Analysis
-
max time kernel
1s -
max time network
299s -
platform
windows10-1703_x64 -
resource
win10-20231215-en -
resource tags
-
submitted
08/01/2024, 04:48
General
-
Target
1b2832866f7313c37ffa80bb3370b158dbdcb09b421be3351f3b13179f1ffc91.exe
-
Size
1.7MB
-
MD5
ec112dd0d3616e5410e6dd1782a3687a
-
SHA1
0059fe5c1e2613907c756fe6babccf9020be15b9
-
SHA256
1b2832866f7313c37ffa80bb3370b158dbdcb09b421be3351f3b13179f1ffc91
-
SHA512
2198744aaf4d36c539a706114afb3f60215063065ada3727b9d4b91e16130c78250fbb4d3d9459a8ce7f20e4a31169bbcf1f6ae0e1afeda14044bf5f62bbb34b
-
SSDEEP
24576:rQa+rRep38knZGbO4oFya8ZbRxaiXvnEc3Suvb7sNPwEFfTPCRi4Vz:rZ+rRe3zn4ioa8ZbRMiXO07sNPwERWV
Score
10/10
Malware Config
Signatures
-
Detect ZGRat V1 3 IoCs
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Drops file in Program Files directory 7 IoCs
-
Drops file in Windows directory 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 1 IoCs
-
Runs ping.exe 1 TTPs 12 IoCs
-
Suspicious behavior: EnumeratesProcesses 63 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 12 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1b2832866f7313c37ffa80bb3370b158dbdcb09b421be3351f3b13179f1ffc91.exe"C:\Users\Admin\AppData\Local\Temp\1b2832866f7313c37ffa80bb3370b158dbdcb09b421be3351f3b13179f1ffc91.exe"1⤵
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\1TRESVL8HQ.bat"2⤵
-
C:\Windows\system32\chcp.comchcp 650013⤵
-
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:23⤵
-
-
C:\Program Files\Windows Photo Viewer\it-IT\1b2832866f7313c37ffa80bb3370b158dbdcb09b421be3351f3b13179f1ffc91.exe"C:\Program Files\Windows Photo Viewer\it-IT\1b2832866f7313c37ffa80bb3370b158dbdcb09b421be3351f3b13179f1ffc91.exe"3⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\Mm147yiIR6.bat"4⤵
-
C:\Program Files\Windows Photo Viewer\it-IT\1b2832866f7313c37ffa80bb3370b158dbdcb09b421be3351f3b13179f1ffc91.exe"C:\Program Files\Windows Photo Viewer\it-IT\1b2832866f7313c37ffa80bb3370b158dbdcb09b421be3351f3b13179f1ffc91.exe"5⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\PL6j2OtN4A.bat"6⤵
-
C:\Program Files\Windows Photo Viewer\it-IT\1b2832866f7313c37ffa80bb3370b158dbdcb09b421be3351f3b13179f1ffc91.exe"C:\Program Files\Windows Photo Viewer\it-IT\1b2832866f7313c37ffa80bb3370b158dbdcb09b421be3351f3b13179f1ffc91.exe"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\xwNL0dL8Yn.bat"8⤵
-
C:\Program Files\Windows Photo Viewer\it-IT\1b2832866f7313c37ffa80bb3370b158dbdcb09b421be3351f3b13179f1ffc91.exe"C:\Program Files\Windows Photo Viewer\it-IT\1b2832866f7313c37ffa80bb3370b158dbdcb09b421be3351f3b13179f1ffc91.exe"9⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\bGxgnDDQjz.bat"10⤵
-
C:\Program Files\Windows Photo Viewer\it-IT\1b2832866f7313c37ffa80bb3370b158dbdcb09b421be3351f3b13179f1ffc91.exe"C:\Program Files\Windows Photo Viewer\it-IT\1b2832866f7313c37ffa80bb3370b158dbdcb09b421be3351f3b13179f1ffc91.exe"11⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\tXcZTVakCz.bat"12⤵
-
C:\Program Files\Windows Photo Viewer\it-IT\1b2832866f7313c37ffa80bb3370b158dbdcb09b421be3351f3b13179f1ffc91.exe"C:\Program Files\Windows Photo Viewer\it-IT\1b2832866f7313c37ffa80bb3370b158dbdcb09b421be3351f3b13179f1ffc91.exe"13⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\obc5AEC9X1.bat"14⤵
-
