Analysis
-
max time kernel
98s -
max time network
124s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
-
submitted
19/07/2024, 17:50
General
-
Target
5d02c2dbc14460660b0d3dd2509f078a_JaffaCakes118.exe
-
Size
91KB
-
MD5
5d02c2dbc14460660b0d3dd2509f078a
-
SHA1
2148d0c47021bfd9c601d415816202dd36f14a1a
-
SHA256
85d49ac2051c839d3df8b3724c74cc41cc198bc380f626af3287480a0a830b18
-
SHA512
676eccb27680a62247bd984be2d948b5b50e0b9e589eb145276494044160e212419d8ea50127038865f5483528f80afd9fc8344e495a1cf12a769adb30a00174
-
SSDEEP
1536:WHQt5bZFFb09ksiH/WFDmsN349sRMXFmX2Ae9noySYcJHiA:Ldb0910sB49VMHN
Score
8/10
Malware Config
Signatures
-
Event Triggered Execution: Image File Execution Options Injection 1 TTPs 64 IoCs
-
Checks computer location settings 2 TTPs 64 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 64 IoCs
-
Adds Run key to start application 2 TTPs 60 IoCs
-
Drops file in System32 directory 64 IoCs
-
Suspicious use of SetThreadContext 60 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 60 IoCs
-
Runs ping.exe 1 TTPs 64 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of AdjustPrivilegeToken 59 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5d02c2dbc14460660b0d3dd2509f078a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\5d02c2dbc14460660b0d3dd2509f078a_JaffaCakes118.exe"1⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\5d02c2dbc14460660b0d3dd2509f078a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\5d02c2dbc14460660b0d3dd2509f078a_JaffaCakes118.exe"2⤵
- Checks computer location settings
- Adds Run key to start application
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\avsysdb.exe"C:\Windows\system32\avsysdb.exe"3⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\avsysdb.exe"C:\Windows\SysWOW64\avsysdb.exe"4⤵
- Event Triggered Execution: Image File Execution Options Injection
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\avgvcmd.exe"C:\Windows\system32\avgvcmd.exe"5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\avgvcmd.exe"C:\Windows\SysWOW64\avgvcmd.exe"6⤵
- Event Triggered Execution: Image File Execution Options Injection
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\avscpd.exe"C:\Windows\system32\avscpd.exe"7⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\avscpd.exe"C:\Windows\SysWOW64\avscpd.exe"8⤵
- Event Triggered Execution: Image File Execution Options Injection
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\avgvsca.exe"C:\Windows\system32\avgvsca.exe"9⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\avgvsca.exe"C:\Windows\SysWOW64\avgvsca.exe"10⤵
- Event Triggered Execution: Image File Execution Options Injection
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\avmgsec.exe"C:\Windows\system32\avmgsec.exe"11⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\avmgsec.exe"C:\Windows\SysWOW64\avmgsec.exe"12⤵
- Event Triggered Execution: Image File Execution Options Injection
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\avghsta.exe"C:\Windows\system32\avghsta.exe"13⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\avghsta.exe"C:\Windows\SysWOW64\avghsta.exe"14⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\avsysdb.exe"C:\Windows\system32\avsysdb.exe"15⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\avsysdb.exe"C:\Windows\SysWOW64\avsysdb.exe"16⤵
- Event Triggered Execution: Image File Execution Options Injection
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\avrmnta.exe"C:\Windows\system32\avrmnta.exe"17⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\avrmnta.exe"C:\Windows\SysWOW64\avrmnta.exe"18⤵
- Event Triggered Execution: Image File Execution Options Injection
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\avghsta.exe"C:\Windows\system32\avghsta.exe"19⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\avghsta.exe"C:\Windows\SysWOW64\avghsta.exe"20⤵
- Event Triggered Execution: Image File Execution Options Injection
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\avgvcnt.exe"C:\Windows\system32\avgvcnt.exe"21⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\avgvcnt.exe"C:\Windows\SysWOW64\avgvcnt.exe"22⤵
- Event Triggered Execution: Image File Execution Options Injection
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\avgvcmd.exe"C:\Windows\system32\avgvcmd.exe"23⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\avgvcmd.exe"C:\Windows\SysWOW64\avgvcmd.exe"24⤵
- Event Triggered Execution: Image File Execution Options Injection
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\avgvmain.exe"C:\Windows\system32\avgvmain.exe"25⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\avgvmain.exe"C:\Windows\SysWOW64\avgvmain.exe"26⤵
- Event Triggered Execution: Image File Execution Options Injection
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\avgvmgr.exe"C:\Windows\system32\avgvmgr.exe"27⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\avgvmgr.exe"C:\Windows\SysWOW64\avgvmgr.exe"28⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\avgvcnt.exe"C:\Windows\system32\avgvcnt.exe"29⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\avgvcnt.exe"C:\Windows\SysWOW64\avgvcnt.exe"30⤵
- Event Triggered Execution: Image File Execution Options Injection
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\avgvsm.exe"C:\Windows\system32\avgvsm.exe"31⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\avgvsm.exe"C:\Windows\SysWOW64\avgvsm.exe"32⤵
- Event Triggered Execution: Image File Execution Options Injection
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\avgvsca.exe"C:\Windows\system32\avgvsca.exe"33⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\avgvsca.exe"C:\Windows\SysWOW64\avgvsca.exe"34⤵
- Event Triggered Execution: Image File Execution Options Injection
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\avsysdb.exe"C:\Windows\system32\avsysdb.exe"35⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\avsysdb.exe"C:\Windows\SysWOW64\avsysdb.exe"36⤵
- Event Triggered Execution: Image File Execution Options Injection
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\avmgsec.exe"C:\Windows\system32\avmgsec.exe"37⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\avmgsec.exe"C:\Windows\SysWOW64\avmgsec.exe"38⤵
- Event Triggered Execution: Image File Execution Options Injection
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\avmptr.exe"C:\Windows\system32\avmptr.exe"39⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\avmptr.exe"C:\Windows\SysWOW64\avmptr.exe"40⤵
- Event Triggered Execution: Image File Execution Options Injection
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\avgvsca.exe"C:\Windows\system32\avgvsca.exe"41⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\avgvsca.exe"C:\Windows\SysWOW64\avgvsca.exe"42⤵
- Event Triggered Execution: Image File Execution Options Injection
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\avrmnta.exe"C:\Windows\system32\avrmnta.exe"43⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\avrmnta.exe"C:\Windows\SysWOW64\avrmnta.exe"44⤵
- Event Triggered Execution: Image File Execution Options Injection
- Executes dropped EXE
- Adds Run key to start application
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\avgvmgr.exe"C:\Windows\system32\avgvmgr.exe"45⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\avgvmgr.exe"C:\Windows\SysWOW64\avgvmgr.exe"46⤵
- Event Triggered Execution: Image File Execution Options Injection
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\avgvspc.exe"C:\Windows\system32\avgvspc.exe"47⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\avgvspc.exe"C:\Windows\SysWOW64\avgvspc.exe"48⤵
- Event Triggered Execution: Image File Execution Options Injection
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\avgvrnd.exe"C:\Windows\system32\avgvrnd.exe"49⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\avgvrnd.exe"C:\Windows\SysWOW64\avgvrnd.exe"50⤵
- Event Triggered Execution: Image File Execution Options Injection
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\avgvmain.exe"C:\Windows\system32\avgvmain.exe"51⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\avgvmain.exe"C:\Windows\SysWOW64\avgvmain.exe"52⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\avgvmgr.exe"C:\Windows\system32\avgvmgr.exe"53⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\avgvmgr.exe"C:\Windows\SysWOW64\avgvmgr.exe"54⤵
- Event Triggered Execution: Image File Execution Options Injection
- Executes dropped EXE
- Adds Run key to start application
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\avgvmgr.exe"C:\Windows\system32\avgvmgr.exe"55⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\avgvmgr.exe"C:\Windows\SysWOW64\avgvmgr.exe"56⤵
- Event Triggered Execution: Image File Execution Options Injection
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\avgvcnt.exe"C:\Windows\system32\avgvcnt.exe"57⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\avgvcnt.exe"C:\Windows\SysWOW64\avgvcnt.exe"58⤵
- Event Triggered Execution: Image File Execution Options Injection
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\avgvcmd.exe"C:\Windows\system32\avgvcmd.exe"59⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\avgvcmd.exe"C:\Windows\SysWOW64\avgvcmd.exe"60⤵
- Event Triggered Execution: Image File Execution Options Injection
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\avscpd.exe"C:\Windows\system32\avscpd.exe"61⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\avscpd.exe"C:\Windows\SysWOW64\avscpd.exe"62⤵
- Executes dropped EXE
- Adds Run key to start application
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\avscang.exe"C:\Windows\system32\avscang.exe"63⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\avscang.exe"C:\Windows\SysWOW64\avscang.exe"64⤵
- Event Triggered Execution: Image File Execution Options Injection
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\avgvcmd.exe"C:\Windows\system32\avgvcmd.exe"65⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\avgvcmd.exe"C:\Windows\SysWOW64\avgvcmd.exe"66⤵
- Event Triggered Execution: Image File Execution Options Injection
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\avgvmain.exe"C:\Windows\system32\avgvmain.exe"67⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\avgvmain.exe"C:\Windows\SysWOW64\avgvmain.exe"68⤵
- Event Triggered Execution: Image File Execution Options Injection
- Checks computer location settings
