Malware Analysis Report

2025-01-03 08:32

Sample ID 240610-3n8zzswckj
Target NicoVirus.rar
SHA256 540a9d2c26aa115b2ff9de27cc5a9dd5f2e18b3e23a2ec2d940b0b8bc046d8a3
Tags
ransomware
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

540a9d2c26aa115b2ff9de27cc5a9dd5f2e18b3e23a2ec2d940b0b8bc046d8a3

Threat Level: Shows suspicious behavior

The file NicoVirus.rar was found to be: Shows suspicious behavior.

Malicious Activity Summary

ransomware

Checks computer location settings

Sets desktop wallpaper using registry

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Modifies Internet Explorer settings

Suspicious behavior: AddClipboardFormatListener

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

Suspicious use of AdjustPrivilegeToken

Runs ping.exe

Suspicious behavior: CmdExeWriteProcessMemorySpam

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-10 23:40

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-10 23:40

Reported

2024-06-10 23:44

Platform

win7-20240221-en

Max time kernel

210s

Max time network

123s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\NicoVirus.rar

Signatures

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\NicoVirus\\f.jpg" C:\Windows\system32\reg.exe N/A

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\ONBttnIE.dll/105" C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Contexts = "55" C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Contexts = "1" C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\ShowDiscussionButton = "Yes" C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\EXCEL.EXE/3000" C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\MenuExt C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1284 wrote to memory of 2668 N/A C:\Windows\system32\cmd.exe C:\Program Files\7-Zip\7zFM.exe
PID 1284 wrote to memory of 2668 N/A C:\Windows\system32\cmd.exe C:\Program Files\7-Zip\7zFM.exe
PID 1284 wrote to memory of 2668 N/A C:\Windows\system32\cmd.exe C:\Program Files\7-Zip\7zFM.exe
PID 1004 wrote to memory of 572 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 1004 wrote to memory of 572 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 1004 wrote to memory of 572 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 1004 wrote to memory of 1552 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\rundll32.exe
PID 1004 wrote to memory of 1552 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\rundll32.exe
PID 1004 wrote to memory of 1552 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\rundll32.exe
PID 1004 wrote to memory of 1728 N/A C:\Windows\system32\cmd.exe C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
PID 1004 wrote to memory of 1728 N/A C:\Windows\system32\cmd.exe C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
PID 1004 wrote to memory of 1728 N/A C:\Windows\system32\cmd.exe C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
PID 1004 wrote to memory of 1728 N/A C:\Windows\system32\cmd.exe C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
PID 1004 wrote to memory of 2188 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 1004 wrote to memory of 2188 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 1004 wrote to memory of 2188 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 1004 wrote to memory of 920 N/A C:\Windows\system32\cmd.exe C:\Windows\explorer.exe
PID 1004 wrote to memory of 920 N/A C:\Windows\system32\cmd.exe C:\Windows\explorer.exe
PID 1004 wrote to memory of 920 N/A C:\Windows\system32\cmd.exe C:\Windows\explorer.exe
PID 1004 wrote to memory of 1608 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\control.exe
PID 1004 wrote to memory of 1608 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\control.exe
PID 1004 wrote to memory of 1608 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\control.exe
PID 1004 wrote to memory of 2492 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\calc.exe
PID 1004 wrote to memory of 2492 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\calc.exe
PID 1004 wrote to memory of 2492 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\calc.exe
PID 1004 wrote to memory of 1984 N/A C:\Windows\system32\cmd.exe C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
PID 1004 wrote to memory of 1984 N/A C:\Windows\system32\cmd.exe C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
PID 1004 wrote to memory of 1984 N/A C:\Windows\system32\cmd.exe C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
PID 1004 wrote to memory of 1984 N/A C:\Windows\system32\cmd.exe C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
PID 1004 wrote to memory of 2636 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 1004 wrote to memory of 2636 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 1004 wrote to memory of 2636 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 1004 wrote to memory of 2372 N/A C:\Windows\system32\cmd.exe C:\Windows\explorer.exe
PID 1004 wrote to memory of 2372 N/A C:\Windows\system32\cmd.exe C:\Windows\explorer.exe
PID 1004 wrote to memory of 2372 N/A C:\Windows\system32\cmd.exe C:\Windows\explorer.exe
PID 1004 wrote to memory of 1920 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\control.exe
PID 1004 wrote to memory of 1920 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\control.exe
PID 1004 wrote to memory of 1920 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\control.exe
PID 1004 wrote to memory of 2216 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\calc.exe
PID 1004 wrote to memory of 2216 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\calc.exe
PID 1004 wrote to memory of 2216 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\calc.exe
PID 1004 wrote to memory of 2104 N/A C:\Windows\system32\cmd.exe C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
PID 1004 wrote to memory of 2104 N/A C:\Windows\system32\cmd.exe C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
PID 1004 wrote to memory of 2104 N/A C:\Windows\system32\cmd.exe C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
PID 1004 wrote to memory of 2104 N/A C:\Windows\system32\cmd.exe C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
PID 1004 wrote to memory of 1948 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 1004 wrote to memory of 1948 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 1004 wrote to memory of 1948 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 1004 wrote to memory of 2064 N/A C:\Windows\system32\cmd.exe C:\Windows\explorer.exe
PID 1004 wrote to memory of 2064 N/A C:\Windows\system32\cmd.exe C:\Windows\explorer.exe
PID 1004 wrote to memory of 2064 N/A C:\Windows\system32\cmd.exe C:\Windows\explorer.exe
PID 1004 wrote to memory of 608 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\control.exe
PID 1004 wrote to memory of 608 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\control.exe
PID 1004 wrote to memory of 608 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\control.exe
PID 1004 wrote to memory of 1532 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\calc.exe
PID 1004 wrote to memory of 1532 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\calc.exe
PID 1004 wrote to memory of 1532 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\calc.exe
PID 1004 wrote to memory of 2520 N/A C:\Windows\system32\cmd.exe C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
PID 1004 wrote to memory of 2520 N/A C:\Windows\system32\cmd.exe C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
PID 1004 wrote to memory of 2520 N/A C:\Windows\system32\cmd.exe C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
PID 1004 wrote to memory of 2520 N/A C:\Windows\system32\cmd.exe C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
PID 1004 wrote to memory of 1444 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 1004 wrote to memory of 1444 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 1004 wrote to memory of 1444 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\NicoVirus.rar

