8fa8de0a86ed14662dda7d8e1ae24ef5950ff87c5525f3d801691cdd34279387

Analysis

max time kernel
37s
max time network
36s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
21-12-2024 14:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

setup.exe
Size

31.7MB
MD5

c9cb2ab238b85bef33a7c9708bc11bab
SHA1

5ac1c74ef46442c318eebff12b3040f4384af845
SHA256

8fa8de0a86ed14662dda7d8e1ae24ef5950ff87c5525f3d801691cdd34279387
SHA512

ea2457277b1a3871cb531353b3377cbb7b547c0e86be9072120b43f34a44054f1fea9caae5eb8f1c59de5ec5127b4c61046631be8253d180fdceced7d67dc7bf
SSDEEP

786432:Twmur2zWxJcxqbtMyipVTXbByGHpm0UStynQNzxEjR4VzP:o0WxqxqZMFX5pxPzCYP

Score

8^/10

discovery evasion persistence privilege_escalation

Malware Config

Signatures

Drops file in Drivers directory 2 IoCs

description	ioc	Process
File created	C:\Windows\system32\drivers\etc\hosts.new	cmd.exe
File opened for modification	C:\Windows\system32\drivers\etc\hosts.new	cmd.exe

Modifies Windows Firewall 2 TTPs 2 IoCs

evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
3000	netsh.exe
4864	netsh.exe

Executes dropped EXE 6 IoCs

pid	Process
1392	wget.exe
5024	dnsx.exe
988	SetACL.exe
3528	SetACL.exe
1504	SetACL.exe
5116	SetACL.exe

Unexpected DNS network traffic destination 64 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	9.9.9.9
Destination IP	9.9.9.9
Destination IP	1.0.0.1
Destination IP	9.9.9.9
Destination IP	1.0.0.1
Destination IP	9.9.9.9
Destination IP	9.9.9.9
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	9.9.9.9
Destination IP	1.0.0.1
Destination IP	9.9.9.9
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	9.9.9.9
Destination IP	9.9.9.9
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	9.9.9.9
Destination IP	1.0.0.1
Destination IP	9.9.9.9
Destination IP	9.9.9.9
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	9.9.9.9
Destination IP	9.9.9.9
Destination IP	9.9.9.9
Destination IP	1.0.0.1
Destination IP	9.9.9.9
Destination IP	9.9.9.9
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	9.9.9.9
Destination IP	9.9.9.9
Destination IP	9.9.9.9
Destination IP	1.0.0.1
Destination IP	9.9.9.9
Destination IP	9.9.9.9
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	9.9.9.9
Destination IP	9.9.9.9
Destination IP	1.0.0.1
Destination IP	9.9.9.9
Destination IP	1.0.0.1
Destination IP	9.9.9.9
Destination IP	9.9.9.9
Destination IP	9.9.9.9
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	9.9.9.9
Destination IP	1.0.0.1
Destination IP	9.9.9.9
Destination IP	9.9.9.9
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	9.9.9.9
Destination IP	9.9.9.9

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Event Triggered Execution: Netsh Helper DLL 1 TTPs 6 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

description	ioc	Process
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ipconfig.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
448	PING.EXE

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe

Gathers network information 2 TTPs 1 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

pid	Process
72	ipconfig.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
2952	taskkill.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
448	PING.EXE

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2356	taskmgr.exe
2356	taskmgr.exe
2356	taskmgr.exe
2356	taskmgr.exe
2356	taskmgr.exe
2356	taskmgr.exe
2356	taskmgr.exe
2356	taskmgr.exe
2356	taskmgr.exe
2356	taskmgr.exe

Suspicious use of AdjustPrivilegeToken 18 IoCs

description	pid	Process
Token: SeDebugPrivilege	2356	taskmgr.exe
Token: SeSystemProfilePrivilege	2356	taskmgr.exe
Token: SeCreateGlobalPrivilege	2356	taskmgr.exe
Token: 33	2356	taskmgr.exe
Token: SeIncBasePriorityPrivilege	2356	taskmgr.exe
Token: SeBackupPrivilege	988	SetACL.exe
Token: SeRestorePrivilege	988	SetACL.exe
Token: SeSecurityPrivilege	988	SetACL.exe
Token: SeSecurityPrivilege	988	SetACL.exe
Token: SeBackupPrivilege	3528	SetACL.exe
Token: SeRestorePrivilege	3528	SetACL.exe
Token: SeTakeOwnershipPrivilege	3528	SetACL.exe
Token: SeDebugPrivilege	2952	taskkill.exe
Token: SeBackupPrivilege	1504	SetACL.exe
Token: SeRestorePrivilege	1504	SetACL.exe
Token: SeBackupPrivilege	5116	SetACL.exe
Token: SeRestorePrivilege	5116	SetACL.exe
Token: SeTakeOwnershipPrivilege	5116	SetACL.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
2356	taskmgr.exe
2356	taskmgr.exe
2356	taskmgr.exe
2356	taskmgr.exe
2356	taskmgr.exe
2356	taskmgr.exe
2356	taskmgr.exe
2356	taskmgr.exe
2356	taskmgr.exe
2356	taskmgr.exe
2356	taskmgr.exe
2356	taskmgr.exe
2356	taskmgr.exe
2356	taskmgr.exe
2356	taskmgr.exe
2356	taskmgr.exe
2356	taskmgr.exe
2356	taskmgr.exe
2356	taskmgr.exe
2356	taskmgr.exe
2356	taskmgr.exe
2356	taskmgr.exe
2356	taskmgr.exe
2356	taskmgr.exe
2356	taskmgr.exe
2356	taskmgr.exe
2356	taskmgr.exe
2356	taskmgr.exe
2356	taskmgr.exe
2356	taskmgr.exe
2356	taskmgr.exe
2356	taskmgr.exe
2356	taskmgr.exe
2356	taskmgr.exe
2356	taskmgr.exe

Suspicious use of SendNotifyMessage 35 IoCs

pid	Process
2356	taskmgr.exe
2356	taskmgr.exe
2356	taskmgr.exe
2356	taskmgr.exe
2356	taskmgr.exe
2356	taskmgr.exe
2356	taskmgr.exe
2356	taskmgr.exe
2356	taskmgr.exe
2356	taskmgr.exe
2356	taskmgr.exe
2356	taskmgr.exe
2356	taskmgr.exe
2356	taskmgr.exe
2356	taskmgr.exe
2356	taskmgr.exe
2356	taskmgr.exe
2356	taskmgr.exe
2356	taskmgr.exe
2356	taskmgr.exe
2356	taskmgr.exe
2356	taskmgr.exe
2356	taskmgr.exe
2356	taskmgr.exe
2356	taskmgr.exe
2356	taskmgr.exe
2356	taskmgr.exe
2356	taskmgr.exe
2356	taskmgr.exe
2356	taskmgr.exe
2356	taskmgr.exe
2356	taskmgr.exe
2356	taskmgr.exe
2356	taskmgr.exe
2356	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1984 wrote to memory of 1912	1984	setup.exe	77
PID 1984 wrote to memory of 1912	1984	setup.exe	77
PID 1984 wrote to memory of 1912	1984	setup.exe	77
PID 1984 wrote to memory of 3548	1984	setup.exe	79
PID 1984 wrote to memory of 3548	1984	setup.exe	79
PID 1984 wrote to memory of 3548	1984	setup.exe	79
PID 1984 wrote to memory of 2056	1984	setup.exe	81
PID 1984 wrote to memory of 2056	1984	setup.exe	81
PID 1984 wrote to memory of 2056	1984	setup.exe	81
PID 2056 wrote to memory of 3000	2056	cmd.exe	83
PID 2056 wrote to memory of 3000	2056	cmd.exe	83
PID 2056 wrote to memory of 3000	2056	cmd.exe	83
PID 2056 wrote to memory of 448	2056	cmd.exe	84
PID 2056 wrote to memory of 448	2056	cmd.exe	84
PID 2056 wrote to memory of 448	2056	cmd.exe	84
PID 2056 wrote to memory of 72	2056	cmd.exe	85
PID 2056 wrote to memory of 72	2056	cmd.exe	85
PID 2056 wrote to memory of 72	2056	cmd.exe	85
PID 2056 wrote to memory of 4864	2056	cmd.exe	86
PID 2056 wrote to memory of 4864	2056	cmd.exe	86
PID 2056 wrote to memory of 4864	2056	cmd.exe	86
PID 4864 wrote to memory of 3692	4864	cmd.exe	87
PID 4864 wrote to memory of 3692	4864	cmd.exe	87
PID 4864 wrote to memory of 3692	4864	cmd.exe	87
PID 4864 wrote to memory of 3292	4864	cmd.exe	88
PID 4864 wrote to memory of 3292	4864	cmd.exe	88
PID 4864 wrote to memory of 3292	4864	cmd.exe	88
PID 2056 wrote to memory of 3732	2056	cmd.exe	89
PID 2056 wrote to memory of 3732	2056	cmd.exe	89
PID 2056 wrote to memory of 3732	2056	cmd.exe	89
PID 3732 wrote to memory of 2140	3732	cmd.exe	90
PID 3732 wrote to memory of 2140	3732	cmd.exe	90
PID 3732 wrote to memory of 2140	3732	cmd.exe	90
PID 3732 wrote to memory of 2684	3732	cmd.exe	91
PID 3732 wrote to memory of 2684	3732	cmd.exe	91
PID 3732 wrote to memory of 2684	3732	cmd.exe	91
PID 2056 wrote to memory of 4312	2056	cmd.exe	92
PID 2056 wrote to memory of 4312	2056	cmd.exe	92
PID 2056 wrote to memory of 4312	2056	cmd.exe	92
PID 4312 wrote to memory of 4696	4312	cmd.exe	93
PID 4312 wrote to memory of 4696	4312	cmd.exe	93
PID 4312 wrote to memory of 4696	4312	cmd.exe	93
PID 4312 wrote to memory of 4692	4312	cmd.exe	94
PID 4312 wrote to memory of 4692	4312	cmd.exe	94
PID 4312 wrote to memory of 4692	4312	cmd.exe	94
PID 2056 wrote to memory of 1392	2056	cmd.exe	95
PID 2056 wrote to memory of 1392	2056	cmd.exe	95
PID 2056 wrote to memory of 2004	2056	cmd.exe	96
PID 2056 wrote to memory of 2004	2056	cmd.exe	96
PID 2056 wrote to memory of 2004	2056	cmd.exe	96
PID 2056 wrote to memory of 4012	2056	cmd.exe	97
PID 2056 wrote to memory of 4012	2056	cmd.exe	97
PID 2056 wrote to memory of 4012	2056	cmd.exe	97
PID 4012 wrote to memory of 608	4012	cmd.exe	98
PID 4012 wrote to memory of 608	4012	cmd.exe	98
PID 4012 wrote to memory of 608	4012	cmd.exe	98
PID 4012 wrote to memory of 1860	4012	cmd.exe	99
PID 4012 wrote to memory of 1860	4012	cmd.exe	99
PID 4012 wrote to memory of 1860	4012	cmd.exe	99
PID 2056 wrote to memory of 1084	2056	cmd.exe	100
PID 2056 wrote to memory of 1084	2056	cmd.exe	100
PID 2056 wrote to memory of 1084	2056	cmd.exe	100
PID 2056 wrote to memory of 3744	2056	cmd.exe	101
PID 2056 wrote to memory of 3744	2056	cmd.exe	101