- Adds Run key to start application
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\avruncm.exe"C:\Windows\system32\avruncm.exe"69⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\avruncm.exe"C:\Windows\SysWOW64\avruncm.exe"70⤵
- Event Triggered Execution: Image File Execution Options Injection
- Adds Run key to start application
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\avruncm.exe"C:\Windows\system32\avruncm.exe"71⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\avruncm.exe"C:\Windows\SysWOW64\avruncm.exe"72⤵
- Event Triggered Execution: Image File Execution Options Injection
- Checks computer location settings
- Adds Run key to start application
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\avghsta.exe"C:\Windows\system32\avghsta.exe"73⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\avghsta.exe"C:\Windows\SysWOW64\avghsta.exe"74⤵
- Adds Run key to start application
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\avghsta.exe"C:\Windows\system32\avghsta.exe"75⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\avghsta.exe"C:\Windows\SysWOW64\avghsta.exe"76⤵
- Checks computer location settings
- Adds Run key to start application
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\avgvspc.exe"C:\Windows\system32\avgvspc.exe"77⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\avgvspc.exe"C:\Windows\SysWOW64\avgvspc.exe"78⤵
- Checks computer location settings
- Adds Run key to start application
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\avscang.exe"C:\Windows\system32\avscang.exe"79⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\avscang.exe"C:\Windows\SysWOW64\avscang.exe"80⤵
- Adds Run key to start application
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c "for /L %a in (1,1,30) do del "C:\Windows\SysWOW64\avscang.exe" && if exist "C:\Windows\SysWOW64\avscang.exe" ping -n 2 0.0.0.0"80⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\avgvspc.exe > nul79⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c "for /L %a in (1,1,30) do del "C:\Windows\SysWOW64\avgvspc.exe" && if exist "C:\Windows\SysWOW64\avgvspc.exe" ping -n 2 0.0.0.0"78⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.079⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.079⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\avghsta.exe > nul77⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c "for /L %a in (1,1,30) do del "C:\Windows\SysWOW64\avghsta.exe" && if exist "C:\Windows\SysWOW64\avghsta.exe" ping -n 2 0.0.0.0"76⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV177⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.077⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.077⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.077⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\avghsta.exe > nul75⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c "for /L %a in (1,1,30) do del "C:\Windows\SysWOW64\avghsta.exe" && if exist "C:\Windows\SysWOW64\avghsta.exe" ping -n 2 0.0.0.0"74⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.075⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.075⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.075⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.075⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.075⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\avruncm.exe > nul73⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV174⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c "for /L %a in (1,1,30) do del "C:\Windows\SysWOW64\avruncm.exe" && if exist "C:\Windows\SysWOW64\avruncm.exe" ping -n 2 0.0.0.0"72⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV173⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.073⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.073⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.073⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.073⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.073⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.073⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\avruncm.exe > nul71⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV172⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c "for /L %a in (1,1,30) do del "C:\Windows\SysWOW64\avruncm.exe" && if exist "C:\Windows\SysWOW64\avruncm.exe" ping -n 2 0.0.0.0"70⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV171⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.071⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.071⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.071⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.071⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.071⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.071⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.071⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.071⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\avgvmain.exe > nul69⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c "for /L %a in (1,1,30) do del "C:\Windows\SysWOW64\avgvmain.exe" && if exist "C:\Windows\SysWOW64\avgvmain.exe" ping -n 2 0.0.0.0"68⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.069⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.069⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.069⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.069⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.069⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.069⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.069⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.069⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.069⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\avgvcmd.exe > nul67⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c "for /L %a in (1,1,30) do del "C:\Windows\SysWOW64\avgvcmd.exe" && if exist "C:\Windows\SysWOW64\avgvcmd.exe" ping -n 2 0.0.0.0"66⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.067⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.067⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.067⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.067⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.067⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.067⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.067⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.067⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.067⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.067⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.067⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\avscang.exe > nul65⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV166⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c "for /L %a in (1,1,30) do del "C:\Windows\SysWOW64\avscang.exe" && if exist "C:\Windows\SysWOW64\avscang.exe" ping -n 2 0.0.0.0"64⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV165⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.065⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.065⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.065⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.065⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.065⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.065⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.065⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.065⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.065⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.065⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.065⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.065⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\avscpd.exe > nul63⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c "for /L %a in (1,1,30) do del "C:\Windows\SysWOW64\avscpd.exe" && if exist "C:\Windows\SysWOW64\avscpd.exe" ping -n 2 0.0.0.0"62⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.063⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.063⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.063⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.063⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.063⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.063⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.063⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.063⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.063⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.063⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.063⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.063⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.063⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\avgvcmd.exe > nul61⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c "for /L %a in (1,1,30) do del "C:\Windows\SysWOW64\avgvcmd.exe" && if exist "C:\Windows\SysWOW64\avgvcmd.exe" ping -n 2 0.0.0.0"60⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV161⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.061⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.061⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.061⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.061⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.061⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.061⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.061⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.061⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.061⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.061⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.061⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.061⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.061⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.061⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.061⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\avgvcnt.exe > nul59⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c "for /L %a in (1,1,30) do del "C:\Windows\SysWOW64\avgvcnt.exe" && if exist "C:\Windows\SysWOW64\avgvcnt.exe" ping -n 2 