Analysis
-
max time kernel
162s -
max time network
261s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
16/08/2024, 16:52
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://google.com
Resource
win10-20240404-en
11 signatures
1800 seconds
General
-
Target
https://google.com
Score
3/10
Malware Config
Signatures
-
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 64 IoCs
Adversaries may check for Internet connectivity on compromised systems.
pid Process 9220 Process not Found 25568 Process not Found 8544 PING.EXE 29232 Process not Found 3012 PING.EXE 13980 Process not Found 27932 Process not Found 8108 PING.EXE 16900 PING.EXE 9980 PING.EXE 3064 Process not Found 13424 PING.EXE 24024 Process not Found 7572 PING.EXE 26832 Process not Found 29320 Process not Found 5976 Process not Found 7248 Process not Found 2260 Process not Found 22500 Process not Found 20360 Process not Found 24916 Process not Found 24044 Process not Found 13444 Process not Found 11044 Process not Found 23972 Process not Found 5660 Process not Found 8548 Process not Found 22560 Process not Found 15804 PING.EXE 24012 Process not Found 20500 Process not Found 8444 Process not Found 10616 PING.EXE 5160 PING.EXE 14740 PING.EXE 26608 Process not Found 14632 Process not Found 8860 Process not Found 14132 Process not Found 24848 PING.EXE 25024 PING.EXE 9504 PING.EXE 4396 Process not Found 29436 Process not Found 10920 Process not Found 12932 Process not Found 19928 PING.EXE 17384 PING.EXE 8424 Process not Found 10380 Process not Found 20984 PING.EXE 22144 Process not Found 4328 PING.EXE 7456 Process not Found 21896 Process not Found 28532 Process not Found 9708 PING.EXE 10368 PING.EXE 6708 PING.EXE 15832 Process not Found 24068 Process not Found 25252 Process not Found 10348 PING.EXE -
Checks processor information in registry 2 TTPs 8 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings firefox.exe -
Opens file in notepad (likely ransom note) 1 IoCs
pid Process 2252 NOTEPAD.EXE -
Runs ping.exe 1 TTPs 64 IoCs
pid Process 23996 PING.EXE 6800 Process not Found 15636 Process not Found 8504 Process not Found 23684 Process not Found 13720 PING.EXE 2968 PING.EXE 6296 PING.EXE 17488 Process not Found 20580 Process not Found 5168 Process not Found 18548 Process not Found 7096 Process not Found 19928 PING.EXE 23668 PING.EXE 18556 PING.EXE 18872 Process not Found 15460 Process not Found 19676 PING.EXE 14656 PING.EXE 19116 Process not Found 1312 Process not Found 26400 Process not Found 8896 Process not Found 3580 Process not Found 27888 Process not Found 28252 Process not Found 12272 PING.EXE 28092 Process not Found 6296 Process not Found 8468 PING.EXE 19164 PING.EXE 20996 PING.EXE 17292 Process not Found 26092 Process not Found 8436 Process not Found 14212 Process not Found 22752 Process not Found 9372 Process not Found 14812 Process not Found 5956 PING.EXE 16792 PING.EXE 11920 Process not Found 24044 Process not Found 5884 PING.EXE 964 PING.EXE 16716 PING.EXE 19704 Process not Found 19588 Process not Found 24824 Process not Found 14404 Process not Found 23756 Process not Found 27172 Process not Found 12072 Process not Found 4724 PING.EXE 18384 PING.EXE 20812 Process not Found 21500 Process not Found 29320 Process not Found 11728 PING.EXE 29544 Process not Found 19020 PING.EXE 28328 Process not Found 19788 PING.EXE -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeDebugPrivilege 4612 firefox.exe Token: SeDebugPrivilege 4612 firefox.exe -
Suspicious use of FindShellTrayWindow 4 IoCs
pid Process 4612 firefox.exe 4612 firefox.exe 4612 firefox.exe 4612 firefox.exe -
Suspicious use of SendNotifyMessage 3 IoCs
pid Process 4612 firefox.exe 4612 firefox.exe 4612 firefox.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 4612 firefox.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3444 wrote to memory of 4612 3444 firefox.exe 75 PID 3444 wrote to memory of 4612 3444 firefox.exe 75 PID 3444 wrote to memory of 4612 3444 firefox.exe 75 PID 3444 wrote to memory of 4612 3444 firefox.exe 75 PID 3444 wrote to memory of 4612 3444 firefox.exe 75 PID 3444 wrote to memory of 4612 3444 firefox.exe 75 PID 3444 wrote to memory of 4612 3444 firefox.exe 75 PID 3444 wrote to memory of 4612 3444 firefox.exe 75 PID 3444 wrote to memory of 4612 3444 firefox.exe 75 PID 3444 wrote to memory of 4612 3444 firefox.exe 75 PID 3444 wrote to memory of 4612 3444 firefox.exe 75 PID 4612 wrote to memory of 4564 4612 firefox.exe 76 PID 4612 wrote to memory of 4564 4612 firefox.exe 76 PID 4612 wrote to memory of 4960 4612 firefox.exe 77 PID 4612 wrote to memory of 4960 4612 firefox.exe 77 PID 4612 wrote to memory of 4960 4612 firefox.exe 77 PID 4612 wrote to memory of 4960 4612 firefox.exe 77 PID 4612 wrote to memory of 4960 4612 firefox.exe 77 PID 4612 wrote to memory of 4960 4612 firefox.exe 77 PID 4612 wrote to memory of 4960 4612 firefox.exe 77 PID 4612 wrote to memory of 4960 4612 firefox.exe 77 PID 4612 wrote to memory of 4960 4612 firefox.exe 77 PID 4612 wrote to memory of 4960 4612 firefox.exe 77 PID 4612 wrote to memory of 4960 4612 firefox.exe 77 PID 4612 wrote to memory of 4960 4612 firefox.exe 77 PID 4612 wrote to memory of 4960 4612 firefox.exe 77 PID 4612 wrote to memory of 4960 4612 firefox.exe 77 PID 4612 wrote to memory of 4960 4612 firefox.exe 77 PID 4612 wrote to memory of 4960 4612 firefox.exe 77 PID 4612 wrote to memory of 4960 4612 firefox.exe 77 PID 4612 wrote to memory of 4960 4612 firefox.exe 77 PID 4612 wrote to memory of 4960 4612 firefox.exe 77 PID 4612 wrote to memory of 4960 4612 firefox.exe 77 PID 4612 wrote to memory of 4960 4612 firefox.exe 77 PID 4612 wrote to memory of 4960 4612 firefox.exe 77 PID 4612 wrote to memory of 4960 4612 firefox.exe 77 PID 4612 wrote to memory of 4960 4612 firefox.exe 77 PID 4612 wrote to memory of 4960 4612 firefox.exe 77 PID 4612 wrote to memory of 4960 4612 firefox.exe 77 PID 4612 wrote to memory of 4960 4612 firefox.exe 77 PID 4612 wrote to memory of 4960 4612 firefox.exe 77 PID 4612 wrote to memory of 4960 4612 firefox.exe 77 PID 4612 wrote to memory of 4960 4612 firefox.exe 77 PID 4612 wrote to memory of 4960 4612 firefox.exe 