C:\Users\Admin\AppData\Local\Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\setup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1984
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c CD /d "%sfxpath:~0,-20%\Adobe 2025" && Set-up.exe
  2⤵
  PID:1912
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c IF EXIST "C:\Program Files\Maxon Cinema 4D 2024\Cinema 4D.exe" ( REN "C:\Program Files\Maxon Cinema 4D 2024\Cinema 4D.exe" "Cinema 4D.yes" && XCOPY /y /r "C:\Users\Admin\AppData\Local\Temp\Adobe Temp\Cinema 4D.exe" "C:\Program Files\Maxon Cinema 4D 2024" )
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3548
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Adobe Temp\BlockIPs.cmd" "
  2⤵
  - Drops file in Drivers directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2056
- - C:\Windows\SysWOW64\netsh.exe
    netsh advfirewall firewall delete rule name="Adobe Unlicensed Pop-up" dir=out
    3⤵
    - Modifies Windows Firewall
    - Event Triggered Execution: Netsh Helper DLL
    PID:3000
- - C:\Windows\SysWOW64\PING.EXE
    ping -4 -n 2 8.8.8.8
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    - Runs ping.exe
    PID:448
- - C:\Windows\SysWOW64\findstr.exe
    findstr /i /l /c:"TTL="
    3⤵
    PID:72
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c 2>nul nslookup -type=ns ic.adobe.io|findstr /i /l /c:"nameserver = "
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4864
  - - C:\Windows\SysWOW64\nslookup.exe
      nslookup -type=ns ic.adobe.io
      4⤵
      PID:3692
  - - C:\Windows\SysWOW64\findstr.exe
      findstr /i /l /c:"nameserver = "
      4⤵
      PID:3292
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c 2>nul nslookup -type=ns ic.adobe.io|findstr /i /l /c:"nameserver = "
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3732
  - - C:\Windows\SysWOW64\nslookup.exe
      nslookup -type=ns ic.adobe.io
      4⤵
      PID:2140
  - - C:\Windows\SysWOW64\findstr.exe
      findstr /i /l /c:"nameserver = "
      4⤵
      PID:2684
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c 2>nul nslookup -type=ns ic.adobe.io|findstr /i /l /c:"nameserver = "
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4312
  - - C:\Windows\SysWOW64\nslookup.exe
      nslookup -type=ns ic.adobe.io
      4⤵
      PID:4696
  - - C:\Windows\SysWOW64\findstr.exe
      findstr /i /l /c:"nameserver = "
      4⤵
      PID:4692
- - C:\Users\Admin\AppData\Local\Temp\Adobe Temp\wget.exe
    "C:\Users\Admin\AppData\Local\Temp\Adobe Temp\wget.exe" -nv --no-check-certificate -O- "https://a.dove.isdumb.one/pihole.txt"
    3⤵
    - Executes dropped EXE
    PID:1392
- - C:\Windows\SysWOW64\findstr.exe
    findstr /r /v /c:"^[ \t]*#"
    3⤵
    PID:2004
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c type "C:\Users\Admin\AppData\Local\Temp\Adobe Temp\pihole_new.txt"|find /c /v ""
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:4012
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" type "C:\Users\Admin\AppData\Local\Temp\Adobe Temp\pihole_new.txt""
      4⤵
      PID:608
  - - C:\Windows\SysWOW64\find.exe
      find /c /v ""
      4⤵
      PID:1860
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" type "C:\Users\Admin\AppData\Local\Temp\Adobe Temp\pihole.txt""
    3⤵
    PID:1084
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /i /c:".adobestats.io"
    3⤵
    PID:3744
- - C:\Users\Admin\AppData\Local\Temp\Adobe Temp\dnsx.exe
    "C:\Users\Admin\AppData\Local\Temp\Adobe Temp\dnsx.exe" -t 100 -retry 2 -silent -resp-only
    3⤵
    - Executes dropped EXE
    PID:5024
- - C:\Windows\SysWOW64\sort.exe
    sort /unique
    3⤵
    PID:3552
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c type "C:\Users\Admin\AppData\Local\Temp\Adobe Temp\iplist_new.txt"|find /c /v ""
    3⤵
    PID:4852
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" type "C:\Users\Admin\AppData\Local\Temp\Adobe Temp\iplist_new.txt""
      4⤵
      System Location Discovery: System Language Discovery
      PID:1000
  - - C:\Windows\SysWOW64\find.exe
      find /c /v ""
      4⤵
      PID:5088
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,"
    3⤵
    PID:1020
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",108.138.217.102,"
    3⤵
    PID:4308
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,"
    3⤵
    PID:4668
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",108.138.217.18,"
    3⤵
    PID:1408
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,"
    3⤵
    PID:2832
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",108.138.217.19,"
    3⤵
    PID:2456
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5092
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",108.138.217.92,"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5044
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,"
    3⤵
    PID:2276
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",108.138.233.117,"
    3⤵
    PID:1964
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:868
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",108.138.233.36,"
    3⤵
    PID:672
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1092
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",108.138.233.62,"
    3⤵
    PID:2444
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,"
    3⤵
    PID:416
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",108.138.233.86,"
    3⤵
    PID:1548
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,"
    3⤵
    PID:380
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",108.138.7.117,"
    3⤵
    PID:4848
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,"
    3⤵
    PID:3012
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",108.138.7.47,"
    3⤵
    PID:4484
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,"
    3⤵
    PID:4176
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",108.138.7.8,"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1532
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3624
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",108.138.7.97,"
    3⤵
    PID:1620
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,"
    3⤵
    PID:1296
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",13.224.222.118,"
    3⤵
    PID:4948
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,"
    3⤵
    PID:4808
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",13.224.222.57,"
    3⤵
    PID:2804
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4888
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",13.224.222.91,"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1976
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,"
    3⤵
    PID:1680
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",13.224.222.93,"
    3⤵
    PID:4892
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,"
    3⤵
    PID:5020
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",13.249.9.36,"
    3⤵
    PID:4004
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4592
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",13.249.9.46,"
    3⤵
    PID:4600
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,"
    3⤵
    PID:4576
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",13.249.9.8,"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3664
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,"
    3⤵
    PID:1040
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",13.249.9.90,"
    3⤵
    PID:3584
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4524
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",13.32.27.111,"
    3⤵
    PID:3648
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2812
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",13.32.27.114,"
    3⤵
    PID:548
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3156
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",13.32.27.28,"
    3⤵
    PID:5104
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,"
    3⤵
    PID:1076
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",13.32.27.49,"
    3⤵
    PID:3128
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1188
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",143.204.215.2,"
    3⤵
    PID:3548
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3332
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",143.204.215.27,"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2860
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3680
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",143.204.215.40,"
    3⤵
    PID:1064
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,"
    3⤵
    PID:636
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",143.204.215.74,"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3696
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,"
    3⤵
    PID:4480
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",143.204.68.16,"
    3⤵
    PID:3160
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,"
    3⤵
    PID:5084
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",143.204.68.23,"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3292
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,"
    3⤵
    PID:2100
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",143.204.68.39,"
    3⤵
    PID:1060
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3176
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",143.204.68.70,"
    3⤵
    PID:988
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,"
    3⤵
    PID:2684
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",18.154.84.101,"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2256
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,"
    3⤵
    PID:1512
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",18.154.84.110,"
    3⤵
    PID:4696
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,"
    3⤵
    PID:4740
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",18.154.84.114,"
    3⤵
    PID:4312
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,"
    3⤵
    PID:5016
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",18.154.84.121,"
    3⤵
    PID:1440
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,"
    3⤵
    PID:3920
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",18.164.52.13,"
    3⤵
    PID:4712
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,18.164.52.13,"
    3⤵
    PID:2500
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",18.164.52.20,"
    3⤵
    PID:1756
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,18.164.52.13,18.164.52.20,"
    3⤵
    PID:1436
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",18.164.52.33,"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1568
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,18.164.52.13,18.164.52.20,18.164.52.33,"
    3⤵
    PID:4996
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",18.164.52.52,"
    3⤵
    PID:1392
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,18.164.52.13,18.164.52.20,18.164.52.33,18.164.52.52,"
    3⤵
    PID:2344
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",18.172.153.103,"
    3⤵
    PID:948
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,18.164.52.13,18.164.52.20,18.164.52.33,18.164.52.52,18.172.153.103,"
    3⤵
    PID:2192
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",18.172.153.108,"
    3⤵
    PID:4548
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,18.164.52.13,18.164.52.20,18.164.52.33,18.164.52.52,18.172.153.103,18.172.153.108,"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3420
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",18.172.153.23,"
    3⤵
    PID:1932
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,18.164.52.13,18.164.52.20,18.164.52.33,18.164.52.52,18.172.153.103,18.172.153.108,18.172.153.23,"
    3⤵
    PID:3784
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",18.172.153.24,"
    3⤵
    PID:3328
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,18.164.52.13,18.164.52.20,18.164.52.33,18.164.52.52,18.172.153.103,18.172.153.108,18.172.153.23,18.172.153.24,"
    3⤵
    PID:4508
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",18.239.236.11,"
    3⤵
    PID:844