C:\Program Files\Windows Photo Viewer\it-IT\1b2832866f7313c37ffa80bb3370b158dbdcb09b421be3351f3b13179f1ffc91.exe"C:\Program Files\Windows Photo Viewer\it-IT\1b2832866f7313c37ffa80bb3370b158dbdcb09b421be3351f3b13179f1ffc91.exe"15⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\F0LTC0kP2O.bat"16⤵
-
C:\Program Files\Windows Photo Viewer\it-IT\1b2832866f7313c37ffa80bb3370b158dbdcb09b421be3351f3b13179f1ffc91.exe"C:\Program Files\Windows Photo Viewer\it-IT\1b2832866f7313c37ffa80bb3370b158dbdcb09b421be3351f3b13179f1ffc91.exe"17⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\9RMekxjZd4.bat"18⤵
-
C:\Program Files\Windows Photo Viewer\it-IT\1b2832866f7313c37ffa80bb3370b158dbdcb09b421be3351f3b13179f1ffc91.exe"C:\Program Files\Windows Photo Viewer\it-IT\1b2832866f7313c37ffa80bb3370b158dbdcb09b421be3351f3b13179f1ffc91.exe"19⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\KCzYbro9FO.bat"20⤵
-
C:\Program Files\Windows Photo Viewer\it-IT\1b2832866f7313c37ffa80bb3370b158dbdcb09b421be3351f3b13179f1ffc91.exe"C:\Program Files\Windows Photo Viewer\it-IT\1b2832866f7313c37ffa80bb3370b158dbdcb09b421be3351f3b13179f1ffc91.exe"21⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\PL6j2OtN4A.bat"22⤵
-
C:\Program Files\Windows Photo Viewer\it-IT\1b2832866f7313c37ffa80bb3370b158dbdcb09b421be3351f3b13179f1ffc91.exe"C:\Program Files\Windows Photo Viewer\it-IT\1b2832866f7313c37ffa80bb3370b158dbdcb09b421be3351f3b13179f1ffc91.exe"23⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\Mm147yiIR6.bat"24⤵
-
C:\Program Files\Windows Photo Viewer\it-IT\1b2832866f7313c37ffa80bb3370b158dbdcb09b421be3351f3b13179f1ffc91.exe"C:\Program Files\Windows Photo Viewer\it-IT\1b2832866f7313c37ffa80bb3370b158dbdcb09b421be3351f3b13179f1ffc91.exe"25⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\NwF62sylTc.bat"26⤵
-
C:\Program Files\Windows Photo Viewer\it-IT\1b2832866f7313c37ffa80bb3370b158dbdcb09b421be3351f3b13179f1ffc91.exe"C:\Program Files\Windows Photo Viewer\it-IT\1b2832866f7313c37ffa80bb3370b158dbdcb09b421be3351f3b13179f1ffc91.exe"27⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\DPJyftqFqg.bat"28⤵
-
C:\Program Files\Windows Photo Viewer\it-IT\1b2832866f7313c37ffa80bb3370b158dbdcb09b421be3351f3b13179f1ffc91.exe"C:\Program Files\Windows Photo Viewer\it-IT\1b2832866f7313c37ffa80bb3370b158dbdcb09b421be3351f3b13179f1ffc91.exe"29⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\XH0MsH7jVO.bat"30⤵
-
C:\Program Files\Windows Photo Viewer\it-IT\1b2832866f7313c37ffa80bb3370b158dbdcb09b421be3351f3b13179f1ffc91.exe"C:\Program Files\Windows Photo Viewer\it-IT\1b2832866f7313c37ffa80bb3370b158dbdcb09b421be3351f3b13179f1ffc91.exe"31⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\iDn8Em9rir.bat"32⤵
-
C:\Program Files\Windows Photo Viewer\it-IT\1b2832866f7313c37ffa80bb3370b158dbdcb09b421be3351f3b13179f1ffc91.exe"C:\Program Files\Windows Photo Viewer\it-IT\1b2832866f7313c37ffa80bb3370b158dbdcb09b421be3351f3b13179f1ffc91.exe"33⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\TJ33xL03Hm.bat"34⤵
-
C:\Program Files\Windows Photo Viewer\it-IT\1b2832866f7313c37ffa80bb3370b158dbdcb09b421be3351f3b13179f1ffc91.exe"C:\Program Files\Windows Photo Viewer\it-IT\1b2832866f7313c37ffa80bb3370b158dbdcb09b421be3351f3b13179f1ffc91.exe"35⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\DPJyftqFqg.bat"36⤵
-
C:\Program Files\Windows Photo Viewer\it-IT\1b2832866f7313c37ffa80bb3370b158dbdcb09b421be3351f3b13179f1ffc91.exe"C:\Program Files\Windows Photo Viewer\it-IT\1b2832866f7313c37ffa80bb3370b158dbdcb09b421be3351f3b13179f1ffc91.exe"37⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\sZYO5BIqkd.bat"38⤵