0.0.0.0"58⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.059⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.059⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.059⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.059⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.059⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.059⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.059⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.059⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.059⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.059⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.059⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.059⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.059⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.059⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.059⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.059⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\avgvmgr.exe > nul57⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c "for /L %a in (1,1,30) do del "C:\Windows\SysWOW64\avgvmgr.exe" && if exist "C:\Windows\SysWOW64\avgvmgr.exe" ping -n 2 0.0.0.0"56⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.057⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.057⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.057⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.057⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.057⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.057⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.057⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.057⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.057⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.057⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.057⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.057⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.057⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.057⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.057⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.057⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.057⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.057⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\avgvmgr.exe > nul55⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c "for /L %a in (1,1,30) do del "C:\Windows\SysWOW64\avgvmgr.exe" && if exist "C:\Windows\SysWOW64\avgvmgr.exe" ping -n 2 0.0.0.0"54⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.055⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.055⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.055⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.055⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.055⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.055⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.055⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.055⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.055⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.055⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.055⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.055⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.055⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.055⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.055⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.055⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.055⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.055⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.055⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\avgvmain.exe > nul53⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c "for /L %a in (1,1,30) do del "C:\Windows\SysWOW64\avgvmain.exe" && if exist "C:\Windows\SysWOW64\avgvmain.exe" ping -n 2 0.0.0.0"52⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV153⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.053⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.053⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.053⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.053⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.053⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.053⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.053⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.053⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.053⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.053⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.053⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.053⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.053⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.053⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.053⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.053⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.053⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.053⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.053⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.053⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.053⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\avgvrnd.exe > nul51⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c "for /L %a in (1,1,30) do del "C:\Windows\SysWOW64\avgvrnd.exe" && if exist "C:\Windows\SysWOW64\avgvrnd.exe" ping -n 2 0.0.0.0"50⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.051⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.051⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.051⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.051⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.051⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.051⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.051⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.051⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.051⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.051⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.051⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.051⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.051⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.051⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.051⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.051⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.051⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.051⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.051⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.051⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.051⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.051⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\avgvspc.exe > nul49⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c "for /L %a in (1,1,30) do del "C:\Windows\SysWOW64\avgvspc.exe" && if exist "C:\Windows\SysWOW64\avgvspc.exe" ping -n 2 0.0.0.0"48⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.049⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.049⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.049⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.049⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.049⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.049⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.049⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.049⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.049⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.049⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.049⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.049⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.049⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.049⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.049⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.049⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.049⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.049⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.049⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.049⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.049⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.049⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.049⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\avgvmgr.exe > nul47⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c "for /L %a in (1,1,30) do del "C:\Windows\SysWOW64\avgvmgr.exe" && if exist "C:\Windows\SysWOW64\avgvmgr.exe" ping -n 2 0.0.0.0"46⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.047⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.047⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.047⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.047⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.047⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.047⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.047⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.047⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.047⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.047⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.047⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.047⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.047⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.047⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.047⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.047⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.047⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.047⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.047⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.047⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.047⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.047⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.047⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.047⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.047⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\avrmnta.exe > nul45⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c "for /L %a in (1,1,30) do del "C:\Windows\SysWOW64\avrmnta.exe" && if exist "C:\Windows\SysWOW64\avrmnta.exe" ping -n 2 