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,18.164.52.13,18.164.52.20,18.164.52.33,18.164.52.52,18.172.153.103,18.172.153.108,18.172.153.23,18.172.153.24,18.239.236.11,"
    3⤵
    PID:2160
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",18.239.236.119,"
    3⤵
    PID:1464
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,18.164.52.13,18.164.52.20,18.164.52.33,18.164.52.52,18.172.153.103,18.172.153.108,18.172.153.23,18.172.153.24,18.239.236.11,18.239.236.119,"
    3⤵
    PID:1504
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",18.239.236.79,"
    3⤵
    PID:1888
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,18.164.52.13,18.164.52.20,18.164.52.33,18.164.52.52,18.172.153.103,18.172.153.108,18.172.153.23,18.172.153.24,18.239.236.11,18.239.236.119,18.239.236.79,"
    3⤵
    PID:4152
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",18.239.236.89,"
    3⤵
    PID:3720
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,18.164.52.13,18.164.52.20,18.164.52.33,18.164.52.52,18.172.153.103,18.172.153.108,18.172.153.23,18.172.153.24,18.239.236.11,18.239.236.119,18.239.236.79,18.239.236.89,"
    3⤵
    PID:3144
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",18.244.124.100,"
    3⤵
    PID:5056
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,18.164.52.13,18.164.52.20,18.164.52.33,18.164.52.52,18.172.153.103,18.172.153.108,18.172.153.23,18.172.153.24,18.239.236.11,18.239.236.119,18.239.236.79,18.239.236.89,18.244.124.100,"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1884
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",18.244.124.101,"
    3⤵
    PID:1308
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,18.164.52.13,18.164.52.20,18.164.52.33,18.164.52.52,18.172.153.103,18.172.153.108,18.172.153.23,18.172.153.24,18.239.236.11,18.239.236.119,18.239.236.79,18.239.236.89,18.244.124.100,18.244.124.101,"
    3⤵
    PID:1540
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",18.244.124.102,"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2036
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,18.164.52.13,18.164.52.20,18.164.52.33,18.164.52.52,18.172.153.103,18.172.153.108,18.172.153.23,18.172.153.24,18.239.236.11,18.239.236.119,18.239.236.79,18.239.236.89,18.244.124.100,18.244.124.101,18.244.124.102,"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2528
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",18.244.124.119,"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3084
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,18.164.52.13,18.164.52.20,18.164.52.33,18.164.52.52,18.172.153.103,18.172.153.108,18.172.153.23,18.172.153.24,18.239.236.11,18.239.236.119,18.239.236.79,18.239.236.89,18.244.124.100,18.244.124.101,18.244.124.102,18.244.124.119,"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3120
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",18.244.124.20,"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4444
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,18.164.52.13,18.164.52.20,18.164.52.33,18.164.52.52,18.172.153.103,18.172.153.108,18.172.153.23,18.172.153.24,18.239.236.11,18.239.236.119,18.239.236.79,18.239.236.89,18.244.124.100,18.244.124.101,18.244.124.102,18.244.124.119,18.244.124.20,"
    3⤵
    PID:876
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",18.244.124.47,"
    3⤵
    PID:3860
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,18.164.52.13,18.164.52.20,18.164.52.33,18.164.52.52,18.172.153.103,18.172.153.108,18.172.153.23,18.172.153.24,18.239.236.11,18.239.236.119,18.239.236.79,18.239.236.89,18.244.124.100,18.244.124.101,18.244.124.102,18.244.124.119,18.244.124.20,18.244.124.47,"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5116
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",18.244.124.50,"
    3⤵
    PID:5108
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,18.164.52.13,18.164.52.20,18.164.52.33,18.164.52.52,18.172.153.103,18.172.153.108,18.172.153.23,18.172.153.24,18.239.236.11,18.239.236.119,18.239.236.79,18.239.236.89,18.244.124.100,18.244.124.101,18.244.124.102,18.244.124.119,18.244.124.20,18.244.124.47,18.244.124.50,"
    3⤵
    PID:4416
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",18.244.124.8,"
    3⤵
    PID:3744
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,18.164.52.13,18.164.52.20,18.164.52.33,18.164.52.52,18.172.153.103,18.172.153.108,18.172.153.23,18.172.153.24,18.239.236.11,18.239.236.119,18.239.236.79,18.239.236.89,18.244.124.100,18.244.124.101,18.244.124.102,18.244.124.119,18.244.124.20,18.244.124.47,18.244.124.50,18.244.124.8,"
    3⤵
    PID:1200
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",18.244.164.129,"
    3⤵
    PID:1544
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,18.164.52.13,18.164.52.20,18.164.52.33,18.164.52.52,18.172.153.103,18.172.153.108,18.172.153.23,18.172.153.24,18.239.236.11,18.239.236.119,18.239.236.79,18.239.236.89,18.244.124.100,18.244.124.101,18.244.124.102,18.244.124.119,18.244.124.20,18.244.124.47,18.244.124.50,18.244.124.8,18.244.164.129,"
    3⤵
    PID:5088
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",18.244.164.30,"
    3⤵
    PID:4360
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,18.164.52.13,18.164.52.20,18.164.52.33,18.164.52.52,18.172.153.103,18.172.153.108,18.172.153.23,18.172.153.24,18.239.236.11,18.239.236.119,18.239.236.79,18.239.236.89,18.244.124.100,18.244.124.101,18.244.124.102,18.244.124.119,18.244.124.20,18.244.124.47,18.244.124.50,18.244.124.8,18.244.164.129,18.244.164.30,"
    3⤵
    PID:4228
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",18.244.164.64,"
    3⤵
    PID:824
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,18.164.52.13,18.164.52.20,18.164.52.33,18.164.52.52,18.172.153.103,18.172.153.108,18.172.153.23,18.172.153.24,18.239.236.11,18.239.236.119,18.239.236.79,18.239.236.89,18.244.124.100,18.244.124.101,18.244.124.102,18.244.124.119,18.244.124.20,18.244.124.47,18.244.124.50,18.244.124.8,18.244.164.129,18.244.164.30,18.244.164.64,"
    3⤵
    PID:4668
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",18.244.164.66,"
    3⤵
    PID:1408
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,18.164.52.13,18.164.52.20,18.164.52.33,18.164.52.52,18.172.153.103,18.172.153.108,18.172.153.23,18.172.153.24,18.239.236.11,18.239.236.119,18.239.236.79,18.239.236.89,18.244.124.100,18.244.124.101,18.244.124.102,18.244.124.119,18.244.124.20,18.244.124.47,18.244.124.50,18.244.124.8,18.244.164.129,18.244.164.30,18.244.164.64,18.244.164.66,"
    3⤵
    PID:2832
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",18.244.28.10,"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4920
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,18.164.52.13,18.164.52.20,18.164.52.33,18.164.52.52,18.172.153.103,18.172.153.108,18.172.153.23,18.172.153.24,18.239.236.11,18.239.236.119,18.239.236.79,18.239.236.89,18.244.124.100,18.244.124.101,18.244.124.102,18.244.124.119,18.244.124.20,18.244.124.47,18.244.124.50,18.244.124.8,18.244.164.129,18.244.164.30,18.244.164.64,18.244.164.66,18.244.28.10,"
    3⤵
    PID:1892
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",18.244.28.102,"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5044
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,18.164.52.13,18.164.52.20,18.164.52.33,18.164.52.52,18.172.153.103,18.172.153.108,18.172.153.23,18.172.153.24,18.239.236.11,18.239.236.119,18.239.236.79,18.239.236.89,18.244.124.100,18.244.124.101,18.244.124.102,18.244.124.119,18.244.124.20,18.244.124.47,18.244.124.50,18.244.124.8,18.244.164.129,18.244.164.30,18.244.164.64,18.244.164.66,18.244.28.10,18.244.28.102,"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1688
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",18.244.28.112,"
    3⤵
    PID:1444
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,18.164.52.13,18.164.52.20,18.164.52.33,18.164.52.52,18.172.153.103,18.172.153.108,18.172.153.23,18.172.153.24,18.239.236.11,18.239.236.119,18.239.236.79,18.239.236.89,18.244.124.100,18.244.124.101,18.244.124.102,18.244.124.119,18.244.124.20,18.244.124.47,18.244.124.50,18.244.124.8,18.244.164.129,18.244.164.30,18.244.164.64,18.244.164.66,18.244.28.10,18.244.28.102,18.244.28.112,"
    3⤵
    PID:672
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",18.244.28.12,"
    3⤵
    PID:1812
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,18.164.52.13,18.164.52.20,18.164.52.33,18.164.52.52,18.172.153.103,18.172.153.108,18.172.153.23,18.172.153.24,18.239.236.11,18.239.236.119,18.239.236.79,18.239.236.89,18.244.124.100,18.244.124.101,18.244.124.102,18.244.124.119,18.244.124.20,18.244.124.47,18.244.124.50,18.244.124.8,18.244.164.129,18.244.164.30,18.244.164.64,18.244.164.66,18.244.28.10,18.244.28.102,18.244.28.112,18.244.28.12,"
    3⤵
    PID:2444
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",18.244.28.18,"
    3⤵
    PID:3824
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,18.164.52.13,18.164.52.20,18.164.52.33,18.164.52.52,18.172.153.103,18.172.153.108,18.172.153.23,18.172.153.24,18.239.236.11,18.239.236.119,18.239.236.79,18.239.236.89,18.244.124.100,18.244.124.101,18.244.124.102,18.244.124.119,18.244.124.20,18.244.124.47,18.244.124.50,18.244.124.8,18.244.164.129,18.244.164.30,18.244.164.64,18.244.164.66,18.244.28.10,18.244.28.102,18.244.28.112,18.244.28.12,18.244.28.18,"
    3⤵
    PID:1548
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",18.244.28.29,"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2768
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,18.164.52.13,18.164.52.20,18.164.52.33,18.164.52.52,18.172.153.103,18.172.153.108,18.172.153.23,18.172.153.24,18.239.236.11,18.239.236.119,18.239.236.79,18.239.236.89,18.244.124.100,18.244.124.101,18.244.124.102,18.244.124.119,18.244.124.20,18.244.124.47,18.244.124.50,18.244.124.8,18.244.164.129,18.244.164.30,18.244.164.64,18.244.164.66,18.244.28.10,18.244.28.102,18.244.28.112,18.244.28.12,18.244.28.18,18.244.28.29,"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3164
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",18.244.28.40,"
    3⤵
    PID:3636
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,18.164.52.13,18.164.52.20,18.164.52.33,18.164.52.52,18.172.153.103,18.172.153.108,18.172.153.23,18.172.153.24,18.239.236.11,18.239.236.119,18.239.236.79,18.239.236.89,18.244.124.100,18.244.124.101,18.244.124.102,18.244.124.119,18.244.124.20,18.244.124.47,18.244.124.50,18.244.124.8,18.244.164.129,18.244.164.30,18.244.164.64,18.244.164.66,18.244.28.10,18.244.28.102,18.244.28.112,18.244.28.12,18.244.28.18,18.244.28.29,18.244.28.40,"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5008
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",18.244.28.46,"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1952
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,18.164.52.13,18.164.52.20,18.164.52.33,18.164.52.52,18.172.153.103,18.172.153.108,18.172.153.23,18.172.153.24,18.239.236.11,18.239.236.119,18.239.236.79,18.239.236.89,18.244.124.100,18.244.124.101,18.244.124.102,18.244.124.119,18.244.124.20,18.244.124.47,18.244.124.50,18.244.124.8,18.244.164.129,18.244.164.30,18.244.164.64,18.244.164.66,18.244.28.10,18.244.28.102,18.244.28.112,18.244.28.12,18.244.28.18,18.244.28.29,18.244.28.40,18.244.28.46,"
    3⤵
    PID:1692
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",18.244.28.56,"
    3⤵
    PID:3080
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,18.164.52.13,18.164.52.20,18.164.52.33,18.164.52.52,18.172.153.103,18.172.153.108,18.172.153.23,18.172.153.24,18.239.236.11,18.239.236.119,18.239.236.79,18.239.236.89,18.244.124.100,18.244.124.101,18.244.124.102,18.244.124.119,18.244.124.20,18.244.124.47,18.244.124.50,18.244.124.8,18.244.164.129,18.244.164.30,18.244.164.64,18.244.164.66,18.244.28.10,18.244.28.102,18.244.28.112,18.244.28.12,18.244.28.18,18.244.28.29,18.244.28.40,18.244.28.46,18.244.28.56,"
    3⤵
    PID:1620
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",18.244.28.57,"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:400
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,18.164.52.13,18.164.52.20,18.164.52.33,18.164.52.52,18.172.153.103,18.172.153.108,18.172.153.23,18.172.153.24,18.239.236.11,18.239.236.119,18.239.236.79,18.239.236.89,18.244.124.100,18.244.124.101,18.244.124.102,18.244.124.119,18.244.124.20,18.244.124.47,18.244.124.50,18.244.124.8,18.244.164.129,18.244.164.30,18.244.164.64,18.244.164.66,18.244.28.10,18.244.28.102,18.244.28.112,18.244.28.12,18.244.28.18,18.244.28.29,18.244.28.40,18.244.28.46,18.244.28.56,18.244.28.57,"
