp.com tcp
US 141.193.213.3:80 discordapp.com tcp
DE 47.91.89.3:8080 discordapp.com tcp
US 141.193.213.3:80 discordapp.com tcp
US 8.8.8.8:53 92.41.245.157.in-addr.arpa udp
US 141.193.213.3:80 discordapp.com tcp
US 141.193.213.3:80 discordapp.com tcp
US 141.193.213.3:80 discordapp.com tcp
US 141.193.213.3:80 discordapp.com tcp
US 141.193.213.3:80 discordapp.com tcp
UY 201.221.9.105:8080 tcp
US 141.193.213.3:80 discordapp.com tcp
US 141.193.213.3:80 discordapp.com tcp
TH 124.121.44.54:8080 tcp
US 141.193.213.3:80 discordapp.com tcp
US 104.219.42.115:61710 tcp
US 141.193.213.3:80 discordapp.com tcp
RU 194.190.254.250:8080 tcp
US 8.8.8.8:53 3.89.91.47.in-addr.arpa udp
US 8.8.8.8:53 208.197.213.8.in-addr.arpa udp
ES 188.87.137.45:3128 tcp
TH 159.138.255.141:9050 tcp
JP 133.18.234.13:80 discordapp.com tcp
AR 190.114.143.226:8080 tcp
VN 101.36.102.238:8168 tcp
HR 212.92.204.54:80 tcp
US 104.22.60.191:80 tcp
VN 103.176.179.84:3128 tcp
US 8.8.8.8:53 141.255.138.159.in-addr.arpa udp
US 8.8.8.8:53 106.27.79.115.in-addr.arpa udp
US 8.8.8.8:53 191.60.22.104.in-addr.arpa udp
SG 8.222.158.0:15673 tcp
DE 47.91.89.3:8080 api.ipify.org tcp
CN 183.236.232.160:8080 tcp
FR 54.36.81.217:8080 tcp
AU 47.74.71.208:5678 tcp
FI 95.216.164.36:80 discordapp.com tcp
US 50.174.145.11:80 tcp
FI 95.216.164.36:80 discordapp.com tcp
NL 195.181.172.213:8081 tcp
US 8.8.8.8:53 36.164.216.95.in-addr.arpa udp
FI 95.216.164.36:80 discordapp.com tcp
SG 15.235.187.227:62640 tcp
FI 95.216.164.36:80 discordapp.com tcp
BZ 45.131.7.54:80 tcp
CN 183.236.232.160:8080 tcp
FI 95.216.164.36:80 discordapp.com tcp
CN 119.179.232.219:7890 tcp
FI 95.216.164.36:80 discordapp.com tcp
BR 191.252.219.129:8889 tcp
VE 45.234.60.2:999 tcp
FI 95.216.164.36:80 discordapp.com tcp
FI 95.216.164.36:80 discordapp.com tcp
RU 194.1.232.150:33333 tcp
FI 95.216.164.36:80 discordapp.com tcp
FI 95.216.164.36:80 discordapp.com tcp
FI 95.216.164.36:80 discordapp.com tcp
FI 95.216.164.36:80 discordapp.com tcp
US 165.227.0.192:80 tcp
FI 95.216.164.36:80 discordapp.com tcp
TR 88.249.206.216:1453 tcp
FI 95.216.164.36:80 discordapp.com tcp
TH 101.109.41.137:4153 tcp
FI 95.216.164.36:80 discordapp.com tcp
FI 95.216.164.36:80 discordapp.com tcp
AU 47.74.71.208:8090 tcp
US 72.210.221.197:4145 tcp
KH 110.74.195.34:25 tcp
US 50.174.7.154:80 discordapp.com tcp
FI 95.216.164.36:80 discordapp.com tcp
US 198.74.51.79:8888 discordapp.com tcp
FI 95.216.164.36:80 discordapp.com tcp
UA 178.251.111.116:24572 tcp
RS 178.253.208.146:1080 tcp
FI 95.216.164.36:80 discordapp.com tcp
US 198.74.51.79:8888 discordapp.com tcp
FI 95.216.164.36:80 discordapp.com tcp
US 8.8.8.8:53 137.41.109.101.in-addr.arpa udp
US 8.8.8.8:53 154.7.174.50.in-addr.arpa udp
US 8.8.8.8:53 79.51.74.198.in-addr.arpa udp
FI 95.216.164.36:80 discordapp.com tcp
ID 36.89.214.21:4480 tcp
US 198.74.51.79:8888 discordapp.com tcp
FI 95.216.164.36:80 discordapp.com tcp
VE 190.94.212.221:999 tcp
HK 47.76.144.139:3128 discordapp.com tcp