-
C:\Program Files\Windows Photo Viewer\it-IT\1b2832866f7313c37ffa80bb3370b158dbdcb09b421be3351f3b13179f1ffc91.exe"C:\Program Files\Windows Photo Viewer\it-IT\1b2832866f7313c37ffa80bb3370b158dbdcb09b421be3351f3b13179f1ffc91.exe"39⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\m0aad8I0LJ.bat"40⤵
-
C:\Program Files\Windows Photo Viewer\it-IT\1b2832866f7313c37ffa80bb3370b158dbdcb09b421be3351f3b13179f1ffc91.exe"C:\Program Files\Windows Photo Viewer\it-IT\1b2832866f7313c37ffa80bb3370b158dbdcb09b421be3351f3b13179f1ffc91.exe"41⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\Z6jdsJyxgU.bat"42⤵
-
C:\Program Files\Windows Photo Viewer\it-IT\1b2832866f7313c37ffa80bb3370b158dbdcb09b421be3351f3b13179f1ffc91.exe"C:\Program Files\Windows Photo Viewer\it-IT\1b2832866f7313c37ffa80bb3370b158dbdcb09b421be3351f3b13179f1ffc91.exe"43⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\PL6j2OtN4A.bat"44⤵
-
C:\Program Files\Windows Photo Viewer\it-IT\1b2832866f7313c37ffa80bb3370b158dbdcb09b421be3351f3b13179f1ffc91.exe"C:\Program Files\Windows Photo Viewer\it-IT\1b2832866f7313c37ffa80bb3370b158dbdcb09b421be3351f3b13179f1ffc91.exe"45⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\PL6j2OtN4A.bat"46⤵
-
C:\Program Files\Windows Photo Viewer\it-IT\1b2832866f7313c37ffa80bb3370b158dbdcb09b421be3351f3b13179f1ffc91.exe"C:\Program Files\Windows Photo Viewer\it-IT\1b2832866f7313c37ffa80bb3370b158dbdcb09b421be3351f3b13179f1ffc91.exe"47⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\tXcZTVakCz.bat"48⤵
-
C:\Program Files\Windows Photo Viewer\it-IT\1b2832866f7313c37ffa80bb3370b158dbdcb09b421be3351f3b13179f1ffc91.exe"C:\Program Files\Windows Photo Viewer\it-IT\1b2832866f7313c37ffa80bb3370b158dbdcb09b421be3351f3b13179f1ffc91.exe"49⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\PL6j2OtN4A.bat"50⤵
-
C:\Program Files\Windows Photo Viewer\it-IT\1b2832866f7313c37ffa80bb3370b158dbdcb09b421be3351f3b13179f1ffc91.exe"C:\Program Files\Windows Photo Viewer\it-IT\1b2832866f7313c37ffa80bb3370b158dbdcb09b421be3351f3b13179f1ffc91.exe"51⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\nBkS9jGYwT.bat"52⤵
-
C:\Program Files\Windows Photo Viewer\it-IT\1b2832866f7313c37ffa80bb3370b158dbdcb09b421be3351f3b13179f1ffc91.exe"C:\Program Files\Windows Photo Viewer\it-IT\1b2832866f7313c37ffa80bb3370b158dbdcb09b421be3351f3b13179f1ffc91.exe"53⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\S8tBRk2Vgc.bat"54⤵
-
C:\Program Files\Windows Photo Viewer\it-IT\1b2832866f7313c37ffa80bb3370b158dbdcb09b421be3351f3b13179f1ffc91.exe"C:\Program Files\Windows Photo Viewer\it-IT\1b2832866f7313c37ffa80bb3370b158dbdcb09b421be3351f3b13179f1ffc91.exe"55⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\Ws9jrlB8vq.bat"56⤵
-
C:\Program Files\Windows Photo Viewer\it-IT\1b2832866f7313c37ffa80bb3370b158dbdcb09b421be3351f3b13179f1ffc91.exe"C:\Program Files\Windows Photo Viewer\it-IT\1b2832866f7313c37ffa80bb3370b158dbdcb09b421be3351f3b13179f1ffc91.exe"57⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\OAwrWovpT0.bat"58⤵
-
C:\Program Files\Windows Photo Viewer\it-IT\1b2832866f7313c37ffa80bb3370b158dbdcb09b421be3351f3b13179f1ffc91.exe"C:\Program Files\Windows Photo Viewer\it-IT\1b2832866f7313c37ffa80bb3370b158dbdcb09b421be3351f3b13179f1ffc91.exe"59⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\v8e4zbUuNh.bat"60⤵