0.0.0.0"44⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.045⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.045⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.045⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.045⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.045⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.045⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.045⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.045⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.045⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.045⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.045⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.045⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.045⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.045⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.045⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.045⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.045⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.045⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.045⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.045⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.045⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.045⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.045⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.045⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.045⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.045⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\avgvsca.exe > nul43⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c "for /L %a in (1,1,30) do del "C:\Windows\SysWOW64\avgvsca.exe" && if exist "C:\Windows\SysWOW64\avgvsca.exe" ping -n 2 0.0.0.0"42⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.043⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.043⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.043⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.043⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.043⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.043⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.043⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.043⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.043⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.043⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.043⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.043⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.043⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.043⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.043⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.043⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.043⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.043⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.043⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.043⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.043⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.043⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.043⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.043⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.043⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.043⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.043⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.043⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\avmptr.exe > nul41⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c "for /L %a in (1,1,30) do del "C:\Windows\SysWOW64\avmptr.exe" && if exist "C:\Windows\SysWOW64\avmptr.exe" ping -n 2 0.0.0.0"40⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.041⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.041⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.041⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.041⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.041⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.041⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.041⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.041⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.041⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.041⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.041⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.041⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.041⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.041⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.041⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.041⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.041⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.041⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.041⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.041⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.041⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.041⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.041⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.041⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.041⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.041⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.041⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.041⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.041⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\avmgsec.exe > nul39⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c "for /L %a in (1,1,30) do del "C:\Windows\SysWOW64\avmgsec.exe" && if exist "C:\Windows\SysWOW64\avmgsec.exe" ping -n 2 0.0.0.0"38⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV139⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.039⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.039⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.039⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.039⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.039⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.039⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.039⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.039⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.039⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.039⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.039⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.039⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.039⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.039⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.039⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.039⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.039⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.039⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.039⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.039⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.039⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.039⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.039⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.039⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.039⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.039⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.039⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.039⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.039⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.039⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\avsysdb.exe > nul37⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c "for /L %a in (1,1,30) do del "C:\Windows\SysWOW64\avsysdb.exe" && if exist "C:\Windows\SysWOW64\avsysdb.exe" ping -n 2 0.0.0.0"36⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV137⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.037⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.037⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.037⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.037⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.037⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.037⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.037⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.037⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.037⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.037⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.037⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.037⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.037⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.037⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.037⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.037⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.037⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.037⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.037⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.037⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.037⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.037⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.037⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.037⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.037⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.037⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.037⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.037⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.037⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.037⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\avgvsca.exe > nul35⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c "for /L %a in (1,1,30) do del "C:\Windows\SysWOW64\avgvsca.exe" && if exist "C:\Windows\SysWOW64\avgvsca.exe" ping -n 2 0.0.0.0"34⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.035⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.035⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.035⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.035⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.035⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.035⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.035⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.035⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.035⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.035⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.035⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.035⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.035⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.035⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.035⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.035⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.035⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.035⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.035⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.035⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.035⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.035⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.035⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.035⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.035⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.035⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.035⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.035⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.035⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.035⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\avgvsm.exe > nul33⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c "for /L %a in (1,1,30) do del "C:\Windows\SysWOW64\avgvsm.exe" && if exist "C:\Windows\SysWOW64\avgvsm.exe" ping -n 2 0.0.0.0"32⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.033⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.033⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.033⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.033⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.033⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.033⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.033⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.033⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.033⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.033⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.033⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.033⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.033⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.033⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.033⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.033⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.033⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.033⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.033⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.033⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.033⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.033⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.033⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.033⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.033⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.033⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.033⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.033⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.033⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.033⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\avgvcnt.exe > nul31⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c "for /L %a in (1,1,30) do del "C:\Windows\SysWOW64\avgvcnt.exe" && if exist "C:\Windows\SysWOW64\avgvcnt.exe" ping -n 2 0.0.0.0"30⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.031⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.031⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.031⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.031⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.031⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.031⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.031⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.031⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.031⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.031⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.031⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.031⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.031⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.031⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.031⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.031⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.031⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.031⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.031⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.031⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.031⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.031⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.031⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.031⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.031⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.031⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.031⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.031⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.031⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.031⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\avgvmgr.exe > nul29⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c "for /L %a in (1,1,30) do del "C:\Windows\SysWOW64\avgvmgr.exe" && if exist "C:\Windows\SysWOW64\avgvmgr.exe" ping -n 2 0.0.0.0"28⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.029⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.029⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.029⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.029⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.029⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.029⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.029⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.029⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.029⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.029⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.029⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.029⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.029⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.029⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.029⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.029⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.029⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.029⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.029⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.029⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.029⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.029⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.029⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.029⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.029⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.029⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.029⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.029⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.029⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.029⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\avgvmain.exe > nul27⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c "for /L %a in (1,1,30) do del "C:\Windows\SysWOW64\avgvmain.exe" && if exist "C:\Windows\SysWOW64\avgvmain.exe" ping -n 2 0.0.0.0"26⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.027⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.027⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.027⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.027⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.027⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.027⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.027⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.027⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.027⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.027⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.027⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.027⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.027⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.027⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.027⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.027⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.027⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.027⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.027⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.027⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.027⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.027⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.027⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.027⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.027⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.027⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.027⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.027⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.027⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.027⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\avgvcmd.exe > nul25⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c "for /L %a in (1,1,30) do del "C:\Windows\SysWOW64\avgvcmd.exe" && if exist "C:\Windows\SysWOW64\avgvcmd.exe" ping -n 2 0.0.0.0"24⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.025⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.025⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.025⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.025⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.025⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.025⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.025⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.025⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.025⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.025⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.025⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.025⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.025⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.025⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.025⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.025⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.025⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.025⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.025⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.025⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.025⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.025⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.025⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.025⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.025⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.025⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.025⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.025⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.025⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.025⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\avgvcnt.exe > nul23⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c "for /L %a in (1,1,30) do del "C:\Windows\SysWOW64\avgvcnt.exe" && if exist "C:\Windows\SysWOW64\avgvcnt.exe" ping -n 2 0.0.0.0"22⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.023⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.023⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.023⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.023⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.023⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.023⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.023⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.023⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.023⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.023⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.023⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.023⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.023⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.023⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.023⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.023⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.023⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.023⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.023⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.023⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.023⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.023⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.023⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.023⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.023⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.023⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.023⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.023⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.023⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.023⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\avghsta.exe > nul21⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c "for /L %a in (1,1,30) do del "C:\Windows\SysWOW64\avghsta.exe" && if exist "C:\Windows\SysWOW64\avghsta.exe" ping -n 2 0.0.0.0"20⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.021⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.021⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.021⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.021⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.021⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.021⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.021⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.021⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.021⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.021⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.021⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.021⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.021⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.021⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.021⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.021⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.021⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.021⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.021⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.021⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.021⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.021⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.021⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.021⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.021⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.021⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.021⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.021⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.021⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.021⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\avrmnta.exe > nul19⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c "for /L %a in (1,1,30) do del "C:\Windows\SysWOW64\avrmnta.exe" && if exist "C:\Windows\SysWOW64\avrmnta.exe" ping -n 2 0.0.0.0"18⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.019⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.019⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.019⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.019⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.019⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.019⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.019⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.019⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.019⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.019⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.019⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.019⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.019⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.019⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.019⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.019⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.019⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.019⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.019⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.019⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.019⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.019⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.019⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.019⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.019⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.019⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.019⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.019⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.019⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.019⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\avsysdb.exe > nul17⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c "for /L %a in (1,1,30) do del "C:\Windows\SysWOW64\avsysdb.exe" && if exist "C:\Windows\SysWOW64\avsysdb.exe" ping -n 2 0.0.0.0"16⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.017⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.017⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.017⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.017⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.017⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.017⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.017⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.017⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.017⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.017⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.017⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.017⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.017⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.017⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.017⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.017⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.017⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.017⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.017⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.017⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.017⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.017⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.017⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.017⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.017⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.017⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.017⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.017⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.017⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.017⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\avghsta.exe > nul15⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c "for /L %a in (1,1,30) do del "C:\Windows\SysWOW64\avghsta.exe" && if exist "C:\Windows\SysWOW64\avghsta.exe" ping -n 2 0.0.0.0"14⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.015⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.015⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.015⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.015⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.015⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.015⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.015⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.015⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.015⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.015⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.015⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.015⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.015⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.015⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.015⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.015⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.015⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.015⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.015⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.015⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.015⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.015⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.015⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.015⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.015⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.015⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.015⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.015⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.015⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.015⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\avmgsec.exe > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c "for /L %a in (1,1,30) do del "C:\Windows\SysWOW64\avmgsec.exe" && if exist "C:\Windows\SysWOW64\avmgsec.exe" ping -n 2 