US 198.74.51.79:8888 discordapp.com tcp
FR 195.154.106.167:80 tcp
US 12.186.205.122:80 tcp
US 198.74.51.79:8888 discordapp.com tcp
BD 103.180.203.142:6969 tcp
US 198.74.51.79:8888 discordapp.com tcp
CN 117.26.40.70:2829 tcp
US 198.74.51.79:8888 discordapp.com tcp
US 8.8.8.8:53 139.144.76.47.in-addr.arpa udp
IR 5.160.32.34:8080 tcp
US 198.74.51.79:8888 discordapp.com tcp
US 104.254.238.122:39096 tcp
US 198.74.51.79:8888 discordapp.com tcp
BR 45.6.15.67:5678 tcp
BR 168.228.36.22:27234 tcp
US 198.74.51.79:8888 discordapp.com tcp
IN 115.187.50.99:5678 tcp
US 198.74.51.79:8888 discordapp.com tcp
GB 139.59.187.180:80 tcp
US 198.74.51.79:8888 discordapp.com tcp
MX 189.151.31.226:999 tcp
US 198.74.51.79:8888 discordapp.com tcp
BR 177.184.199.36:80 tcp
US 198.74.51.79:8888 discordapp.com tcp
US 198.74.51.79:8888 discordapp.com tcp
US 198.74.51.79:8888 discordapp.com tcp
ID 103.147.246.63:8181 tcp
US 35.209.198.222:80 tcp
IN 103.69.20.38:4145 tcp
US 198.74.51.79:8888 discordapp.com tcp
RU 94.28.30.252:8080 tcp
ID 202.154.19.195:8082 tcp
RS 109.122.88.194:5678 tcp
US 198.74.51.79:8888 discordapp.com tcp
BD 103.245.96.124:6969 tcp
GB 88.80.188.17:80 tcp
BD 27.147.209.215:8080 tcp
US 198.74.51.79:8888 discordapp.com tcp
US 165.227.104.122:48500 tcp
FR 81.250.223.126:80 tcp
AZ 81.17.94.50:47163 tcp
US 198.74.51.79:8888 discordapp.com tcp
JP 52.196.1.182:80 tcp
ZA 196.251.223.54:8104 tcp
AU 47.91.56.120:82 tcp
US 198.74.51.79:8888 discordapp.com tcp
US 47.252.1.180:3132 discordapp.com tcp
SG 110.238.111.229:6789 tcp
US 198.74.51.79:8888 discordapp.com tcp
BO 190.186.18.161:999 tcp
VN 125.212.192.245:8888 tcp
TR 188.132.222.16:8080 tcp
US 192.169.226.96:7251 tcp
US 161.35.100.178:80 discordapp.com tcp
US 8.8.8.8:53 180.1.252.47.in-addr.arpa udp
US 8.8.8.8:53 229.111.238.110.in-addr.arpa udp
US 8.8.8.8:53 178.100.35.161.in-addr.arpa udp
ID 103.158.252.86:80 tcp
PT 193.136.97.17:80 tcp
KR 8.213.137.155:8090 tcp
FR 51.15.254.129:16379 tcp
SG 8.222.184.251:15673 tcp
US 162.144.32.209:28687 tcp
NL 45.134.175.67:8085 tcp
US 8.8.8.8:53 155.137.213.8.in-addr.arpa udp
VN 27.77.227.66:1080 tcp
ZA 154.70.214.105:4145 tcp
GB 3.9.71.167:3128 discordapp.com tcp
IN 103.250.157.43:6666 tcp
CO 181.236.247.8:8899 tcp
MX 177.240.20.138:999 tcp
US 8.8.8.8:53 13.234.18.133.in-addr.arpa udp
US 162.241.207.217:80 tcp
JP 133.18.234.13:80 discordapp.com tcp
NL 188.166.15.142:54126 tcp
US 23.105.170.34:19801 tcp
FR 51.210.54.186:80 tcp
US 45.56.175.26:5700 discordapp.com tcp
FR 51.68.91.108:9996 tcp
DE 164.40.194.76:8080 tcp
GB 18.169.83.87:1080 tcp
BR 170.239.222.139:8080 tcp
DE 176.9.238.167:52533 tcp
ID 182.253.109.127:8080 tcp
US 8.8.8.8:53 186.54.210.51.in-addr.arpa udp
US 8.8.8.8:53 167.71.9.3.in-addr.arpa udp
US 8.8.8.8:53 26.175.56.45.in-addr.arpa udp
CN 114.224.134.221:7891 tcp
CL 45.4.3.136:999 tcp
US 193.227.129.196:22542 tcp
TH 159.138.252.45:20002 tcp
IN 103.147.98.122:8080 tcp
IN 103.25.47.130:8080 discordapp.com tcp