-
C:\Program Files\Windows Photo Viewer\it-IT\1b2832866f7313c37ffa80bb3370b158dbdcb09b421be3351f3b13179f1ffc91.exe"C:\Program Files\Windows Photo Viewer\it-IT\1b2832866f7313c37ffa80bb3370b158dbdcb09b421be3351f3b13179f1ffc91.exe"61⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\6sHyqWYU01.bat"62⤵
-
C:\Program Files\Windows Photo Viewer\it-IT\1b2832866f7313c37ffa80bb3370b158dbdcb09b421be3351f3b13179f1ffc91.exe"C:\Program Files\Windows Photo Viewer\it-IT\1b2832866f7313c37ffa80bb3370b158dbdcb09b421be3351f3b13179f1ffc91.exe"63⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\sZYO5BIqkd.bat"64⤵
-
C:\Program Files\Windows Photo Viewer\it-IT\1b2832866f7313c37ffa80bb3370b158dbdcb09b421be3351f3b13179f1ffc91.exe"C:\Program Files\Windows Photo Viewer\it-IT\1b2832866f7313c37ffa80bb3370b158dbdcb09b421be3351f3b13179f1ffc91.exe"65⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\obc5AEC9X1.bat"66⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:28⤵
-
-
C:\Windows\system32\chcp.comchcp 650018⤵
-
-
-
-
-
-
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\7-Zip\Lang\ApplicationFrameHost.exe'2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\PolicyDefinitions\fr-FR\ApplicationFrameHost.exe'2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\WindowsRE\smss.exe'2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Windows Photo Viewer\it-IT\1b2832866f7313c37ffa80bb3370b158dbdcb09b421be3351f3b13179f1ffc91.exe'2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Windows Defender\fr-FR\dwm.exe'2⤵
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost1⤵
- Runs ping.exe
-
C:\Windows\system32\chcp.comchcp 650011⤵
-
C:\Windows\system32\chcp.comchcp 650011⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:21⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:21⤵
-
C:\Windows\system32\chcp.comchcp 650011⤵
-
C:\Windows\system32\PING.EXEping -n 10 localhost1⤵
- Runs ping.exe
-
C:\Windows\system32\chcp.comchcp 650011⤵
-
C:\Windows\system32\PING.EXEping -n 10 localhost2⤵
- Runs ping.exe
-
-
C:\Windows\system32\chcp.comchcp 650012⤵
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost1⤵
- Runs ping.exe
-
C:\Windows\system32\PING.EXEping -n 10 localhost2⤵
- Runs ping.exe
-
-
C:\Windows\system32\chcp.comchcp 650012⤵
-
-
C:\Windows\system32\chcp.comchcp 650011⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:21⤵
-
C:\Windows\system32\chcp.comchcp 650011⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:21⤵
-
C:\Windows\system32\chcp.comchcp 650011⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:21⤵
-
C:\Windows\system32\chcp.comchcp 650011⤵
-
C:\Windows\system32\chcp.comchcp 650011⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:21⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:21⤵
-
C:\Windows\system32\chcp.comchcp 650012⤵
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost2⤵
- Runs ping.exe
-
-
C:\Windows\system32\chcp.comchcp 650011⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:21⤵
-
C:\Windows\system32\chcp.comchcp 650011⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:21⤵
-
C:\Windows\system32\chcp.comchcp 650011⤵
-
C:\Windows\system32\PING.EXEping -n 10 localhost1⤵
- Runs ping.exe
-
C:\Windows\system32\chcp.comchcp 650011⤵
-
C:\Windows\system32\PING.EXEping -n 10 localhost1⤵
- Runs ping.exe
-