77 PID 4612 wrote to memory of 4960 4612 firefox.exe 77 PID 4612 wrote to memory of 4960 4612 firefox.exe 77 PID 4612 wrote to memory of 4960 4612 firefox.exe 77 PID 4612 wrote to memory of 4960 4612 firefox.exe 77 PID 4612 wrote to memory of 4960 4612 firefox.exe 77 PID 4612 wrote to memory of 4960 4612 firefox.exe 77 PID 4612 wrote to memory of 4960 4612 firefox.exe 77 PID 4612 wrote to memory of 4960 4612 firefox.exe 77 PID 4612 wrote to memory of 4960 4612 firefox.exe 77 PID 4612 wrote to memory of 4960 4612 firefox.exe 77 PID 4612 wrote to memory of 4960 4612 firefox.exe 77 PID 4612 wrote to memory of 4960 4612 firefox.exe 77 PID 4612 wrote to memory of 4960 4612 firefox.exe 77 PID 4612 wrote to memory of 4960 4612 firefox.exe 77 PID 4612 wrote to memory of 4960 4612 firefox.exe 77 PID 4612 wrote to memory of 4960 4612 firefox.exe 77 PID 4612 wrote to memory of 4960 4612 firefox.exe 77 PID 4612 wrote to memory of 5032 4612 firefox.exe 78 PID 4612 wrote to memory of 5032 4612 firefox.exe 78 PID 4612 wrote to memory of 5032 4612 firefox.exe 78 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://google.com"1⤵
- Suspicious use of WriteProcessMemory
PID:3444 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://google.com2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4612 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4612.0.894058985\1752081585" -parentBuildID 20221007134813 -prefsHandle 1692 -prefMapHandle 1684 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f75914ec-0e83-40d8-9dac-97c45a959b92} 4612 "\\.\pipe\gecko-crash-server-pipe.4612" 1772 1fbca0ef858 gpu3⤵PID:4564
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4612.1.1015039063\1884960910" -parentBuildID 20221007134813 -prefsHandle 2128 -prefMapHandle 2124 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a95ee0f5-0778-4831-a020-8b74571cebc9} 4612 "\\.\pipe\gecko-crash-server-pipe.4612" 2140 1fbca004458 socket3⤵
- Checks processor information in registry
PID:4960
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4612.2.1947333425\2121169125" -childID 1 -isForBrowser -prefsHandle 2812 -prefMapHandle 2788 -prefsLen 21711 -prefMapSize 233444 -jsInitHandle 1272 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {aff4be44-4d6c-4209-9714-31ab27adb23f} 4612 "\\.\pipe\gecko-crash-server-pipe.4612" 2996 1fbcded8258 tab3⤵PID:5032
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4612.3.1638844396\1023674866" -childID 2 -isForBrowser -prefsHandle 3568 -prefMapHandle 3564 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1272 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8bee7602-d0f3-4019-920d-1234ead7896b} 4612 "\\.\pipe\gecko-crash-server-pipe.4612" 3580 1fbbf061058 tab3⤵PID:664
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4612.4.40831341\1637787463" -childID 3 -isForBrowser -prefsHandle 4776 -prefMapHandle 4772 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1272 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f7b44649-91b1-4364-9c57-2349efd9dec9} 4612 "\\.\pipe\gecko-crash-server-pipe.4612" 4788 1fbd06a7058 tab3⤵PID:4140
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4612.5.908613082\516883418" -childID 4 -isForBrowser -prefsHandle 4928 -prefMapHandle 4932 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1272 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0105e913-b089-43ec-b732-26ab78f0ee43} 4612 "\\.\pipe\gecko-crash-server-pipe.4612" 4920 1fbd06a8e58 tab3⤵PID:4136
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4612.6.2020591663\1455326771" -childID 5 -isForBrowser -prefsHandle 5092 -prefMapHandle 5096 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1272 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0c025b60-9cea-4dd4-a829-b58912fc55fa} 4612 "\\.\pipe\gecko-crash-server-pipe.4612" 4696 1fbd0714b58 tab3⤵PID:2348
-
-
-
C:\Windows\System32\NOTEPAD.EXE"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\ddso.bat1⤵
- Opens file in notepad (likely ransom note)
PID:2252
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\ddso.bat" "1⤵PID:4340
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat2⤵PID:4740
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat3⤵PID:3224
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat4⤵PID:4348
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat5⤵PID:3088
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat6⤵PID:2724
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat7⤵PID:3968
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat8⤵PID:4660
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat9⤵PID:4544
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat10⤵PID:1296
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat11⤵PID:3564
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat12⤵PID:2296
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat13⤵PID:2776
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat14⤵PID:4148
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat15⤵PID:4332
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat16⤵PID:5084
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat17⤵PID:4608
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat18⤵PID:1968
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat19⤵PID:4840
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat20⤵PID:4296
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat21⤵PID:3616
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat22⤵PID:4216
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat23⤵PID:5124
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat24⤵PID:5192
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat25⤵PID:5260
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat26⤵PID:5328
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat27⤵PID:5396
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat28⤵PID:5464
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat29⤵PID:5532
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat30⤵PID:5600
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat31⤵PID:5668
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat32⤵PID:5736