    3⤵
    PID:4948
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",18.244.28.63,"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:460
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,18.164.52.13,18.164.52.20,18.164.52.33,18.164.52.52,18.172.153.103,18.172.153.108,18.172.153.23,18.172.153.24,18.239.236.11,18.239.236.119,18.239.236.79,18.239.236.89,18.244.124.100,18.244.124.101,18.244.124.102,18.244.124.119,18.244.124.20,18.244.124.47,18.244.124.50,18.244.124.8,18.244.164.129,18.244.164.30,18.244.164.64,18.244.164.66,18.244.28.10,18.244.28.102,18.244.28.112,18.244.28.12,18.244.28.18,18.244.28.29,18.244.28.40,18.244.28.46,18.244.28.56,18.244.28.57,18.244.28.63,"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2804
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",18.244.28.74,"
    3⤵
    PID:4500
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,18.164.52.13,18.164.52.20,18.164.52.33,18.164.52.52,18.172.153.103,18.172.153.108,18.172.153.23,18.172.153.24,18.239.236.11,18.239.236.119,18.239.236.79,18.239.236.89,18.244.124.100,18.244.124.101,18.244.124.102,18.244.124.119,18.244.124.20,18.244.124.47,18.244.124.50,18.244.124.8,18.244.164.129,18.244.164.30,18.244.164.64,18.244.164.66,18.244.28.10,18.244.28.102,18.244.28.112,18.244.28.12,18.244.28.18,18.244.28.29,18.244.28.40,18.244.28.46,18.244.28.56,18.244.28.57,18.244.28.63,18.244.28.74,"
    3⤵
    PID:1608
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",18.245.143.124,"
    3⤵
    PID:4796
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,18.164.52.13,18.164.52.20,18.164.52.33,18.164.52.52,18.172.153.103,18.172.153.108,18.172.153.23,18.172.153.24,18.239.236.11,18.239.236.119,18.239.236.79,18.239.236.89,18.244.124.100,18.244.124.101,18.244.124.102,18.244.124.119,18.244.124.20,18.244.124.47,18.244.124.50,18.244.124.8,18.244.164.129,18.244.164.30,18.244.164.64,18.244.164.66,18.244.28.10,18.244.28.102,18.244.28.112,18.244.28.12,18.244.28.18,18.244.28.29,18.244.28.40,18.244.28.46,18.244.28.56,18.244.28.57,18.244.28.63,18.244.28.74,18.245.143.124,"
    3⤵
    PID:4452
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",18.245.143.34,"
    3⤵
    PID:1404
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,18.164.52.13,18.164.52.20,18.164.52.33,18.164.52.52,18.172.153.103,18.172.153.108,18.172.153.23,18.172.153.24,18.239.236.11,18.239.236.119,18.239.236.79,18.239.236.89,18.244.124.100,18.244.124.101,18.244.124.102,18.244.124.119,18.244.124.20,18.244.124.47,18.244.124.50,18.244.124.8,18.244.164.129,18.244.164.30,18.244.164.64,18.244.164.66,18.244.28.10,18.244.28.102,18.244.28.112,18.244.28.12,18.244.28.18,18.244.28.29,18.244.28.40,18.244.28.46,18.244.28.56,18.244.28.57,18.244.28.63,18.244.28.74,18.245.143.124,18.245.143.34,"
    3⤵
    PID:4616
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",18.245.143.36,"
    3⤵
    PID:4620
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,18.164.52.13,18.164.52.20,18.164.52.33,18.164.52.52,18.172.153.103,18.172.153.108,18.172.153.23,18.172.153.24,18.239.236.11,18.239.236.119,18.239.236.79,18.239.236.89,18.244.124.100,18.244.124.101,18.244.124.102,18.244.124.119,18.244.124.20,18.244.124.47,18.244.124.50,18.244.124.8,18.244.164.129,18.244.164.30,18.244.164.64,18.244.164.66,18.244.28.10,18.244.28.102,18.244.28.112,18.244.28.12,18.244.28.18,18.244.28.29,18.244.28.40,18.244.28.46,18.244.28.56,18.244.28.57,18.244.28.63,18.244.28.74,18.245.143.124,18.245.143.34,18.245.143.36,"
    3⤵
    PID:4600
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",18.245.143.53,"
    3⤵
    PID:3560
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,18.164.52.13,18.164.52.20,18.164.52.33,18.164.52.52,18.172.153.103,18.172.153.108,18.172.153.23,18.172.153.24,18.239.236.11,18.239.236.119,18.239.236.79,18.239.236.89,18.244.124.100,18.244.124.101,18.244.124.102,18.244.124.119,18.244.124.20,18.244.124.47,18.244.124.50,18.244.124.8,18.244.164.129,18.244.164.30,18.244.164.64,18.244.164.66,18.244.28.10,18.244.28.102,18.244.28.112,18.244.28.12,18.244.28.18,18.244.28.29,18.244.28.40,18.244.28.46,18.244.28.56,18.244.28.57,18.244.28.63,18.244.28.74,18.245.143.124,18.245.143.34,18.245.143.36,18.245.143.53,"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3664
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",18.245.162.16,"
    3⤵
    PID:2796
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,18.164.52.13,18.164.52.20,18.164.52.33,18.164.52.52,18.172.153.103,18.172.153.108,18.172.153.23,18.172.153.24,18.239.236.11,18.239.236.119,18.239.236.79,18.239.236.89,18.244.124.100,18.244.124.101,18.244.124.102,18.244.124.119,18.244.124.20,18.244.124.47,18.244.124.50,18.244.124.8,18.244.164.129,18.244.164.30,18.244.164.64,18.244.164.66,18.244.28.10,18.244.28.102,18.244.28.112,18.244.28.12,18.244.28.18,18.244.28.29,18.244.28.40,18.244.28.46,18.244.28.56,18.244.28.57,18.244.28.63,18.244.28.74,18.245.143.124,18.245.143.34,18.245.143.36,18.245.143.53,18.245.162.16,"
    3⤵
    PID:2412
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",18.245.162.79,"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1904
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,18.164.52.13,18.164.52.20,18.164.52.33,18.164.52.52,18.172.153.103,18.172.153.108,18.172.153.23,18.172.153.24,18.239.236.11,18.239.236.119,18.239.236.79,18.239.236.89,18.244.124.100,18.244.124.101,18.244.124.102,18.244.124.119,18.244.124.20,18.244.124.47,18.244.124.50,18.244.124.8,18.244.164.129,18.244.164.30,18.244.164.64,18.244.164.66,18.244.28.10,18.244.28.102,18.244.28.112,18.244.28.12,18.244.28.18,18.244.28.29,18.244.28.40,18.244.28.46,18.244.28.56,18.244.28.57,18.244.28.63,18.244.28.74,18.245.143.124,18.245.143.34,18.245.143.36,18.245.143.53,18.245.162.16,18.245.162.79,"
    3⤵
    PID:2800
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",18.245.162.90,"
    3⤵
    PID:1744
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,18.164.52.13,18.164.52.20,18.164.52.33,18.164.52.52,18.172.153.103,18.172.153.108,18.172.153.23,18.172.153.24,18.239.236.11,18.239.236.119,18.239.236.79,18.239.236.89,18.244.124.100,18.244.124.101,18.244.124.102,18.244.124.119,18.244.124.20,18.244.124.47,18.244.124.50,18.244.124.8,18.244.164.129,18.244.164.30,18.244.164.64,18.244.164.66,18.244.28.10,18.244.28.102,18.244.28.112,18.244.28.12,18.244.28.18,18.244.28.29,18.244.28.40,18.244.28.46,18.244.28.56,18.244.28.57,18.244.28.63,18.244.28.74,18.245.143.124,18.245.143.34,18.245.143.36,18.245.143.53,18.245.162.16,18.245.162.79,18.245.162.90,"
    3⤵
    PID:3396
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",18.245.162.94,"
    3⤵
    PID:2440
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,18.164.52.13,18.164.52.20,18.164.52.33,18.164.52.52,18.172.153.103,18.172.153.108,18.172.153.23,18.172.153.24,18.239.236.11,18.239.236.119,18.239.236.79,18.239.236.89,18.244.124.100,18.244.124.101,18.244.124.102,18.244.124.119,18.244.124.20,18.244.124.47,18.244.124.50,18.244.124.8,18.244.164.129,18.244.164.30,18.244.164.64,18.244.164.66,18.244.28.10,18.244.28.102,18.244.28.112,18.244.28.12,18.244.28.18,18.244.28.29,18.244.28.40,18.244.28.46,18.244.28.56,18.244.28.57,18.244.28.63,18.244.28.74,18.245.143.124,18.245.143.34,18.245.143.36,18.245.143.53,18.245.162.16,18.245.162.79,18.245.162.90,18.245.162.94,"
    3⤵
    PID:2284
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",18.245.175.100,"
    3⤵
    PID:1988
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,18.164.52.13,18.164.52.20,18.164.52.33,18.164.52.52,18.172.153.103,18.172.153.108,18.172.153.23,18.172.153.24,18.239.236.11,18.239.236.119,18.239.236.79,18.239.236.89,18.244.124.100,18.244.124.101,18.244.124.102,18.244.124.119,18.244.124.20,18.244.124.47,18.244.124.50,18.244.124.8,18.244.164.129,18.244.164.30,18.244.164.64,18.244.164.66,18.244.28.10,18.244.28.102,18.244.28.112,18.244.28.12,18.244.28.18,18.244.28.29,18.244.28.40,18.244.28.46,18.244.28.56,18.244.28.57,18.244.28.63,18.244.28.74,18.245.143.124,18.245.143.34,18.245.143.36,18.245.143.53,18.245.162.16,18.245.162.79,18.245.162.90,18.245.162.94,18.245.175.100,"
    3⤵
    PID:1912
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",18.245.175.55,"
    3⤵
    PID:1600
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,18.164.52.13,18.164.52.20,18.164.52.33,18.164.52.52,18.172.153.103,18.172.153.108,18.172.153.23,18.172.153.24,18.239.236.11,18.239.236.119,18.239.236.79,18.239.236.89,18.244.124.100,18.244.124.101,18.244.124.102,18.244.124.119,18.244.124.20,18.244.124.47,18.244.124.50,18.244.124.8,18.244.164.129,18.244.164.30,18.244.164.64,18.244.164.66,18.244.28.10,18.244.28.102,18.244.28.112,18.244.28.12,18.244.28.18,18.244.28.29,18.244.28.40,18.244.28.46,18.244.28.56,18.244.28.57,18.244.28.63,18.244.28.74,18.245.143.124,18.245.143.34,18.245.143.36,18.245.143.53,18.245.162.16,18.245.162.79,18.245.162.90,18.245.162.94,18.245.175.100,18.245.175.55,"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4128
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",18.245.175.6,"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3300
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,18.164.52.13,18.164.52.20,18.164.52.33,18.164.52.52,18.172.153.103,18.172.153.108,18.172.153.23,18.172.153.24,18.239.236.11,18.239.236.119,18.239.236.79,18.239.236.89,18.244.124.100,18.244.124.101,18.244.124.102,18.244.124.119,18.244.124.20,18.244.124.47,18.244.124.50,18.244.124.8,18.244.164.129,18.244.164.30,18.244.164.64,18.244.164.66,18.244.28.10,18.244.28.102,18.244.28.112,18.244.28.12,18.244.28.18,18.244.28.29,18.244.28.40,18.244.28.46,18.244.28.56,18.244.28.57,18.244.28.63,18.244.28.74,18.245.143.124,18.245.143.34,18.245.143.36,18.245.143.53,18.245.162.16,18.245.162.79,18.245.162.90,18.245.162.94,18.245.175.100,18.245.175.55,18.245.175.6,"
    3⤵
    PID:1188
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",18.245.175.84,"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4968
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,18.164.52.13,18.164.52.20,18.164.52.33,18.164.52.52,18.172.153.103,18.172.153.108,18.172.153.23,18.172.153.24,18.239.236.11,18.239.236.119,18.239.236.79,18.239.236.89,18.244.124.100,18.244.124.101,18.244.124.102,18.244.124.119,18.244.124.20,18.244.124.47,18.244.124.50,18.244.124.8,18.244.164.129,18.244.164.30,18.244.164.64,18.244.164.66,18.244.28.10,18.244.28.102,18.244.28.112,18.244.28.12,18.244.28.18,18.244.28.29,18.244.28.40,18.244.28.46,18.244.28.56,18.244.28.57,18.244.28.63,18.244.28.74,18.245.143.124,18.245.143.34,18.245.143.36,18.245.143.53,18.245.162.16,18.245.162.79,18.245.162.90,18.245.162.94,18.245.175.100,18.245.175.55,18.245.175.6,18.245.175.84,"
    3⤵
    PID:4192
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",3.162.38.108,"
    3⤵
    PID:2860
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,18.164.52.13,18.164.52.20,18.164.52.33,18.164.52.52,18.172.153.103,18.172.153.108,18.172.153.23,18.172.153.24,18.239.236.11,18.239.236.119,18.239.236.79,18.239.236.89,18.244.124.100,18.244.124.101,18.244.124.102,18.244.124.119,18.244.124.20,18.244.124.47,18.244.124.50,18.244.124.8,18.244.164.129,18.244.164.30,18.244.164.64,18.244.164.66,18.244.28.10,18.244.28.102,18.244.28.112,18.244.28.12,18.244.28.18,18.244.28.29,18.244.28.40,18.244.28.46,18.244.28.56,18.244.28.57,18.244.28.63,18.244.28.74,18.245.143.124,18.245.143.34,18.245.143.36,18.245.143.53,18.245.162.16,18.245.162.79,18.245.162.90,18.245.162.94,18.245.175.100,18.245.175.55,18.245.175.6,18.245.175.84,3.162.38.108,"
    3⤵
    PID:3324
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",3.162.38.116,"
    3⤵
    PID:3116
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,18.164.52.13,18.164.52.20,18.164.52.33,18.164.52.52,18.172.153.103,18.172.153.108,18.172.153.23,18.172.153.24,18.239.236.11,18.239.236.119,18.239.236.79,18.239.236.89,18.244.124.100,18.244.124.101,18.244.124.102,18.244.124.119,18.244.124.20,18.244.124.47,18.244.124.50,18.244.124.8,18.244.164.129,18.244.164.30,18.244.164.64,18.244.164.66,18.244.28.10,18.244.28.102,18.244.28.112,18.244.28.12,18.244.28.18,18.244.28.29,18.244.28.40,18.244.28.46,18.244.28.56,18.244.28.57,18.244.28.63,18.244.28.74,18.245.143.124,18.245.143.34,18.245.143.36,18.245.143.53,18.245.162.16,18.245.162.79,18.245.162.90,18.245.162.94,18.245.175.100,18.245.175.55,18.245.175.6,18.245.175.84,3.162.38.108,3.162.38.116,"