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\NicoVirus.rar"

C:\Windows\system32\cmd.exe

cmd /c ""C:\Users\Admin\Desktop\NicoVirus\NicoVirus.bat" "

C:\Windows\system32\reg.exe

reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v Wallpaper /t REG_SZ /d "C:\Users\Admin\Desktop\NicoVirus\f.jpg" /f

C:\Windows\system32\rundll32.exe

RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters

C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE

"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE"

C:\Windows\system32\cmd.exe

cmd

C:\Windows\explorer.exe

explorer

C:\Windows\system32\control.exe

control

C:\Windows\system32\calc.exe

calc

C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE

"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE"

C:\Windows\system32\cmd.exe

cmd

C:\Windows\explorer.exe

explorer

C:\Windows\system32\control.exe

control

C:\Windows\system32\calc.exe

calc

C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE

"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE"

C:\Windows\system32\cmd.exe

cmd

C:\Windows\explorer.exe

explorer

C:\Windows\system32\control.exe

control

C:\Windows\system32\calc.exe

calc

C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE

"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE"

C:\Windows\system32\cmd.exe

cmd

C:\Windows\explorer.exe

explorer

C:\Windows\system32\control.exe

control

C:\Windows\system32\calc.exe

calc

C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE

"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE"

C:\Windows\system32\cmd.exe

cmd

C:\Windows\explorer.exe

explorer

C:\Windows\system32\control.exe

control

C:\Windows\system32\calc.exe

calc

C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE

"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE"

C:\Windows\system32\cmd.exe

cmd

C:\Windows\explorer.exe

explorer

C:\Windows\system32\control.exe

control

C:\Windows\system32\calc.exe

calc

C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE

"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE"