US 198.11.175.192:6969 tcp
US 8.8.8.8:53 130.47.25.103.in-addr.arpa udp
IN 103.25.47.130:8080 login.jazenetworks.com tcp
IN 103.25.47.130:8080 login.jazenetworks.com tcp
DE 5.75.161.31:47519 tcp
BR 191.243.46.2:18283 tcp
IN 103.25.47.130:8080 login.jazenetworks.com tcp
US 8.8.8.8:53 192.175.11.198.in-addr.arpa udp
IN 103.25.47.130:8080 login.jazenetworks.com tcp
IN 103.25.47.130:8080 login.jazenetworks.com tcp
RU 5.228.237.214:8081 tcp
US 47.252.27.174:6789 discordapp.com tcp
AU 47.91.45.198:8443 tcp
BR 168.181.196.76:8080 tcp
US 8.8.8.8:53 174.27.252.47.in-addr.arpa udp
IN 103.25.47.130:8080 login.jazenetworks.com tcp
DE 94.130.54.171:7396 tcp
US 104.20.75.36:80 tcp
AU 47.74.71.208:5678 tcp
RU 5.180.19.209:1080 tcp
AR 181.209.106.190:1080 tcp
SG 8.219.74.58:5000 tcp
US 8.8.8.8:53 36.75.20.104.in-addr.arpa udp
US 8.8.8.8:53 58.74.219.8.in-addr.arpa udp
EG 41.65.163.68:1981 tcp
DO 190.110.36.91:999 tcp
IN 103.25.47.130:8080 login.jazenetworks.com tcp
BR 191.32.62.144:3128 tcp
IN 103.25.47.130:8080 login.jazenetworks.com tcp
US 8.8.8.8:53 105.214.70.154.in-addr.arpa udp
US 8.8.8.8:53 8.247.236.181.in-addr.arpa udp
US 20.157.194.61:80 tcp
TW 114.32.176.158:4145 tcp
ID 36.89.85.249:5678 tcp
IN 103.25.47.130:8080 login.jazenetworks.com tcp
EC 177.53.214.208:999 tcp
JP 133.18.234.13:80 discordapp.com tcp
ZA 154.70.214.105:4145 tcp
IN 103.25.47.130:8080 login.jazenetworks.com tcp
DE 168.119.53.93:80 discordapp.com tcp
IN 103.25.47.130:8080 login.jazenetworks.com tcp
IN 103.25.47.130:8080 login.jazenetworks.com tcp
IN 103.25.47.130:8080 login.jazenetworks.com tcp
US 8.8.8.8:53 93.53.119.168.in-addr.arpa udp
BR 45.190.141.241:1080 tcp
US 50.227.121.34:80 tcp
IN 103.25.47.130:8080 login.jazenetworks.com tcp
SG 165.154.236.214:80 tcp
AR 168.90.255.60:999 tcp
ID 103.120.175.75:80 tcp
IN 103.25.47.130:8080 login.jazenetworks.com tcp
BD 103.182.212.201:6969 tcp
NL 167.71.5.83:3128 tcp
FR 163.172.169.27:16379 tcp
IN 103.25.47.130:8080 login.jazenetworks.com tcp
GT 181.114.7.114:999 tcp
TR 185.208.101.89:8080 tcp
JP 133.18.234.13:80 discordapp.com tcp
FR 164.132.170.100:80 tcp
VN 117.2.224.245:9305 tcp
ID 103.172.71.11:8080 tcp
US 156.228.96.141:3128 tcp
IN 103.25.47.130:8080 login.jazenetworks.com tcp
BO 190.186.1.121:999 tcp
US 8.8.8.8:53 100.170.132.164.in-addr.arpa udp
US 8.8.8.8:53 141.96.228.156.in-addr.arpa udp
IN 103.25.47.130:8080 login.jazenetworks.com tcp
IN 103.25.47.130:8080 login.jazenetworks.com tcp
IN 103.25.47.130:8080 login.jazenetworks.com tcp
GB 154.202.101.195:3128 tcp
IN 103.25.47.130:8080 login.jazenetworks.com tcp
ID 103.76.91.50:8080 tcp
ID 36.73.165.254:8080 tcp
KR 43.200.77.128:3128 tcp
US 66.29.129.52:42243 tcp
JP 133.18.234.13:80 discordapp.com tcp
TR 78.188.81.57:8080 tcp
PH 119.93.43.16:8082 tcp
BR 177.104.87.23:5678 tcp
US 8.8.8.8:53 128.77.200.43.in-addr.arpa udp
US 67.213.212.53:13423 tcp
DE 3.127.62.252:80 tcp
TH 101.51.121.141:4153 tcp
BD 114.130.86.145:5443 tcp
FR 54.38.176.200:33809 tcp
