Analysis Overview
SHA256
540a9d2c26aa115b2ff9de27cc5a9dd5f2e18b3e23a2ec2d940b0b8bc046d8a3
Threat Level: Shows suspicious behavior
The file NicoVirus.rar was found to be: Shows suspicious behavior.
Malicious Activity Summary
Checks computer location settings
Sets desktop wallpaper using registry
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Modifies Internet Explorer settings
Suspicious behavior: AddClipboardFormatListener
Suspicious use of SetWindowsHookEx
Suspicious use of FindShellTrayWindow
Suspicious use of AdjustPrivilegeToken
Runs ping.exe
Suspicious behavior: CmdExeWriteProcessMemorySpam
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-10 23:40
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-10 23:40
Reported
2024-06-10 23:44
Platform
win7-20240221-en
Max time kernel
210s
Max time network
123s
Command Line
Signatures
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\NicoVirus\\f.jpg" | C:\Windows\system32\reg.exe | N/A |
Enumerates physical storage devices
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\ONBttnIE.dll/105" | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Contexts = "55" | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Contexts = "1" | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\ShowDiscussionButton = "Yes" | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\EXCEL.EXE/3000" | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\MenuExt | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
Runs ping.exe
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
Suspicious behavior: CmdExeWriteProcessMemorySpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\NicoVirus.rar
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\NicoVirus.rar"
C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\Desktop\NicoVirus\NicoVirus.bat" "
C:\Windows\system32\reg.exe
reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v Wallpaper /t REG_SZ /d "C:\Users\Admin\Desktop\NicoVirus\f.jpg" /f
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE"
C:\Windows\system32\cmd.exe
cmd
C:\Windows\explorer.exe
explorer
C:\Windows\system32\control.exe
control
C:\Windows\system32\calc.exe
calc
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE"
C:\Windows\system32\cmd.exe
cmd
C:\Windows\explorer.exe
explorer
C:\Windows\system32\control.exe
control
C:\Windows\system32\calc.exe
calc
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE"
C:\Windows\system32\cmd.exe
cmd
C:\Windows\explorer.exe
explorer
C:\Windows\system32\control.exe
control
C:\Windows\system32\calc.exe
calc
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE"
C:\Windows\system32\cmd.exe
cmd
C:\Windows\explorer.exe
explorer
C:\Windows\system32\control.exe
control
C:\Windows\system32\calc.exe
calc
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE"
C:\Windows\system32\cmd.exe
cmd
C:\Windows\explorer.exe
explorer
C:\Windows\system32\control.exe
control
C:\Windows\system32\calc.exe
calc
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE"
C:\Windows\system32\cmd.exe
cmd
C:\Windows\explorer.exe
explorer
C:\Windows\system32\control.exe
control
C:\Windows\system32\calc.exe
calc
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE"
C:\Windows\system32\cmd.exe
cmd
C:\Windows\explorer.exe
explorer
C:\Windows\system32\control.exe
control
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-918897359-336320139-69566449-742567630-592525541-113370492-1948333373-1222851187"
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
Network
Files
C:\Users\Admin\Desktop\NicoVirus\NicoVirus.bat
| MD5 | d0502e79eb346e37f4bda5d0ce2fb53a |
| SHA1 | 23d9ae0e4a7407c3a3fa420776b6db2bef6dc9e4 |
| SHA256 | 25e7c55a59d3d9fec976fc6dc401cbe6cb35bc57b9cd3e912b07551765aafdc3 |
| SHA512 | ce2bfc97a89540ae8ff8ab5bf2acd85f0d4d5206f0c35922dd6bc50b08f666f306b9f8baed755040a8b4fb4e950629e305d2e1f3647fc1d6c0d7bddf89270789 |
memory/1728-126-0x000000005FFF0000-0x0000000060000000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Office\MSO1033.acl
| MD5 | ab8b3722b43b32b80f77086bcbfcf8fc |
| SHA1 | 8a1fc3beab9199e51ee347949f4f2699892a88bb |
| SHA256 | a33948b1e10e18c2d021c4cdd1223fbb981d925e8dce6388011fba4bed2d3410 |
| SHA512 | 39988023daf46b3fda15a2df3914576ecfe4baf501b3d203f390e7f8e1d33380c5f310fe47b582c430a54e3b3142c796331010b14538fefae0a9a49d6c72ca00 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-10 23:40
Reported
2024-06-10 23:43
Platform
win10v2004-20240426-en
Max time kernel
147s
Max time network
150s
Command Line
Signatures
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\cmd.exe | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\NicoVirus\\f.jpg" | C:\Windows\system32\reg.exe | N/A |
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Runs ping.exe
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\NicoVirus.rar
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\NicoVirus.rar"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\NicoVirus\NicoVirus.bat" "
C:\Windows\system32\reg.exe
reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v Wallpaper /t REG_SZ /d "C:\Users\Admin\Desktop\NicoVirus\f.jpg" /f
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE"
C:\Windows\system32\cmd.exe
cmd
C:\Windows\explorer.exe
explorer
C:\Windows\system32\control.exe
control
C:\Windows\system32\calc.exe
calc
C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE"
C:\Windows\system32\cmd.exe
cmd
C:\Windows\explorer.exe
explorer
C:\Windows\system32\control.exe
control
C:\Windows\system32\calc.exe
calc
C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE"
C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
C:\Windows\system32\cmd.exe
cmd
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\explorer.exe
explorer
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\control.exe
control
C:\Windows\system32\calc.exe
calc
C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE"
C:\Windows\system32\cmd.exe
cmd
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\explorer.exe
explorer
C:\Windows\system32\control.exe
control
C:\Windows\system32\calc.exe
calc
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE"
C:\Windows\system32\cmd.exe
cmd
C:\Windows\explorer.exe
explorer
C:\Windows\system32\control.exe
control
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\cmd.exe
cmd
C:\Windows\explorer.exe
explorer
C:\Windows\system32\control.exe
control
C:\Windows\system32\calc.exe
calc
C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE"
C:\Windows\system32\cmd.exe
cmd
C:\Windows\explorer.exe
explorer
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\control.exe
control
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
C:\Windows\system32\PING.EXE
ping -n 10000 localhost
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | roaming.officeapps.live.com | udp |
| GB | 52.109.28.47:443 | roaming.officeapps.live.com | tcp |
| US | 8.8.8.8:53 | 97.32.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.28.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.141.182.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | metadata.templates.cdn.office.net | udp |
| BE | 88.221.83.210:443 | metadata.templates.cdn.office.net | tcp |
| US | 8.8.8.8:53 | binaries.templates.cdn.office.net | udp |
| US | 2.17.251.32:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.32:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.32:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.32:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.32:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.32:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.32:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.32:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.32:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.32:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.32:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.32:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.32:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.32:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.32:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.32:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.32:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.32:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.32:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.32:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.32:443 | binaries.templates.cdn.office.net | tcp |
| US | 8.8.8.8:53 | 210.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.251.17.2.in-addr.arpa | udp |
Files
C:\Users\Admin\Desktop\NicoVirus\NicoVirus.bat
| MD5 | d0502e79eb346e37f4bda5d0ce2fb53a |
| SHA1 | 23d9ae0e4a7407c3a3fa420776b6db2bef6dc9e4 |
| SHA256 | 25e7c55a59d3d9fec976fc6dc401cbe6cb35bc57b9cd3e912b07551765aafdc3 |
| SHA512 | ce2bfc97a89540ae8ff8ab5bf2acd85f0d4d5206f0c35922dd6bc50b08f666f306b9f8baed755040a8b4fb4e950629e305d2e1f3647fc1d6c0d7bddf89270789 |
memory/5052-5-0x00007FF7CD3F0000-0x00007FF7CD400000-memory.dmp
memory/5052-8-0x00007FF7CD3F0000-0x00007FF7CD400000-memory.dmp
memory/5052-9-0x00007FF7CD3F0000-0x00007FF7CD400000-memory.dmp
memory/5052-7-0x00007FF7CD3F0000-0x00007FF7CD400000-memory.dmp
memory/5052-6-0x00007FF7CD3F0000-0x00007FF7CD400000-memory.dmp
memory/5052-10-0x00007FF7CB1E0000-0x00007FF7CB1F0000-memory.dmp
memory/5052-19-0x00007FF7CB1E0000-0x00007FF7CB1F0000-memory.dmp
memory/4156-32-0x00007FF7CD3F0000-0x00007FF7CD400000-memory.dmp
memory/4156-31-0x00007FF7CD3F0000-0x00007FF7CD400000-memory.dmp
memory/4156-34-0x00007FF7CD3F0000-0x00007FF7CD400000-memory.dmp
memory/4156-33-0x00007FF7CD3F0000-0x00007FF7CD400000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\TCD735D.tmp\iso690.xsl
| MD5 | ff0e07eff1333cdf9fc2523d323dd654 |
| SHA1 | 77a1ae0dd8dbc3fee65dd6266f31e2a564d088a4 |
| SHA256 | 3f925e0cc1542f09de1f99060899eafb0042bb9682507c907173c392115a44b5 |
| SHA512 | b4615f995fab87661c2dbe46625aa982215d7bde27cafae221dca76087fe76da4b4a381943436fcac1577cb3d260d0050b32b7b93e3eb07912494429f126bb3d |