    3⤵
    PID:636
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",3.162.38.123,"
    3⤵
    PID:448
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,18.164.52.13,18.164.52.20,18.164.52.33,18.164.52.52,18.172.153.103,18.172.153.108,18.172.153.23,18.172.153.24,18.239.236.11,18.239.236.119,18.239.236.79,18.239.236.89,18.244.124.100,18.244.124.101,18.244.124.102,18.244.124.119,18.244.124.20,18.244.124.47,18.244.124.50,18.244.124.8,18.244.164.129,18.244.164.30,18.244.164.64,18.244.164.66,18.244.28.10,18.244.28.102,18.244.28.112,18.244.28.12,18.244.28.18,18.244.28.29,18.244.28.40,18.244.28.46,18.244.28.56,18.244.28.57,18.244.28.63,18.244.28.74,18.245.143.124,18.245.143.34,18.245.143.36,18.245.143.53,18.245.162.16,18.245.162.79,18.245.162.90,18.245.162.94,18.245.175.100,18.245.175.55,18.245.175.6,18.245.175.84,3.162.38.108,3.162.38.116,3.162.38.123,"
    3⤵
    PID:72
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",3.162.38.38,"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2808
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,18.164.52.13,18.164.52.20,18.164.52.33,18.164.52.52,18.172.153.103,18.172.153.108,18.172.153.23,18.172.153.24,18.239.236.11,18.239.236.119,18.239.236.79,18.239.236.89,18.244.124.100,18.244.124.101,18.244.124.102,18.244.124.119,18.244.124.20,18.244.124.47,18.244.124.50,18.244.124.8,18.244.164.129,18.244.164.30,18.244.164.64,18.244.164.66,18.244.28.10,18.244.28.102,18.244.28.112,18.244.28.12,18.244.28.18,18.244.28.29,18.244.28.40,18.244.28.46,18.244.28.56,18.244.28.57,18.244.28.63,18.244.28.74,18.245.143.124,18.245.143.34,18.245.143.36,18.245.143.53,18.245.162.16,18.245.162.79,18.245.162.90,18.245.162.94,18.245.175.100,18.245.175.55,18.245.175.6,18.245.175.84,3.162.38.108,3.162.38.116,3.162.38.123,3.162.38.38,"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5084
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",3.162.38.47,"
    3⤵
    PID:3488
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,18.164.52.13,18.164.52.20,18.164.52.33,18.164.52.52,18.172.153.103,18.172.153.108,18.172.153.23,18.172.153.24,18.239.236.11,18.239.236.119,18.239.236.79,18.239.236.89,18.244.124.100,18.244.124.101,18.244.124.102,18.244.124.119,18.244.124.20,18.244.124.47,18.244.124.50,18.244.124.8,18.244.164.129,18.244.164.30,18.244.164.64,18.244.164.66,18.244.28.10,18.244.28.102,18.244.28.112,18.244.28.12,18.244.28.18,18.244.28.29,18.244.28.40,18.244.28.46,18.244.28.56,18.244.28.57,18.244.28.63,18.244.28.74,18.245.143.124,18.245.143.34,18.245.143.36,18.245.143.53,18.245.162.16,18.245.162.79,18.245.162.90,18.245.162.94,18.245.175.100,18.245.175.55,18.245.175.6,18.245.175.84,3.162.38.108,3.162.38.116,3.162.38.123,3.162.38.38,3.162.38.47,"
    3⤵
    PID:3424
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",3.162.38.59,"
    3⤵
    PID:1856
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,18.164.52.13,18.164.52.20,18.164.52.33,18.164.52.52,18.172.153.103,18.172.153.108,18.172.153.23,18.172.153.24,18.239.236.11,18.239.236.119,18.239.236.79,18.239.236.89,18.244.124.100,18.244.124.101,18.244.124.102,18.244.124.119,18.244.124.20,18.244.124.47,18.244.124.50,18.244.124.8,18.244.164.129,18.244.164.30,18.244.164.64,18.244.164.66,18.244.28.10,18.244.28.102,18.244.28.112,18.244.28.12,18.244.28.18,18.244.28.29,18.244.28.40,18.244.28.46,18.244.28.56,18.244.28.57,18.244.28.63,18.244.28.74,18.245.143.124,18.245.143.34,18.245.143.36,18.245.143.53,18.245.162.16,18.245.162.79,18.245.162.90,18.245.162.94,18.245.175.100,18.245.175.55,18.245.175.6,18.245.175.84,3.162.38.108,3.162.38.116,3.162.38.123,3.162.38.38,3.162.38.47,3.162.38.59,"
    3⤵
    PID:3176
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",3.162.38.78,"
    3⤵
    PID:3096
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,18.164.52.13,18.164.52.20,18.164.52.33,18.164.52.52,18.172.153.103,18.172.153.108,18.172.153.23,18.172.153.24,18.239.236.11,18.239.236.119,18.239.236.79,18.239.236.89,18.244.124.100,18.244.124.101,18.244.124.102,18.244.124.119,18.244.124.20,18.244.124.47,18.244.124.50,18.244.124.8,18.244.164.129,18.244.164.30,18.244.164.64,18.244.164.66,18.244.28.10,18.244.28.102,18.244.28.112,18.244.28.12,18.244.28.18,18.244.28.29,18.244.28.40,18.244.28.46,18.244.28.56,18.244.28.57,18.244.28.63,18.244.28.74,18.245.143.124,18.245.143.34,18.245.143.36,18.245.143.53,18.245.162.16,18.245.162.79,18.245.162.90,18.245.162.94,18.245.175.100,18.245.175.55,18.245.175.6,18.245.175.84,3.162.38.108,3.162.38.116,3.162.38.123,3.162.38.38,3.162.38.47,3.162.38.59,3.162.38.78,"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2684
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",3.162.38.97,"
    3⤵
    PID:2240
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,18.164.52.13,18.164.52.20,18.164.52.33,18.164.52.52,18.172.153.103,18.172.153.108,18.172.153.23,18.172.153.24,18.239.236.11,18.239.236.119,18.239.236.79,18.239.236.89,18.244.124.100,18.244.124.101,18.244.124.102,18.244.124.119,18.244.124.20,18.244.124.47,18.244.124.50,18.244.124.8,18.244.164.129,18.244.164.30,18.244.164.64,18.244.164.66,18.244.28.10,18.244.28.102,18.244.28.112,18.244.28.12,18.244.28.18,18.244.28.29,18.244.28.40,18.244.28.46,18.244.28.56,18.244.28.57,18.244.28.63,18.244.28.74,18.245.143.124,18.245.143.34,18.245.143.36,18.245.143.53,18.245.162.16,18.245.162.79,18.245.162.90,18.245.162.94,18.245.175.100,18.245.175.55,18.245.175.6,18.245.175.84,3.162.38.108,3.162.38.116,3.162.38.123,3.162.38.38,3.162.38.47,3.162.38.59,3.162.38.78,3.162.38.97,"
    3⤵
    PID:1512
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",3.164.163.35,"
    3⤵
    PID:4692
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,18.164.52.13,18.164.52.20,18.164.52.33,18.164.52.52,18.172.153.103,18.172.153.108,18.172.153.23,18.172.153.24,18.239.236.11,18.239.236.119,18.239.236.79,18.239.236.89,18.244.124.100,18.244.124.101,18.244.124.102,18.244.124.119,18.244.124.20,18.244.124.47,18.244.124.50,18.244.124.8,18.244.164.129,18.244.164.30,18.244.164.64,18.244.164.66,18.244.28.10,18.244.28.102,18.244.28.112,18.244.28.12,18.244.28.18,18.244.28.29,18.244.28.40,18.244.28.46,18.244.28.56,18.244.28.57,18.244.28.63,18.244.28.74,18.245.143.124,18.245.143.34,18.245.143.36,18.245.143.53,18.245.162.16,18.245.162.79,18.245.162.90,18.245.162.94,18.245.175.100,18.245.175.55,18.245.175.6,18.245.175.84,3.162.38.108,3.162.38.116,3.162.38.123,3.162.38.38,3.162.38.47,3.162.38.59,3.162.38.78,3.162.38.97,3.164.163.35,"
    3⤵
    PID:1268
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",3.164.163.46,"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3900
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,18.164.52.13,18.164.52.20,18.164.52.33,18.164.52.52,18.172.153.103,18.172.153.108,18.172.153.23,18.172.153.24,18.239.236.11,18.239.236.119,18.239.236.79,18.239.236.89,18.244.124.100,18.244.124.101,18.244.124.102,18.244.124.119,18.244.124.20,18.244.124.47,18.244.124.50,18.244.124.8,18.244.164.129,18.244.164.30,18.244.164.64,18.244.164.66,18.244.28.10,18.244.28.102,18.244.28.112,18.244.28.12,18.244.28.18,18.244.28.29,18.244.28.40,18.244.28.46,18.244.28.56,18.244.28.57,18.244.28.63,18.244.28.74,18.245.143.124,18.245.143.34,18.245.143.36,18.245.143.53,18.245.162.16,18.245.162.79,18.245.162.90,18.245.162.94,18.245.175.100,18.245.175.55,18.245.175.6,18.245.175.84,3.162.38.108,3.162.38.116,3.162.38.123,3.162.38.38,3.162.38.47,3.162.38.59,3.162.38.78,3.162.38.97,3.164.163.35,3.164.163.46,"
    3⤵
    PID:3528
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",3.164.163.8,"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3464
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,18.164.52.13,18.164.52.20,18.164.52.33,18.164.52.52,18.172.153.103,18.172.153.108,18.172.153.23,18.172.153.24,18.239.236.11,18.239.236.119,18.239.236.79,18.239.236.89,18.244.124.100,18.244.124.101,18.244.124.102,18.244.124.119,18.244.124.20,18.244.124.47,18.244.124.50,18.244.124.8,18.244.164.129,18.244.164.30,18.244.164.64,18.244.164.66,18.244.28.10,18.244.28.102,18.244.28.112,18.244.28.12,18.244.28.18,18.244.28.29,18.244.28.40,18.244.28.46,18.244.28.56,18.244.28.57,18.244.28.63,18.244.28.74,18.245.143.124,18.245.143.34,18.245.143.36,18.245.143.53,18.245.162.16,18.245.162.79,18.245.162.90,18.245.162.94,18.245.175.100,18.245.175.55,18.245.175.6,18.245.175.84,3.162.38.108,3.162.38.116,3.162.38.123,3.162.38.38,3.162.38.47,3.162.38.59,3.162.38.78,3.162.38.97,3.164.163.35,3.164.163.46,3.164.163.8,"
    3⤵
    PID:3920
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",3.164.163.83,"
    3⤵
    PID:5068
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,18.164.52.13,18.164.52.20,18.164.52.33,18.164.52.52,18.172.153.103,18.172.153.108,18.172.153.23,18.172.153.24,18.239.236.11,18.239.236.119,18.239.236.79,18.239.236.89,18.244.124.100,18.244.124.101,18.244.124.102,18.244.124.119,18.244.124.20,18.244.124.47,18.244.124.50,18.244.124.8,18.244.164.129,18.244.164.30,18.244.164.64,18.244.164.66,18.244.28.10,18.244.28.102,18.244.28.112,18.244.28.12,18.244.28.18,18.244.28.29,18.244.28.40,18.244.28.46,18.244.28.56,18.244.28.57,18.244.28.63,18.244.28.74,18.245.143.124,18.245.143.34,18.245.143.36,18.245.143.53,18.245.162.16,18.245.162.79,18.245.162.90,18.245.162.94,18.245.175.100,18.245.175.55,18.245.175.6,18.245.175.84,3.162.38.108,3.162.38.116,3.162.38.123,3.162.38.38,3.162.38.47,3.162.38.59,3.162.38.78,3.162.38.97,3.164.163.35,3.164.163.46,3.164.163.8,3.164.163.83,"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1432
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",52.222.149.110,"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2500
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,18.164.52.13,18.164.52.20,18.164.52.33,18.164.52.52,18.172.153.103,18.172.153.108,18.172.153.23,18.172.153.24,18.239.236.11,18.239.236.119,18.239.236.79,18.239.236.89,18.244.124.100,18.244.124.101,18.244.124.102,18.244.124.119,18.244.124.20,18.244.124.47,18.244.124.50,18.244.124.8,18.244.164.129,18.244.164.30,18.244.164.64,18.244.164.66,18.244.28.10,18.244.28.102,18.244.28.112,18.244.28.12,18.244.28.18,18.244.28.29,18.244.28.40,18.244.28.46,18.244.28.56,18.244.28.57,18.244.28.63,18.244.28.74,18.245.143.124,18.245.143.34,18.245.143.36,18.245.143.53,18.245.162.16,18.245.162.79,18.245.162.90,18.245.162.94,18.245.175.100,18.245.175.55,18.245.175.6,18.245.175.84,3.162.38.108,3.162.38.116,3.162.38.123,3.162.38.38,3.162.38.47,3.162.38.59,3.162.38.78,3.162.38.97,3.164.163.35,3.164.163.46,3.164.163.8,3.164.163.83,52.222.149.110,"
    3⤵
    PID:1312
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",52.222.149.128,"
    3⤵
    PID:1436
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,18.164.52.13,18.164.52.20,18.164.52.33,18.164.52.52,18.172.153.103,18.172.153.108,18.172.153.23,18.172.153.24,18.239.236.11,18.239.236.119,18.239.236.79,18.239.236.89,18.244.124.100,18.244.124.101,18.244.124.102,18.244.124.119,18.244.124.20,18.244.124.47,18.244.124.50,18.244.124.8,18.244.164.129,18.244.164.30,18.244.164.64,18.244.164.66,18.244.28.10,18.244.28.102,18.244.28.112,18.244.28.12,18.244.28.18,18.244.28.29,18.244.28.40,18.244.28.46,18.244.28.56,18.244.28.57,18.244.28.63,18.244.28.74,18.245.143.124,18.245.143.34,18.245.143.36,18.245.143.53,18.245.162.16,18.245.162.79,18.245.162.90,18.245.162.94,18.245.175.100,18.245.175.55,18.245.175.6,18.245.175.84,3.162.38.108,3.162.38.116,3.162.38.123,3.162.38.38,3.162.38.47,3.162.38.59,3.162.38.78,3.162.38.97,3.164.163.35,3.164.163.46,3.164.163.8,3.164.163.83,52.222.149.110,52.222.149.128,"
    3⤵
    PID:3104
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",52.222.149.20,"
    3⤵
    PID:4996