C:\Windows\system32\chcp.comchcp 650011⤵
-
C:\Windows\system32\PING.EXEping -n 10 localhost1⤵
- Runs ping.exe
-
C:\Windows\system32\chcp.comchcp 650011⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:21⤵
-
C:\Windows\system32\chcp.comchcp 650011⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:21⤵
-
C:\Windows\system32\chcp.comchcp 650011⤵
-
C:\Windows\system32\PING.EXEping -n 10 localhost1⤵
- Runs ping.exe
-
C:\Windows\system32\chcp.comchcp 650011⤵
-
C:\Windows\system32\chcp.comchcp 650011⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:21⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:21⤵
-
C:\Windows\system32\chcp.comchcp 650011⤵
-
C:\Windows\system32\chcp.comchcp 650011⤵
-
C:\Windows\system32\PING.EXEping -n 10 localhost1⤵
- Runs ping.exe
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:21⤵
-
C:\Windows\system32\chcp.comchcp 650011⤵
-
C:\Windows\system32\PING.EXEping -n 10 localhost1⤵
- Runs ping.exe
-
C:\Windows\system32\chcp.comchcp 650011⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:22⤵
-
-
C:\Windows\system32\chcp.comchcp 650012⤵
-
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:21⤵
-
C:\Windows\system32\chcp.comchcp 650011⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:21⤵
-
C:\Windows\system32\chcp.comchcp 650011⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:21⤵
-
C:\Windows\system32\chcp.comchcp 650011⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:21⤵
-
C:\Windows\system32\chcp.comchcp 650011⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
179KB
MD53e545af2b1bee09f467bd4ead22ab612
SHA1f79d5ca8a88fa11a2bef143f51803cb461935c18
SHA25623774d273562b47489f863cd8e632e3b2574c8ce8fd9a28de242036ad586cda5
SHA512aed61198d6b51ae5f4ee19e95cb479865dbb97d374c3ceb4e55477a5a189f34bbf84609f5881b0a3abf791418275bada4e6ae7f9ef35dad513bd5d0824b59ef5
-
Filesize
227KB
MD51842a070a0a5a216ae62535d4340e021
SHA1f0f2654c081a6c946c055c1dba584f65c6d14817
SHA25645ce8ecb659badc5d01f00dcfc6106434c739ea12a8b1644b53da40ba7caf77f
SHA5120dfe9718cbb3b199f0ef148932116c62fd32a16afb408c24d2070b40fe6316eef02174d40656ccc6ce5049844ce1bf5c0c1cbbc16de1a4f6d3a85e873f32177e
-
Filesize
240B
MD52601aab8e58db23fbfa7b56751389710
SHA1774e5ba6f068baca6a1a0295514f0fc0ca602124
SHA2565b77e6c03d9db8ead367921212bcbff2df99f7f05f35a80e3ed6181f11351cdd
SHA512aa2996ee92af12a969b8330ce788182492ed07636787e587ebe939104c328e2fc0bf38dd349eeaa9cb8f26421a643a1addb7667c56ff91df0c5837c7ee85898c
-
Filesize
9.9MB
-
Filesize
64KB
-
Filesize
472KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
9.9MB
-
Filesize
9.9MB
-
Filesize
9.9MB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
9.9MB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
9.9MB
-
Filesize
9.9MB
-
Filesize
4KB
-
Filesize
64KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
64KB
-
Filesize
136KB
-
Filesize
9.9MB
-
Filesize
9.9MB
-
Filesize
64KB
-
Filesize
9.9MB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
9.9MB
-
Filesize
64KB
-
Filesize
9.9MB
-
Filesize
64KB
-
Filesize
9.9MB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
9.9MB
-
Filesize
64KB
-
Filesize
1.8MB
-
Filesize
4KB
-
Filesize
9.9MB
-
Filesize
4KB
-
Filesize
9.9MB
-
Filesize
56KB
-
Filesize
64KB
-
Filesize
4KB
-
Filesize
64KB
-
Filesize
48KB
-
Filesize
48KB
-
Filesize
4KB
-
Filesize
56KB
-
Filesize
64KB
-
Filesize
4KB
-
Filesize
64KB
-
Filesize
9.9MB
-
Filesize
9.9MB
-
Filesize
64KB
-
Filesize
4KB