NL 89.20.184.90:8080 tcp
JP 47.245.34.161:5000 discordapp.com tcp
US 8.8.8.8:53 161.34.245.47.in-addr.arpa udp
TH 183.88.234.3:80 tcp
RU 95.31.5.29:54651 tcp
VE 201.71.2.248:999 tcp
IQ 202.164.194.41:4145 tcp
US 104.129.205.15:10289 tcp
CA 104.207.62.152:3128 discordapp.com tcp
US 12.186.205.123:80 tcp
BD 116.68.196.209:1080 tcp
BR 143.0.243.80:8080 tcp
NP 202.166.211.14:60606 tcp
US 47.252.1.180:2080 tcp
GB 154.201.33.17:3128 tcp
US 8.8.8.8:53 152.62.207.104.in-addr.arpa udp
IN 119.235.50.38:4153 tcp
BD 220.247.163.185:9990 tcp
DE 88.99.249.96:8116 tcp
KR 8.213.129.15:9999 tcp
GB 178.128.160.79:80 tcp
FR 51.158.108.134:16379 tcp
SG 8.219.43.134:20 tcp
US 203.85.120.69:8080 tcp
AL 217.21.148.50:33192 tcp
US 8.8.8.8:53 15.129.213.8.in-addr.arpa udp
ID 103.155.197.49:8080 tcp
UA 93.171.224.53:4153 tcp
DE 94.130.54.171:7166 tcp
US 104.143.250.209:5841 tcp
KR 34.64.85.78:3128 tcp
ES 92.119.74.49:5678 tcp
MX 201.151.252.120:80 tcp
US 8.8.8.8:53 134.43.219.8.in-addr.arpa udp
US 8.8.8.8:53 209.250.143.104.in-addr.arpa udp
CO 181.129.198.58:5678 tcp
ID 123.108.98.89:5678 tcp
IN 64.227.140.130:3128 tcp
TH 8.213.222.247:77 tcp
TW 125.229.149.169:65110 tcp
CN 183.165.244.37:8089 tcp
IR 46.209.16.180:3128 tcp
US 47.252.18.37:9080 discordapp.com tcp
IR 80.191.46.59:1080 tcp
RS 195.178.56.37:8080 tcp
US 8.8.8.8:53 247.222.213.8.in-addr.arpa udp
CA 67.43.236.20:7003 tcp
BR 177.130.104.106:33333 tcp
ID 43.229.254.200:64820 tcp
US 216.21.18.194:80 tcp
ID 101.255.150.50:8080 tcp
US 8.8.8.8:53 106.104.130.177.in-addr.arpa udp
US 8.8.8.8:53 37.18.252.47.in-addr.arpa udp
GB 8.211.194.78:8443 discordapp.com tcp
ID 124.158.186.254:8080 tcp
US 64.49.67.164:5678 tcp
US 8.8.8.8:53 78.194.211.8.in-addr.arpa udp
US 47.252.27.174:4145 tcp
KE 41.217.223.145:32650 tcp
CA 158.51.210.75:7777 tcp
ID 123.108.98.89:5678 tcp
US 8.8.8.8:53 89.98.108.123.in-addr.arpa udp
US 104.27.26.29:80 discordapp.com tcp
US 104.27.26.29:80 discordapp.com tcp
US 104.27.26.29:80 discordapp.com tcp
TR 176.235.139.35:10001 tcp
US 104.27.26.29:80 discordapp.com tcp
US 162.0.220.215:24410 tcp
US 8.8.8.8:53 29.26.27.104.in-addr.arpa udp
GB 8.211.194.78:8443 api.ipify.org tcp
UA 109.86.219.179:53438 tcp
US 5.161.78.72:80 tcp
UA 193.34.95.110:8080 tcp
NL 212.123.230.25:8181 tcp
US 104.27.26.29:80 discordapp.com tcp
US 104.27.26.29:80 discordapp.com tcp
GB 217.69.126.24:5894 discordapp.com tcp
US 104.27.26.29:80 discordapp.com tcp
BD 103.180.203.25:8085 tcp
US 8.8.8.8:53 24.126.69.217.in-addr.arpa udp
US 104.27.26.29:80 discordapp.com tcp
US 166.0.235.104:40184 tcp
US 104.27.26.29:80 discordapp.com tcp
US 104.27.26.29:80 discordapp.com tcp
DE 188.40.44.96:80 tcp
US 104.27.26.29:80 discordapp.com tcp
FR 13.37.73.214:3128 tcp
US 104.27.26.29:80 discordapp.com tcp
US 104.27.26.29:80 discordapp.com tcp
SA 169.148.1.90:8080 tcp
US 104.27.26.29:80 discordapp.com tcp
LY 165.16.60.212:8080 tcp
US 104.27.26.29:80 discordapp.com tcp
US 104.27.26.29:80 tcp