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,18.164.52.13,18.164.52.20,18.164.52.33,18.164.52.52,18.172.153.103,18.172.153.108,18.172.153.23,18.172.153.24,18.239.236.11,18.239.236.119,18.239.236.79,18.239.236.89,18.244.124.100,18.244.124.101,18.244.124.102,18.244.124.119,18.244.124.20,18.244.124.47,18.244.124.50,18.244.124.8,18.244.164.129,18.244.164.30,18.244.164.64,18.244.164.66,18.244.28.10,18.244.28.102,18.244.28.112,18.244.28.12,18.244.28.18,18.244.28.29,18.244.28.40,18.244.28.46,18.244.28.56,18.244.28.57,18.244.28.63,18.244.28.74,18.245.143.124,18.245.143.34,18.245.143.36,18.245.143.53,18.245.162.16,18.245.162.79,18.245.162.90,18.245.162.94,18.245.175.100,18.245.175.55,18.245.175.6,18.245.175.84,3.162.38.108,3.162.38.116,3.162.38.123,3.162.38.38,3.162.38.47,3.162.38.59,3.162.38.78,3.162.38.97,3.164.163.35,3.164.163.46,3.164.163.8,3.164.163.83,52.222.149.110,52.222.149.128,52.222.149.20,"
    3⤵
    PID:1656
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",52.222.149.29,"
    3⤵
    PID:2344
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,18.164.52.13,18.164.52.20,18.164.52.33,18.164.52.52,18.172.153.103,18.172.153.108,18.172.153.23,18.172.153.24,18.239.236.11,18.239.236.119,18.239.236.79,18.239.236.89,18.244.124.100,18.244.124.101,18.244.124.102,18.244.124.119,18.244.124.20,18.244.124.47,18.244.124.50,18.244.124.8,18.244.164.129,18.244.164.30,18.244.164.64,18.244.164.66,18.244.28.10,18.244.28.102,18.244.28.112,18.244.28.12,18.244.28.18,18.244.28.29,18.244.28.40,18.244.28.46,18.244.28.56,18.244.28.57,18.244.28.63,18.244.28.74,18.245.143.124,18.245.143.34,18.245.143.36,18.245.143.53,18.245.162.16,18.245.162.79,18.245.162.90,18.245.162.94,18.245.175.100,18.245.175.55,18.245.175.6,18.245.175.84,3.162.38.108,3.162.38.116,3.162.38.123,3.162.38.38,3.162.38.47,3.162.38.59,3.162.38.78,3.162.38.97,3.164.163.35,3.164.163.46,3.164.163.8,3.164.163.83,52.222.149.110,52.222.149.128,52.222.149.20,52.222.149.29,"
    3⤵
    PID:4544
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",52.222.149.30,"
    3⤵
    PID:2192
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,18.164.52.13,18.164.52.20,18.164.52.33,18.164.52.52,18.172.153.103,18.172.153.108,18.172.153.23,18.172.153.24,18.239.236.11,18.239.236.119,18.239.236.79,18.239.236.89,18.244.124.100,18.244.124.101,18.244.124.102,18.244.124.119,18.244.124.20,18.244.124.47,18.244.124.50,18.244.124.8,18.244.164.129,18.244.164.30,18.244.164.64,18.244.164.66,18.244.28.10,18.244.28.102,18.244.28.112,18.244.28.12,18.244.28.18,18.244.28.29,18.244.28.40,18.244.28.46,18.244.28.56,18.244.28.57,18.244.28.63,18.244.28.74,18.245.143.124,18.245.143.34,18.245.143.36,18.245.143.53,18.245.162.16,18.245.162.79,18.245.162.90,18.245.162.94,18.245.175.100,18.245.175.55,18.245.175.6,18.245.175.84,3.162.38.108,3.162.38.116,3.162.38.123,3.162.38.38,3.162.38.47,3.162.38.59,3.162.38.78,3.162.38.97,3.164.163.35,3.164.163.46,3.164.163.8,3.164.163.83,52.222.149.110,52.222.149.128,52.222.149.20,52.222.149.29,52.222.149.30,"
    3⤵
    PID:1708
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",52.222.149.36,"
    3⤵
    PID:2616
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,18.164.52.13,18.164.52.20,18.164.52.33,18.164.52.52,18.172.153.103,18.172.153.108,18.172.153.23,18.172.153.24,18.239.236.11,18.239.236.119,18.239.236.79,18.239.236.89,18.244.124.100,18.244.124.101,18.244.124.102,18.244.124.119,18.244.124.20,18.244.124.47,18.244.124.50,18.244.124.8,18.244.164.129,18.244.164.30,18.244.164.64,18.244.164.66,18.244.28.10,18.244.28.102,18.244.28.112,18.244.28.12,18.244.28.18,18.244.28.29,18.244.28.40,18.244.28.46,18.244.28.56,18.244.28.57,18.244.28.63,18.244.28.74,18.245.143.124,18.245.143.34,18.245.143.36,18.245.143.53,18.245.162.16,18.245.162.79,18.245.162.90,18.245.162.94,18.245.175.100,18.245.175.55,18.245.175.6,18.245.175.84,3.162.38.108,3.162.38.116,3.162.38.123,3.162.38.38,3.162.38.47,3.162.38.59,3.162.38.78,3.162.38.97,3.164.163.35,3.164.163.46,3.164.163.8,3.164.163.83,52.222.149.110,52.222.149.128,52.222.149.20,52.222.149.29,52.222.149.30,52.222.149.36,"
    3⤵
    PID:3896
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",52.222.149.6,"
    3⤵
    PID:4868
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,18.164.52.13,18.164.52.20,18.164.52.33,18.164.52.52,18.172.153.103,18.172.153.108,18.172.153.23,18.172.153.24,18.239.236.11,18.239.236.119,18.239.236.79,18.239.236.89,18.244.124.100,18.244.124.101,18.244.124.102,18.244.124.119,18.244.124.20,18.244.124.47,18.244.124.50,18.244.124.8,18.244.164.129,18.244.164.30,18.244.164.64,18.244.164.66,18.244.28.10,18.244.28.102,18.244.28.112,18.244.28.12,18.244.28.18,18.244.28.29,18.244.28.40,18.244.28.46,18.244.28.56,18.244.28.57,18.244.28.63,18.244.28.74,18.245.143.124,18.245.143.34,18.245.143.36,18.245.143.53,18.245.162.16,18.245.162.79,18.245.162.90,18.245.162.94,18.245.175.100,18.245.175.55,18.245.175.6,18.245.175.84,3.162.38.108,3.162.38.116,3.162.38.123,3.162.38.38,3.162.38.47,3.162.38.59,3.162.38.78,3.162.38.97,3.164.163.35,3.164.163.46,3.164.163.8,3.164.163.83,52.222.149.110,52.222.149.128,52.222.149.20,52.222.149.29,52.222.149.30,52.222.149.36,52.222.149.6,"
    3⤵
    PID:3864
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",52.222.149.85,"
    3⤵
    PID:2352
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,18.164.52.13,18.164.52.20,18.164.52.33,18.164.52.52,18.172.153.103,18.172.153.108,18.172.153.23,18.172.153.24,18.239.236.11,18.239.236.119,18.239.236.79,18.239.236.89,18.244.124.100,18.244.124.101,18.244.124.102,18.244.124.119,18.244.124.20,18.244.124.47,18.244.124.50,18.244.124.8,18.244.164.129,18.244.164.30,18.244.164.64,18.244.164.66,18.244.28.10,18.244.28.102,18.244.28.112,18.244.28.12,18.244.28.18,18.244.28.29,18.244.28.40,18.244.28.46,18.244.28.56,18.244.28.57,18.244.28.63,18.244.28.74,18.245.143.124,18.245.143.34,18.245.143.36,18.245.143.53,18.245.162.16,18.245.162.79,18.245.162.90,18.245.162.94,18.245.175.100,18.245.175.55,18.245.175.6,18.245.175.84,3.162.38.108,3.162.38.116,3.162.38.123,3.162.38.38,3.162.38.47,3.162.38.59,3.162.38.78,3.162.38.97,3.164.163.35,3.164.163.46,3.164.163.8,3.164.163.83,52.222.149.110,52.222.149.128,52.222.149.20,52.222.149.29,52.222.149.30,52.222.149.36,52.222.149.6,52.222.149.85,"
    3⤵
    PID:1948
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",52.222.236.116,"
    3⤵
    PID:4516
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,18.164.52.13,18.164.52.20,18.164.52.33,18.164.52.52,18.172.153.103,18.172.153.108,18.172.153.23,18.172.153.24,18.239.236.11,18.239.236.119,18.239.236.79,18.239.236.89,18.244.124.100,18.244.124.101,18.244.124.102,18.244.124.119,18.244.124.20,18.244.124.47,18.244.124.50,18.244.124.8,18.244.164.129,18.244.164.30,18.244.164.64,18.244.164.66,18.244.28.10,18.244.28.102,18.244.28.112,18.244.28.12,18.244.28.18,18.244.28.29,18.244.28.40,18.244.28.46,18.244.28.56,18.244.28.57,18.244.28.63,18.244.28.74,18.245.143.124,18.245.143.34,18.245.143.36,18.245.143.53,18.245.162.16,18.245.162.79,18.245.162.90,18.245.162.94,18.245.175.100,18.245.175.55,18.245.175.6,18.245.175.84,3.162.38.108,3.162.38.116,3.162.38.123,3.162.38.38,3.162.38.47,3.162.38.59,3.162.38.78,3.162.38.97,3.164.163.35,3.164.163.46,3.164.163.8,3.164.163.83,52.222.149.110,52.222.149.128,52.222.149.20,52.222.149.29,52.222.149.30,52.222.149.36,52.222.149.6,52.222.149.85,52.222.236.116,"
    3⤵
    PID:844
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",52.222.236.25,"
    3⤵
    PID:3032
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,18.164.52.13,18.164.52.20,18.164.52.33,18.164.52.52,18.172.153.103,18.172.153.108,18.172.153.23,18.172.153.24,18.239.236.11,18.239.236.119,18.239.236.79,18.239.236.89,18.244.124.100,18.244.124.101,18.244.124.102,18.244.124.119,18.244.124.20,18.244.124.47,18.244.124.50,18.244.124.8,18.244.164.129,18.244.164.30,18.244.164.64,18.244.164.66,18.244.28.10,18.244.28.102,18.244.28.112,18.244.28.12,18.244.28.18,18.244.28.29,18.244.28.40,18.244.28.46,18.244.28.56,18.244.28.57,18.244.28.63,18.244.28.74,18.245.143.124,18.245.143.34,18.245.143.36,18.245.143.53,18.245.162.16,18.245.162.79,18.245.162.90,18.245.162.94,18.245.175.100,18.245.175.55,18.245.175.6,18.245.175.84,3.162.38.108,3.162.38.116,3.162.38.123,3.162.38.38,3.162.38.47,3.162.38.59,3.162.38.78,3.162.38.97,3.164.163.35,3.164.163.46,3.164.163.8,3.164.163.83,52.222.149.110,52.222.149.128,52.222.149.20,52.222.149.29,52.222.149.30,52.222.149.36,52.222.149.6,52.222.149.85,52.222.236.116,52.222.236.25,"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1464
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",52.222.236.70,"
    3⤵
    PID:4572
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,18.164.52.13,18.164.52.20,18.164.52.33,18.164.52.52,18.172.153.103,18.172.153.108,18.172.153.23,18.172.153.24,18.239.236.11,18.239.236.119,18.239.236.79,18.239.236.89,18.244.124.100,18.244.124.101,18.244.124.102,18.244.124.119,18.244.124.20,18.244.124.47,18.244.124.50,18.244.124.8,18.244.164.129,18.244.164.30,18.244.164.64,18.244.164.66,18.244.28.10,18.244.28.102,18.244.28.112,18.244.28.12,18.244.28.18,18.244.28.29,18.244.28.40,18.244.28.46,18.244.28.56,18.244.28.57,18.244.28.63,18.244.28.74,18.245.143.124,18.245.143.34,18.245.143.36,18.245.143.53,18.245.162.16,18.245.162.79,18.245.162.90,18.245.162.94,18.245.175.100,18.245.175.55,18.245.175.6,18.245.175.84,3.162.38.108,3.162.38.116,3.162.38.123,3.162.38.38,3.162.38.47,3.162.38.59,3.162.38.78,3.162.38.97,3.164.163.35,3.164.163.46,3.164.163.8,3.164.163.83,52.222.149.110,52.222.149.128,52.222.149.20,52.222.149.29,52.222.149.30,52.222.149.36,52.222.149.6,52.222.149.85,52.222.236.116,52.222.236.25,52.222.236.70,"
    3⤵
    PID:1888
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",52.222.236.97,"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4896
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,18.164.52.13,18.164.52.20,18.164.52.33,18.164.52.52,18.172.153.103,18.172.153.108,18.172.153.23,18.172.153.24,18.239.236.11,18.239.236.119,18.239.236.79,18.239.236.89,18.244.124.100,18.244.124.101,18.244.124.102,18.244.124.119,18.244.124.20,18.244.124.47,18.244.124.50,18.244.124.8,18.244.164.129,18.244.164.30,18.244.164.64,18.244.164.66,18.244.28.10,18.244.28.102,18.244.28.112,18.244.28.12,18.244.28.18,18.244.28.29,18.244.28.40,18.244.28.46,18.244.28.56,18.244.28.57,18.244.28.63,18.244.28.74,18.245.143.124,18.245.143.34,18.245.143.36,18.245.143.53,18.245.162.16,18.245.162.79,18.245.162.90,18.245.162.94,18.245.175.100,18.245.175.55,18.245.175.6,18.245.175.84,3.162.38.108,3.162.38.116,3.162.38.123,3.162.38.38,3.162.38.47,3.162.38.59,3.162.38.78,3.162.38.97,3.164.163.35,3.164.163.46,3.164.163.8,3.164.163.83,52.222.149.110,52.222.149.128,52.222.149.20,52.222.149.29,52.222.149.30,52.222.149.36,52.222.149.6,52.222.149.85,52.222.236.116,52.222.236.25,52.222.236.70,52.222.236.97,"
    3⤵
    PID:4832
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",52.84.174.106,"
    3⤵
    PID:4340
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,18.164.52.13,18.164.52.20,18.164.52.33,18.164.52.52,18.172.153.103,18.172.153.108,18.172.153.23,18.172.153.24,18.239.236.11,18.239.236.119,18.239.236.79,18.239.236.89,18.244.124.100,18.244.124.101,18.244.124.102,18.244.124.119,18.244.124.20,18.244.124.47,18.244.124.50,18.244.124.8,18.244.164.129,18.244.164.30,18.244.164.64,18.244.164.66,18.244.28.10,18.244.28.102,18.244.28.112,18.244.28.12,18.244.28.18,18.244.28.29,18.244.28.40,18.244.28.46,18.244.28.56,18.244.28.57,18.244.28.63,18.244.28.74,18.245.143.124,18.245.143.34,18.245.143.36,18.245.143.53,18.245.162.16,18.245.162.79,18.245.162.90,18.245.162.94,18.245.175.100,18.245.175.55,18.245.175.6,18.245.175.84,3.162.38.108,3.162.38.116,3.162.38.123,3.162.38.38,3.162.38.47,3.162.38.59,3.162.38.78,3.162.38.97,3.164.163.35,3.164.163.46,3.164.163.8,3.164.163.83,52.222.149.110,52.222.149.128,52.222.149.20,52.222.149.29,52.222.149.30,52.222.149.36,52.222.149.6,52.222.149.85,52.222.236.116,52.222.236.25,52.222.236.70,52.222.236.97,52.84.174.106,"
    3⤵
    PID:4844
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",52.84.174.108,"
    3⤵
    PID:5056