C:\Windows\system32\cmd.exe

cmd

C:\Windows\explorer.exe

explorer

C:\Windows\system32\control.exe

control

C:\Windows\system32\calc.exe

calc

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-918897359-336320139-69566449-742567630-592525541-113370492-1948333373-1222851187"

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

Network

N/A

Files

C:\Users\Admin\Desktop\NicoVirus\NicoVirus.bat

MD5 d0502e79eb346e37f4bda5d0ce2fb53a
SHA1 23d9ae0e4a7407c3a3fa420776b6db2bef6dc9e4
SHA256 25e7c55a59d3d9fec976fc6dc401cbe6cb35bc57b9cd3e912b07551765aafdc3
SHA512 ce2bfc97a89540ae8ff8ab5bf2acd85f0d4d5206f0c35922dd6bc50b08f666f306b9f8baed755040a8b4fb4e950629e305d2e1f3647fc1d6c0d7bddf89270789

memory/1728-126-0x000000005FFF0000-0x0000000060000000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Office\MSO1033.acl

MD5 ab8b3722b43b32b80f77086bcbfcf8fc
SHA1 8a1fc3beab9199e51ee347949f4f2699892a88bb
SHA256 a33948b1e10e18c2d021c4cdd1223fbb981d925e8dce6388011fba4bed2d3410
SHA512 39988023daf46b3fda15a2df3914576ecfe4baf501b3d203f390e7f8e1d33380c5f310fe47b582c430a54e3b3142c796331010b14538fefae0a9a49d6c72ca00

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-10 23:40

Reported

2024-06-10 23:43

Platform

win10v2004-20240426-en

Max time kernel

147s

Max time network

150s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\NicoVirus.rar

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation C:\Windows\system32\cmd.exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\NicoVirus\\f.jpg" C:\Windows\system32\reg.exe N/A

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\NicoVirus.rar

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\NicoVirus.rar"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\NicoVirus\NicoVirus.bat" "

C:\Windows\system32\reg.exe

reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v Wallpaper /t REG_SZ /d "C:\Users\Admin\Desktop\NicoVirus\f.jpg" /f

C:\Windows\system32\rundll32.exe

RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters

C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE

"C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE"

C:\Windows\system32\cmd.exe

cmd

C:\Windows\explorer.exe

explorer

C:\Windows\system32\control.exe

control

C:\Windows\system32\calc.exe

calc

C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE

"C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE"

C:\Windows\system32\cmd.exe

cmd

C:\Windows\explorer.exe

explorer

C:\Windows\system32\control.exe

control

C:\Windows\system32\calc.exe

calc

C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE

"C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE"

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding

C:\Windows\system32\cmd.exe

cmd

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\explorer.exe

explorer

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\control.exe

control

C:\Windows\system32\calc.exe

calc

C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE

"C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE"

C:\Windows\system32\cmd.exe

cmd

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\explorer.exe

explorer

C:\Windows\system32\control.exe

control

C:\Windows\system32\calc.exe

calc

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE

"C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE"

C:\Windows\system32\cmd.exe

cmd

C:\Windows\explorer.exe

explorer

C:\Windows\system32\control.exe

control

C:\Windows\system32\calc.exe

calc

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE

"C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\cmd.exe

cmd

C:\Windows\explorer.exe

explorer

C:\Windows\system32\control.exe

control

C:\Windows\system32\calc.exe

calc

C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE

"C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE"