Files

C:\Users\Admin\AppData\Local\Temp\pkg\da2172ce055fa47d6a0ea1c90654f530abed33f69a74d52fab06c4c7653b48fd\@primno\dpapi\prebuilds\win32-x64\node.napi.node

MD5 04bfbfec8db966420fe4c7b85ebb506a
SHA1 939bb742a354a92e1dcd3661a62d69e48030a335
SHA256 da2172ce055fa47d6a0ea1c90654f530abed33f69a74d52fab06c4c7653b48fd
SHA512 4ea97a9a120ed5bee8638e0a69561c2159fc3769062d7102167b0e92b4f1a5c002a761bd104282425f6cee8d0e39dbe7e12ad4e4a38570c3f90f31b65072dd65

C:\Users\Admin\AppData\Local\Temp\pkg-XWTUsW\b9a7b76665d92af2d90cc6a15ffdc1a79635559cbc1c40bd1f83c4c4449cd442

MD5 66a65322c9d362a23cf3d3f7735d5430
SHA1 ed59f3e4b0b16b759b866ef7293d26a1512b952e
SHA256 f806f89dc41dde00ca7124dc1e649bdc9b08ff2eff5c891b764f3e5aefa9548c
SHA512 0a44d12852fc4c74658a49f886c4bc7c715c48a7cb5a3dcf40c9f1d305ca991dd2c2cb3d0b5fd070b307a8f331938c5213188cbb2d27d47737cc1c4f34a1ea21

memory/4200-135-0x00007FFB5AF13000-0x00007FFB5AF15000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_gg0sphrd.eae.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/4200-146-0x00007FFB5AF10000-0x00007FFB5B9D1000-memory.dmp

memory/4200-145-0x00000223E9E20000-0x00000223E9E42000-memory.dmp

memory/4200-147-0x00007FFB5AF10000-0x00007FFB5B9D1000-memory.dmp

memory/4200-150-0x00007FFB5AF10000-0x00007FFB5B9D1000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

MD5 ea5a4f60ec7bd099351c92eb06a69584
SHA1 fe3222bb6aff2b43d56edffd7831ee788fbb5502
SHA256 08660d9b875582a433fb91036b79b97bc40070af92d7f382d204441d22a210d5
SHA512 18ee9006c7a1f58434ff0a3ca505679d257b21dec7bb2e2d66316592704dbc7d435894610f9ce9cd8fcd5a59b19a46abf2ab70d83dbfb5ad1157b56a58321196

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 50a8221b93fbd2628ac460dd408a9fc1
SHA1 7e99fe16a9b14079b6f0316c37cc473e1f83a7e6
SHA256 46e488628e5348c9c4dfcdeed5a91747eae3b3aa49ae1b94d37173b6609efa0e
SHA512 27dda53e7edcc1a12c61234e850fe73bf3923f5c3c19826b67f2faf9e0a14ba6658001a9d6a56a7036409feb9238dd452406e88e318919127b4a06c64dba86f0

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 446dd1cf97eaba21cf14d03aebc79f27
SHA1 36e4cc7367e0c7b40f4a8ace272941ea46373799
SHA256 a7de5177c68a64bd48b36d49e2853799f4ebcfa8e4761f7cc472f333dc5f65cf
SHA512 a6d754709f30b122112ae30e5ab22486393c5021d33da4d1304c061863d2e1e79e8aeb029cae61261bb77d0e7becd53a7b0106d6ea4368b4c302464e3d941cf7

C:\Users\Admin\AppData\Local\Temp\config.yml

MD5 98d55c31ac02b32ac3c147cad3a97ed0
SHA1 1d72218c5cdd5cfe65187d66833eeaa16fad9368
SHA256 b61bac80531f43058953c0747218203b4794908db361ed0a032d79f1168f6bdc
SHA512 36e48ab538dc41350ad4cb2a0127a1727db54b136e65f12526ac1648d884e462a28ebf7f7ca85eff37da5e7de9baddac9b28819395e65a7eb3dc83dbdd50f78e