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,18.164.52.13,18.164.52.20,18.164.52.33,18.164.52.52,18.172.153.103,18.172.153.108,18.172.153.23,18.172.153.24,18.239.236.11,18.239.236.119,18.239.236.79,18.239.236.89,18.244.124.100,18.244.124.101,18.244.124.102,18.244.124.119,18.244.124.20,18.244.124.47,18.244.124.50,18.244.124.8,18.244.164.129,18.244.164.30,18.244.164.64,18.244.164.66,18.244.28.10,18.244.28.102,18.244.28.112,18.244.28.12,18.244.28.18,18.244.28.29,18.244.28.40,18.244.28.46,18.244.28.56,18.244.28.57,18.244.28.63,18.244.28.74,18.245.143.124,18.245.143.34,18.245.143.36,18.245.143.53,18.245.162.16,18.245.162.79,18.245.162.90,18.245.162.94,18.245.175.100,18.245.175.55,18.245.175.6,18.245.175.84,3.162.38.108,3.162.38.116,3.162.38.123,3.162.38.38,3.162.38.47,3.162.38.59,3.162.38.78,3.162.38.97,3.164.163.35,3.164.163.46,3.164.163.8,3.164.163.83,52.222.149.110,52.222.149.128,52.222.149.20,52.222.149.29,52.222.149.30,52.222.149.36,52.222.149.6,52.222.149.85,52.222.236.116,52.222.236.25,52.222.236.70,52.222.236.97,52.84.174.106,52.84.174.108,"
    3⤵
    PID:2072
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",52.84.174.73,"
    3⤵
    PID:1308
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,18.164.52.13,18.164.52.20,18.164.52.33,18.164.52.52,18.172.153.103,18.172.153.108,18.172.153.23,18.172.153.24,18.239.236.11,18.239.236.119,18.239.236.79,18.239.236.89,18.244.124.100,18.244.124.101,18.244.124.102,18.244.124.119,18.244.124.20,18.244.124.47,18.244.124.50,18.244.124.8,18.244.164.129,18.244.164.30,18.244.164.64,18.244.164.66,18.244.28.10,18.244.28.102,18.244.28.112,18.244.28.12,18.244.28.18,18.244.28.29,18.244.28.40,18.244.28.46,18.244.28.56,18.244.28.57,18.244.28.63,18.244.28.74,18.245.143.124,18.245.143.34,18.245.143.36,18.245.143.53,18.245.162.16,18.245.162.79,18.245.162.90,18.245.162.94,18.245.175.100,18.245.175.55,18.245.175.6,18.245.175.84,3.162.38.108,3.162.38.116,3.162.38.123,3.162.38.38,3.162.38.47,3.162.38.59,3.162.38.78,3.162.38.97,3.164.163.35,3.164.163.46,3.164.163.8,3.164.163.83,52.222.149.110,52.222.149.128,52.222.149.20,52.222.149.29,52.222.149.30,52.222.149.36,52.222.149.6,52.222.149.85,52.222.236.116,52.222.236.25,52.222.236.70,52.222.236.97,52.84.174.106,52.84.174.108,52.84.174.73,"
    3⤵
    PID:3320
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",52.84.174.97,"
    3⤵
    PID:2036
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,18.164.52.13,18.164.52.20,18.164.52.33,18.164.52.52,18.172.153.103,18.172.153.108,18.172.153.23,18.172.153.24,18.239.236.11,18.239.236.119,18.239.236.79,18.239.236.89,18.244.124.100,18.244.124.101,18.244.124.102,18.244.124.119,18.244.124.20,18.244.124.47,18.244.124.50,18.244.124.8,18.244.164.129,18.244.164.30,18.244.164.64,18.244.164.66,18.244.28.10,18.244.28.102,18.244.28.112,18.244.28.12,18.244.28.18,18.244.28.29,18.244.28.40,18.244.28.46,18.244.28.56,18.244.28.57,18.244.28.63,18.244.28.74,18.245.143.124,18.245.143.34,18.245.143.36,18.245.143.53,18.245.162.16,18.245.162.79,18.245.162.90,18.245.162.94,18.245.175.100,18.245.175.55,18.245.175.6,18.245.175.84,3.162.38.108,3.162.38.116,3.162.38.123,3.162.38.38,3.162.38.47,3.162.38.59,3.162.38.78,3.162.38.97,3.164.163.35,3.164.163.46,3.164.163.8,3.164.163.83,52.222.149.110,52.222.149.128,52.222.149.20,52.222.149.29,52.222.149.30,52.222.149.36,52.222.149.6,52.222.149.85,52.222.236.116,52.222.236.25,52.222.236.70,52.222.236.97,52.84.174.106,52.84.174.108,52.84.174.73,52.84.174.97,"
    3⤵
    PID:2528
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",99.86.114.26,"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4264
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,18.164.52.13,18.164.52.20,18.164.52.33,18.164.52.52,18.172.153.103,18.172.153.108,18.172.153.23,18.172.153.24,18.239.236.11,18.239.236.119,18.239.236.79,18.239.236.89,18.244.124.100,18.244.124.101,18.244.124.102,18.244.124.119,18.244.124.20,18.244.124.47,18.244.124.50,18.244.124.8,18.244.164.129,18.244.164.30,18.244.164.64,18.244.164.66,18.244.28.10,18.244.28.102,18.244.28.112,18.244.28.12,18.244.28.18,18.244.28.29,18.244.28.40,18.244.28.46,18.244.28.56,18.244.28.57,18.244.28.63,18.244.28.74,18.245.143.124,18.245.143.34,18.245.143.36,18.245.143.53,18.245.162.16,18.245.162.79,18.245.162.90,18.245.162.94,18.245.175.100,18.245.175.55,18.245.175.6,18.245.175.84,3.162.38.108,3.162.38.116,3.162.38.123,3.162.38.38,3.162.38.47,3.162.38.59,3.162.38.78,3.162.38.97,3.164.163.35,3.164.163.46,3.164.163.8,3.164.163.83,52.222.149.110,52.222.149.128,52.222.149.20,52.222.149.29,52.222.149.30,52.222.149.36,52.222.149.6,52.222.149.85,52.222.236.116,52.222.236.25,52.222.236.70,52.222.236.97,52.84.174.106,52.84.174.108,52.84.174.73,52.84.174.97,99.86.114.26,"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3120
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",99.86.114.40,"
    3⤵
    PID:2504
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,18.164.52.13,18.164.52.20,18.164.52.33,18.164.52.52,18.172.153.103,18.172.153.108,18.172.153.23,18.172.153.24,18.239.236.11,18.239.236.119,18.239.236.79,18.239.236.89,18.244.124.100,18.244.124.101,18.244.124.102,18.244.124.119,18.244.124.20,18.244.124.47,18.244.124.50,18.244.124.8,18.244.164.129,18.244.164.30,18.244.164.64,18.244.164.66,18.244.28.10,18.244.28.102,18.244.28.112,18.244.28.12,18.244.28.18,18.244.28.29,18.244.28.40,18.244.28.46,18.244.28.56,18.244.28.57,18.244.28.63,18.244.28.74,18.245.143.124,18.245.143.34,18.245.143.36,18.245.143.53,18.245.162.16,18.245.162.79,18.245.162.90,18.245.162.94,18.245.175.100,18.245.175.55,18.245.175.6,18.245.175.84,3.162.38.108,3.162.38.116,3.162.38.123,3.162.38.38,3.162.38.47,3.162.38.59,3.162.38.78,3.162.38.97,3.164.163.35,3.164.163.46,3.164.163.8,3.164.163.83,52.222.149.110,52.222.149.128,52.222.149.20,52.222.149.29,52.222.149.30,52.222.149.36,52.222.149.6,52.222.149.85,52.222.236.116,52.222.236.25,52.222.236.70,52.222.236.97,52.84.174.106,52.84.174.108,52.84.174.73,52.84.174.97,99.86.114.26,99.86.114.40,"
    3⤵
    PID:876
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",99.86.114.7,"
    3⤵
    PID:2324
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,18.164.52.13,18.164.52.20,18.164.52.33,18.164.52.52,18.172.153.103,18.172.153.108,18.172.153.23,18.172.153.24,18.239.236.11,18.239.236.119,18.239.236.79,18.239.236.89,18.244.124.100,18.244.124.101,18.244.124.102,18.244.124.119,18.244.124.20,18.244.124.47,18.244.124.50,18.244.124.8,18.244.164.129,18.244.164.30,18.244.164.64,18.244.164.66,18.244.28.10,18.244.28.102,18.244.28.112,18.244.28.12,18.244.28.18,18.244.28.29,18.244.28.40,18.244.28.46,18.244.28.56,18.244.28.57,18.244.28.63,18.244.28.74,18.245.143.124,18.245.143.34,18.245.143.36,18.245.143.53,18.245.162.16,18.245.162.79,18.245.162.90,18.245.162.94,18.245.175.100,18.245.175.55,18.245.175.6,18.245.175.84,3.162.38.108,3.162.38.116,3.162.38.123,3.162.38.38,3.162.38.47,3.162.38.59,3.162.38.78,3.162.38.97,3.164.163.35,3.164.163.46,3.164.163.8,3.164.163.83,52.222.149.110,52.222.149.128,52.222.149.20,52.222.149.29,52.222.149.30,52.222.149.36,52.222.149.6,52.222.149.85,52.222.236.116,52.222.236.25,52.222.236.70,52.222.236.97,52.84.174.106,52.84.174.108,52.84.174.73,52.84.174.97,99.86.114.26,99.86.114.40,99.86.114.7,"
    3⤵
    PID:3684
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /c:",99.86.114.9,"
    3⤵
    PID:4296
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /i /v /c:".adobe.io" "C:\Users\Admin\AppData\Local\Temp\Adobe Temp\pihole.txt"
    3⤵
    PID:3552
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /i /v /c:".adobestats.io"
    3⤵
    PID:5024
- - C:\Windows\SysWOW64\findstr.exe
    findstr /l /i /v /g:"C:\Users\Admin\AppData\Local\Temp\Adobe Temp\hosts.txt" "C:\Windows\system32\drivers\etc\hosts"
    3⤵
    PID:1200
- - C:\Windows\SysWOW64\ipconfig.exe
    ipconfig /flushdns
    3⤵
    - System Location Discovery: System Language Discovery
    - Gathers network information
    PID:72
- - C:\Windows\SysWOW64\netsh.exe
    netsh advfirewall firewall add rule name="Adobe Unlicensed Pop-up" dir=out action=block remoteip=,108.138.217.102,108.138.217.18,108.138.217.19,108.138.217.92,108.138.233.117,108.138.233.36,108.138.233.62,108.138.233.86,108.138.7.117,108.138.7.47,108.138.7.8,108.138.7.97,13.224.222.118,13.224.222.57,13.224.222.91,13.224.222.93,13.249.9.36,13.249.9.46,13.249.9.8,13.249.9.90,13.32.27.111,13.32.27.114,13.32.27.28,13.32.27.49,143.204.215.2,143.204.215.27,143.204.215.40,143.204.215.74,143.204.68.16,143.204.68.23,143.204.68.39,143.204.68.70,18.154.84.101,18.154.84.110,18.154.84.114,18.154.84.121,18.164.52.13,18.164.52.20,18.164.52.33,18.164.52.52,18.172.153.103,18.172.153.108,18.172.153.23,18.172.153.24,18.239.236.11,18.239.236.119,18.239.236.79,18.239.236.89,18.244.124.100,18.244.124.101,18.244.124.102,18.244.124.119,18.244.124.20,18.244.124.47,18.244.124.50,18.244.124.8,18.244.164.129,18.244.164.30,18.244.164.64,18.244.164.66,18.244.28.10,18.244.28.102,18.244.28.112,18.244.28.12,18.244.28.18,18.244.28.29,18.244.28.40,18.244.28.46,18.244.28.56,18.244.28.57,18.244.28.63,18.244.28.74,18.245.143.124,18.245.143.34,18.245.143.36,18.245.143.53,18.245.162.16,18.245.162.79,18.245.162.90,18.245.162.94,18.245.175.100,18.245.175.55,18.245.175.6,18.245.175.84,3.162.38.108,3.162.38.116,3.162.38.123,3.162.38.38,3.162.38.47,3.162.38.59,3.162.38.78,3.162.38.97,3.164.163.35,3.164.163.46,3.164.163.8,3.164.163.83,52.222.149.110,52.222.149.128,52.222.149.20,52.222.149.29,52.222.149.30,52.222.149.36,52.222.149.6,52.222.149.85,52.222.236.116,52.222.236.25,52.222.236.70,52.222.236.97,52.84.174.106,52.84.174.108,52.84.174.73,52.84.174.97,99.86.114.26,99.86.114.40,99.86.114.7,99.86.114.9, enable=yes
    3⤵
    - Modifies Windows Firewall
    - Event Triggered Execution: Netsh Helper DLL
    PID:4864
- C:\Users\Admin\AppData\Local\Temp\setup.exe
  "C:\Users\Admin\AppData\Local\Temp\setup.exe" -sfxwaitall:1 "C:\Users\Admin\AppData\Local\Temp\Adobe Temp\SetACL.exe" -on "C:\Program Files\WindowsApps" -ot file -actn list -lst "f:sddl;w:d,s,o" -bckp "C:\Users\Admin\AppData\Local\Temp\Adobe Temp\regrights.bkp"
  2⤵
  PID:2140
- - C:\Users\Admin\AppData\Local\Temp\Adobe Temp\SetACL.exe
    "C:\Users\Admin\AppData\Local\Temp\Adobe Temp\SetACL.exe" -on "C:\Program Files\WindowsApps" -ot file -actn list -lst "f:sddl;w:d,s,o" -bckp "C:\Users\Admin\AppData\Local\Temp\Adobe Temp\regrights.bkp"
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:988
- C:\Users\Admin\AppData\Local\Temp\setup.exe
  "C:\Users\Admin\AppData\Local\Temp\setup.exe" -sfxwaitall:1 "C:\Users\Admin\AppData\Local\Temp\Adobe Temp\SetACL.exe" -on "C:\Program Files\WindowsApps" -ot file -actn setowner -ownr "n:OKUUPVQN\Admin"
  2⤵
  PID:2876
- - C:\Users\Admin\AppData\Local\Temp\Adobe Temp\SetACL.exe
    "C:\Users\Admin\AppData\Local\Temp\Adobe Temp\SetACL.exe" -on "C:\Program Files\WindowsApps" -ot file -actn setowner -ownr "n:OKUUPVQN\Admin"
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:3528
- C:\Users\Admin\AppData\Local\Temp\setup.exe
  "C:\Users\Admin\AppData\Local\Temp\setup.exe" -sfxwaitall:1 "TASKKILL" /f /im XD.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:948
- - C:\Windows\SysWOW64\taskkill.exe
    "C:\Windows\System32\taskkill.exe" /f /im XD.exe
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:2952
- C:\Users\Admin\AppData\Local\Temp\setup.exe
  "C:\Users\Admin\AppData\Local\Temp\setup.exe" -sfxwaitall:1 "C:\Users\Admin\AppData\Local\Temp\Adobe Temp\SetACL.exe" -on "C:\Program Files\WindowsApps" -ot file -actn ace -ace " "n:OKUUPVQN\Admin;p:full"
  2⤵
  PID:1724
- - C:\Users\Admin\AppData\Local\Temp\Adobe Temp\SetACL.exe
    "C:\Users\Admin\AppData\Local\Temp\Adobe Temp\SetACL.exe" -on "C:\Program Files\WindowsApps" -ot file -actn ace -ace " "n:OKUUPVQN\Admin;p:full"
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:1504
- C:\Users\Admin\AppData\Local\Temp\setup.exe
  "C:\Users\Admin\AppData\Local\Temp\setup.exe" -sfxwaitall:1 "rewrite.cmd"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2072
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Adobe Temp\rewrite.cmd" "
    3⤵
    PID:3084
- C:\Users\Admin\AppData\Local\Temp\setup.exe
  "C:\Users\Admin\AppData\Local\Temp\setup.exe" -sfxwaitall:1 "C:\Users\Admin\AppData\Local\Temp\Adobe Temp\SetACL.exe" -on "C:\Program Files\WindowsApps" -ot file -actn restore -bckp "C:\Users\Admin\AppData\Local\Temp\Adobe Temp\regrights.bkp"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3656
- - C:\Users\Admin\AppData\Local\Temp\Adobe Temp\SetACL.exe
    "C:\Users\Admin\AppData\Local\Temp\Adobe Temp\SetACL.exe" -on "C:\Program Files\WindowsApps" -ot file -actn restore -bckp "C:\Users\Admin\AppData\Local\Temp\Adobe Temp\regrights.bkp"
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:5116