C:\Windows\system32\cmd.exe

cmd

C:\Windows\explorer.exe

explorer

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\control.exe

control

C:\Windows\system32\calc.exe

calc

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

C:\Windows\system32\PING.EXE

ping -n 10000 localhost

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 roaming.officeapps.live.com udp
GB 52.109.28.47:443 roaming.officeapps.live.com tcp
US 8.8.8.8:53 97.32.109.52.in-addr.arpa udp
US 8.8.8.8:53 47.28.109.52.in-addr.arpa udp
US 8.8.8.8:53 63.141.182.52.in-addr.arpa udp
US 8.8.8.8:53 metadata.templates.cdn.office.net udp
BE 88.221.83.210:443 metadata.templates.cdn.office.net tcp
US 8.8.8.8:53 binaries.templates.cdn.office.net udp
US 2.17.251.32:443 binaries.templates.cdn.office.net tcp
US 2.17.251.32:443 binaries.templates.cdn.office.net tcp
US 2.17.251.32:443 binaries.templates.cdn.office.net tcp
US 2.17.251.32:443 binaries.templates.cdn.office.net tcp
US 2.17.251.32:443 binaries.templates.cdn.office.net tcp
US 2.17.251.32:443 binaries.templates.cdn.office.net tcp
US 2.17.251.32:443 binaries.templates.cdn.office.net tcp
US 2.17.251.32:443 binaries.templates.cdn.office.net tcp
US 2.17.251.32:443 binaries.templates.cdn.office.net tcp
US 2.17.251.32:443 binaries.templates.cdn.office.net tcp
US 2.17.251.32:443 binaries.templates.cdn.office.net tcp
US 2.17.251.32:443 binaries.templates.cdn.office.net tcp
US 2.17.251.32:443 binaries.templates.cdn.office.net tcp
US 2.17.251.32:443 binaries.templates.cdn.office.net tcp
US 2.17.251.32:443 binaries.templates.cdn.office.net tcp
US 2.17.251.32:443 binaries.templates.cdn.office.net tcp
US 2.17.251.32:443 binaries.templates.cdn.office.net tcp
US 2.17.251.32:443 binaries.templates.cdn.office.net tcp
US 2.17.251.32:443 binaries.templates.cdn.office.net tcp
US 2.17.251.32:443 binaries.templates.cdn.office.net tcp
US 2.17.251.32:443 binaries.templates.cdn.office.net tcp
US 8.8.8.8:53 210.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 32.251.17.2.in-addr.arpa udp

Files

C:\Users\Admin\Desktop\NicoVirus\NicoVirus.bat

MD5 d0502e79eb346e37f4bda5d0ce2fb53a
SHA1 23d9ae0e4a7407c3a3fa420776b6db2bef6dc9e4
SHA256 25e7c55a59d3d9fec976fc6dc401cbe6cb35bc57b9cd3e912b07551765aafdc3
SHA512 ce2bfc97a89540ae8ff8ab5bf2acd85f0d4d5206f0c35922dd6bc50b08f666f306b9f8baed755040a8b4fb4e950629e305d2e1f3647fc1d6c0d7bddf89270789

memory/5052-5-0x00007FF7CD3F0000-0x00007FF7CD400000-memory.dmp

memory/5052-8-0x00007FF7CD3F0000-0x00007FF7CD400000-memory.dmp

memory/5052-9-0x00007FF7CD3F0000-0x00007FF7CD400000-memory.dmp

memory/5052-7-0x00007FF7CD3F0000-0x00007FF7CD400000-memory.dmp

memory/5052-6-0x00007FF7CD3F0000-0x00007FF7CD400000-memory.dmp

memory/5052-10-0x00007FF7CB1E0000-0x00007FF7CB1F0000-memory.dmp

memory/5052-19-0x00007FF7CB1E0000-0x00007FF7CB1F0000-memory.dmp

memory/4156-32-0x00007FF7CD3F0000-0x00007FF7CD400000-memory.dmp

memory/4156-31-0x00007FF7CD3F0000-0x00007FF7CD400000-memory.dmp

memory/4156-34-0x00007FF7CD3F0000-0x00007FF7CD400000-memory.dmp

memory/4156-33-0x00007FF7CD3F0000-0x00007FF7CD400000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\TCD735D.tmp\iso690.xsl

MD5 ff0e07eff1333cdf9fc2523d323dd654
SHA1 77a1ae0dd8dbc3fee65dd6266f31e2a564d088a4
SHA256 3f925e0cc1542f09de1f99060899eafb0042bb9682507c907173c392115a44b5
SHA512 b4615f995fab87661c2dbe46625aa982215d7bde27cafae221dca76087fe76da4b4a381943436fcac1577cb3d260d0050b32b7b93e3eb07912494429f126bb3d