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat33⤵PID:5804
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat34⤵PID:5872
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat35⤵PID:5940
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat36⤵PID:6008
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat37⤵PID:6076
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat38⤵PID:5136
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat39⤵PID:5748
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat40⤵PID:6188
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat41⤵PID:6256
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat42⤵PID:6324
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat43⤵PID:6392
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat44⤵PID:6460
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat45⤵PID:6528
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat46⤵PID:6596
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat47⤵PID:6664
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat48⤵PID:6732
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat49⤵PID:6804
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat50⤵PID:6884
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat51⤵PID:6968
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat52⤵PID:7036
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat53⤵PID:7104
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat54⤵PID:6200
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat55⤵PID:6952
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat56⤵PID:7224
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat57⤵PID:7292
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat58⤵PID:7360
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat59⤵PID:7428
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat60⤵PID:7496
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat61⤵PID:7564
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat62⤵PID:7876
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat63⤵PID:7944
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat64⤵PID:8012
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat65⤵PID:8080
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat66⤵PID:8148
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat67⤵PID:7584
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat68⤵PID:8236
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat69⤵PID:8304
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat70⤵PID:8372
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat71⤵PID:8440
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat72⤵PID:8508
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat73⤵PID:8576
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat74⤵PID:8644
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat75⤵PID:8712
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat76⤵PID:8780
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat77⤵PID:8852
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat78⤵PID:8920
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat79⤵PID:8988
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat80⤵PID:9056
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat81⤵PID:9124
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat82⤵PID:9192
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat83⤵PID:8932
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat84⤵PID:9264
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat85⤵PID:9332
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat86⤵PID:9400
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat87⤵PID:9468
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat88⤵PID:9536
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat89⤵PID:9604
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat90⤵PID:9672
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat91⤵PID:9740
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat92⤵PID:9808
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat93⤵PID:9876
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat94⤵PID:9944
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat95⤵PID:10012
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat96⤵PID:10080
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat97⤵PID:10148
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat98⤵PID:10216
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat99⤵PID:9956
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat100⤵PID:1036
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat101⤵PID:10312
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat102⤵PID:10380
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat103⤵PID:10448
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat104⤵PID:10516
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat105⤵PID:10584
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat106⤵PID:10652
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat107⤵PID:10720
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat108⤵PID:10788
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat109⤵PID:10856
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat110⤵PID:10924
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat111⤵PID:10992
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat112⤵PID:11064
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat113⤵PID:11132
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat114⤵PID:11200
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat115⤵PID:10244
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat116⤵PID:10324
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat117⤵PID:10528
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat118⤵PID:11004
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat119⤵PID:3804
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat120⤵PID:11284
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat121⤵PID:11352
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K ddso.bat122⤵PID:11420
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-