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2356

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4340

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Adobe Temp\BlockIPs.cmd

Filesize
2KB

MD5
70532eba6100358f5ba7620d9b2a0843

SHA1
39d9789b2b5d130e4e36f80ac9211554eb1e06a4

SHA256
5259badc06ba77606c3c01a54ceab7175c3a237668d3eabb4445c38fe6cd9998

SHA512
58a7076cc0137ef2a6d41475f1063396e98461958b59a8d804c61cc5e59c08b838f55cc2c4596363aeccd0278ee24323c6404555013ee054f7cfcc5005bf5269

Download Submit
C:\Users\Admin\AppData\Local\Temp\Adobe Temp\SetACL.exe

Filesize
446KB

MD5
585469f5f4871c02cc09cafa250d4251

SHA1
bbe610009c2b1e44a4cc8ab59cbaf5ff7607aaa1

SHA256
55ecd80cb9067ee166e183a92444b65fe3f97f9469060ded4cd2ef6fdf61d748

SHA512
54fe6646ba6a00a28354e5009e644a86a8244f8405f56b5a2f6471997078f1d9effdf38e6b6600d8ec19a5f2d23fa2765ccd231e4b0040dbbf3638884bb5008d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Adobe Temp\dnsx.exe

Filesize
5.2MB

MD5
47c028f041c83817250e3d49126a8c88

SHA1
90d6227650262785364ed4443974aa564e177140

SHA256
9f7a353258017c04c5197379f5f5f6821e32712346c9ac4611313b2712805120

SHA512
fb825b00e8c482b08d975fc86bd3584ca8eeb492f29fe890ec0c5f0442f2aba13fc76461dba66c5cfd88979162a40d3726ac51f7764364dbc5741753c57f35f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Adobe Temp\hosts.txt

Filesize
112B

MD5
98e1a887639b906388d97005b3933289

SHA1
0f80732961b92ab0f17038759c9325d88bdb3ff0

SHA256
0f043637e9dcd4bc4d5db815f1aaf6b335e844f07454edd40fd97858d642910a

SHA512
52b705b16059053897e4bbae4c5a208ae661cd8636d1943784d9dd192e6ef4bcff7a14d62db7b166013ec23fea359f28ac2be4e02655c034100575a9d2832e14

Download Submit
C:\Users\Admin\AppData\Local\Temp\Adobe Temp\iplist_new.txt

Filesize
1KB

MD5
a224233bd926a61700ed10573ea03ce8

SHA1
e488c4df4f8dcdc55339204c3e71be10008883ac

SHA256
2269ae7fdc1a03b9b75536313289d249cc9c969da9e0ce9f1906c061710faed0

SHA512
1aaf6653a49ab9db04afd4d9ab95abe2d563a95ab32c694abdc000dcbde6b5f78d1afe4075e31e483ea28d48ef7099ddd243eac9ca5f0f597ab794f8ea3b1511

Download Submit
C:\Users\Admin\AppData\Local\Temp\Adobe Temp\pihole_new.txt

Filesize
27KB

MD5
9891139457690ff21a115079d19d6d3e

SHA1
373d1f2cd5fcf16f5dc717c5661c99262a71ecd1

SHA256
24b2b7a1f8823739e44f8bc0c495ce65dbd92b8e922e84e4f6b652fee8ea4f7b

SHA512
5839e80676608040171d3f8a56ca15ca71bc3ed742ad6d7f1a3f8696365a86ca80da0a2a62d3e8e01620885ba39bd7d133213a05667a039014d0a227cc9f5576

Download Submit
C:\Users\Admin\AppData\Local\Temp\Adobe Temp\regrights.bkp

Filesize
1KB

MD5
170cb538ac555436b9375d0ec5d4db3a

SHA1
9e594e48a78c4cb78df307015dd8292b18556e13

SHA256
87d446878296a5ace87a9d7346c4c1f2f23513ace43562095ffeff3b7fb710b8

SHA512
f4c8b6e0156705555e75e3f5754d244fd17b7e7063e3d8f96661701e49c481e3176daa469f99b62cb4f5373ba44912a05600816d01597e7e5007c6b2ba40ef14

Download Submit
C:\Users\Admin\AppData\Local\Temp\Adobe Temp\rewrite.cmd

Filesize
186B

MD5
9516f0352c17a93891d0237ca53cada7

SHA1
b3b50f2bc52d125a013c7d1c7149ceae3cd52651

SHA256
2a9b4ded879d8cce2cab4cde668ec5f26f055f5945422f38e16b0362b269e6a2

SHA512
2d0529a29f5ec9b569d9e25ad8e47c28b0e3cf8fcb937d712302fb3970416caca4576340ce045a353e5eb4b6234276e328abf987122375da5fc232faeff57584

Download Submit
C:\Users\Admin\AppData\Local\Temp\Adobe Temp\wget.exe

Filesize
651KB

MD5
b1f557bd6a97a95cff5dbcc55bf6e9bb

SHA1
7348f2a84e354748c08b6029b1fe328b181bf568

SHA256
a6093f8f40f90ad576b0463fb352318416ea24265d3e8f43d4f7f3723f7e7f77

SHA512
2a7c88d12f440bcfe1e1be359f80f10efa4a4464b738661a7ffec4bfeeed60ca90fed42a573532cea46d6a0b8447c7111f340845fdeeb048188a2ccb704d9e99

Download Submit
C:\Windows\System32\drivers\etc\hosts.new

Filesize
4KB

MD5
814e4c204511781ad4918ac5cead4003

SHA1
51d6b6f3456b5c36ddd378d77aa3f693ad098db0

SHA256
6e7297ab644cf2ec11b8d0f549a83592b8f860c8de2b9ca12c19c5ad028122a0

SHA512
da50cbdfb0333c058225bc4a887c95d8d3d5ab87a883b4681fd0c4b9691077c9dacc9b2030cd47a5ea6d228caabdf739f6683f7e2a3e4e16b604b4d3dc179a49

Download Submit
C:\Windows\System32\drivers\etc\hosts.new

Filesize
4KB

MD5
102dde68a1761da6802ba8daf594fadc

SHA1
b58f5fcb23f5eb96a7ea178a6718af46a16a66e1

SHA256
d6c6f76744f2a0e56c78229aa0ffc64bda47d2e7be2c04105f80a6b5b1bb4874

SHA512
dca31b2d9b69f0516ae824c174e6f792a4f3c0cc2215dab57a0a42f64002ec4fc0013a09792fe0b264486c3ef15e4900516e587c0046eab056925161405614c1

Download Submit
C:\Windows\System32\drivers\etc\hosts.new

Filesize
2KB

MD5
716ae9ba9a10e03b0dbe73df1e8376db

SHA1
3164af91884f4f3f490fd2d09b9bf3c7fd741e85

SHA256
91b738fb05f9f5d26c9109d08896e58c8a4a09b3571d59c328e1eab4bb06f604

SHA512
f618a87cb279289f0a9b27360c4c272b44f457bd8196e7ac05ed12dc9b440ef72ac0543f24207d8bb8a30fda122425a07af51da4e527b5b512e3a3e53794df63

Download Submit
memory/1392-23-0x00007FF7A0830000-0x00007FF7A08E2000-memory.dmp

Filesize
712KB

Download
memory/2356-32-0x000002D5C98D0000-0x000002D5C98D1000-memory.dmp

Filesize
4KB

Download
memory/2356-36-0x000002D5C98D0000-0x000002D5C98D1000-memory.dmp

Filesize
4KB

Download
memory/2356-37-0x000002D5C98D0000-0x000002D5C98D1000-memory.dmp

Filesize
4KB

Download
memory/2356-39-0x000002D5C98D0000-0x000002D5C98D1000-memory.dmp

Filesize
4KB

Download
memory/2356-40-0x000002D5C98D0000-0x000002D5C98D1000-memory.dmp

Filesize
4KB

Download
memory/2356-41-0x000002D5C98D0000-0x000002D5C98D1000-memory.dmp

Filesize
4KB

Download
memory/2356-42-0x000002D5C98D0000-0x000002D5C98D1000-memory.dmp

Filesize
4KB

Download
memory/2356-38-0x000002D5C98D0000-0x000002D5C98D1000-memory.dmp

Filesize
4KB

Download
memory/2356-31-0x000002D5C98D0000-0x000002D5C98D1000-memory.dmp

Filesize
4KB

Download
memory/2356-30-0x000002D5C98D0000-0x000002D5C98D1000-memory.dmp

Filesize
4KB

Download