0.0.0.0"12⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.013⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.013⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.013⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.013⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.013⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.013⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.013⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.013⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.013⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.013⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.013⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.013⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.013⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.013⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.013⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.013⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.013⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.013⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.013⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.013⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.013⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.013⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.013⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.013⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.013⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.013⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.013⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.013⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.013⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.013⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\avgvsca.exe > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c "for /L %a in (1,1,30) do del "C:\Windows\SysWOW64\avgvsca.exe" && if exist "C:\Windows\SysWOW64\avgvsca.exe" ping -n 2 0.0.0.0"10⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.011⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.011⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.011⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.011⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.011⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.011⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.011⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.011⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.011⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.011⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.011⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.011⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.011⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.011⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.011⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.011⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.011⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.011⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.011⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.011⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.011⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.011⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.011⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.011⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.011⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.011⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.011⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.011⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.011⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.011⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\avscpd.exe > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c "for /L %a in (1,1,30) do del "C:\Windows\SysWOW64\avscpd.exe" && if exist "C:\Windows\SysWOW64\avscpd.exe" ping -n 2 0.0.0.0"8⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.09⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.09⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.09⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.09⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.09⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.09⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.09⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.09⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.09⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.09⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.09⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.09⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.09⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.09⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.09⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.09⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.09⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.09⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.09⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.09⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.09⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.09⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.09⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.09⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.09⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.09⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.09⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.09⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.09⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.09⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\avgvcmd.exe > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c "for /L %a in (1,1,30) do del "C:\Windows\SysWOW64\avgvcmd.exe" && if exist "C:\Windows\SysWOW64\avgvcmd.exe" ping -n 2 0.0.0.0"6⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.07⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.07⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.07⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.07⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.07⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.07⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.07⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.07⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.07⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.07⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.07⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.07⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.07⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.07⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.07⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.07⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.07⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.07⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.07⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.07⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.07⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.07⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.07⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.07⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.07⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.07⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.07⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.07⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.07⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.07⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\avsysdb.exe > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c "for /L %a in (1,1,30) do del "C:\Windows\SysWOW64\avsysdb.exe" && if exist "C:\Windows\SysWOW64\avsysdb.exe" ping -n 2 0.0.0.0"4⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.05⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.05⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.05⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.05⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.05⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.05⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.05⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.05⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.05⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.05⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.05⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.05⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.05⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.05⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.05⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.05⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.05⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.05⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.05⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.05⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.05⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.05⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.05⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.05⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.05⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.05⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.05⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.05⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.05⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.05⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del C:\Users\Admin\AppData\Local\Temp\5D02C2~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c "for /L %a in (1,1,30) do del "C:\Users\Admin\AppData\Local\Temp\5d02c2dbc14460660b0d3dd2509f078a_JaffaCakes118.exe" && if exist "C:\Users\Admin\AppData\Local\Temp\5d02c2dbc14460660b0d3dd2509f078a_JaffaCakes118.exe" ping -n 2 0.0.0.0"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.03⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.03⤵
-
-
-
C:\Windows\system32\backgroundTaskHost.exe"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca1⤵
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Image File Execution Options Injection
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
91KB
MD55d02c2dbc14460660b0d3dd2509f078a
SHA12148d0c47021bfd9c601d415816202dd36f14a1a
SHA25685d49ac2051c839d3df8b3724c74cc41cc198bc380f626af3287480a0a830b18
SHA512676eccb27680a62247bd984be2d948b5b50e0b9e589eb145276494044160e212419d8ea50127038865f5483528f80afd9fc8344e495a1cf12a769adb30a00174
-
Filesize
76KB
-
Filesize
76KB
-
Filesize
76KB
-
Filesize
76KB
-
Filesize
76KB
-
Filesize
76KB