Analysis
-
max time kernel
150s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
19/08/2024, 11:06
General
-
Target
aa65483e4d8cd10c7ce8bacc309bc0b1JaffaCakes118.exe
-
Size
103KB
-
MD5
aa65483e4d8cd10c7ce8bacc309bc0b1
-
SHA1
5e4b25626f3606a6ea7669074659fb544441bf81
-
SHA256
574b02890cf382dd0571e15ae8888e80ac37124813136ea17c68491c3699e488
-
SHA512
740e226540a9dec5c75876295c80ff587d0cd4a123dedc7f77728488a706ed3bf0c39381f1ea8977e6a9e6cf3211a42f778d51e5be8c50416616d174fe8ae9a6
-
SSDEEP
1536:dl7ZhWzeiygbFdmg1h55r1JpHdXyjTqfvQi5Xz/RFnrHCLo/D+RLjajKBaMTZ+yE:dVZhAeiygbrVyjmntzTkG+RXtaMt5CUg
Score
8/10
Malware Config
Signatures
-
Event Triggered Execution: Image File Execution Options Injection 1 TTPs 28 IoCs
-
Checks computer location settings 2 TTPs 29 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 28 IoCs
-
Adds Run key to start application 2 TTPs 14 IoCs
-
Indicator Removal: File Deletion 1 TTPs
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory 28 IoCs
-
Suspicious use of SetThreadContext 15 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 64 IoCs
Adversaries may check for Internet connectivity on compromised systems.
-
Modifies registry class 14 IoCs
-
Runs ping.exe 1 TTPs 64 IoCs
-
Suspicious behavior: EnumeratesProcesses 30 IoCs
-
Suspicious use of AdjustPrivilegeToken 14 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\aa65483e4d8cd10c7ce8bacc309bc0b1JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\aa65483e4d8cd10c7ce8bacc309bc0b1JaffaCakes118.exe"1⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\aa65483e4d8cd10c7ce8bacc309bc0b1JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\aa65483e4d8cd10c7ce8bacc309bc0b1JaffaCakes118.exe"2⤵
- Event Triggered Execution: Image File Execution Options Injection
- Checks computer location settings
- Adds Run key to start application
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\avmptr.exe"C:\Windows\system32\avmptr.exe"3⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\avmptr.exe"C:\Windows\SysWOW64\avmptr.exe"4⤵
- Event Triggered Execution: Image File Execution Options Injection
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\avghostn.exe"C:\Windows\system32\avghostn.exe"5⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\avghostn.exe"C:\Windows\SysWOW64\avghostn.exe"6⤵
- Event Triggered Execution: Image File Execution Options Injection
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\avgvcmd.exe"C:\Windows\system32\avgvcmd.exe"7⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\avgvcmd.exe"C:\Windows\SysWOW64\avgvcmd.exe"8⤵
- Event Triggered Execution: Image File Execution Options Injection
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\avrmnta.exe"C:\Windows\system32\avrmnta.exe"9⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\avrmnta.exe"C:\Windows\SysWOW64\avrmnta.exe"10⤵
- Event Triggered Execution: Image File Execution Options Injection
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\avgvspec.exe"C:\Windows\system32\avgvspec.exe"11⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\avgvspec.exe"C:\Windows\SysWOW64\avgvspec.exe"12⤵
- Event Triggered Execution: Image File Execution Options Injection
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\avmptr.exe"C:\Windows\system32\avmptr.exe"13⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\avmptr.exe"C:\Windows\SysWOW64\avmptr.exe"14⤵
- Event Triggered Execution: Image File Execution Options Injection
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\avgvscno.exe"C:\Windows\system32\avgvscno.exe"15⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\avgvscno.exe"C:\Windows\SysWOW64\avgvscno.exe"16⤵
- Event Triggered Execution: Image File Execution Options Injection
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\avmptr.exe"C:\Windows\system32\avmptr.exe"17⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\avmptr.exe"C:\Windows\SysWOW64\avmptr.exe"18⤵
- Event Triggered Execution: Image File Execution Options Injection
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\avrmnta.exe"C:\Windows\system32\avrmnta.exe"19⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\avrmnta.exe"C:\Windows\SysWOW64\avrmnta.exe"20⤵
- Event Triggered Execution: Image File Execution Options Injection
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\avgvsyt.exe"C:\Windows\system32\avgvsyt.exe"21⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\avgvsyt.exe"C:\Windows\SysWOW64\avgvsyt.exe"22⤵
- Event Triggered Execution: Image File Execution Options Injection
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\avgvsyt.exe"C:\Windows\system32\avgvsyt.exe"23⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\avgvsyt.exe"C:\Windows\SysWOW64\avgvsyt.exe"24⤵
- Event Triggered Execution: Image File Execution Options Injection
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\avruncom.exe"C:\Windows\system32\avruncom.exe"25⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\avruncom.exe"C:\Windows\SysWOW64\avruncom.exe"26⤵
- Event Triggered Execution: Image File Execution Options Injection
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\avgvspec.exe"C:\Windows\system32\avgvspec.exe"27⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\avgvspec.exe"C:\Windows\SysWOW64\avgvspec.exe"28⤵
- Event Triggered Execution: Image File Execution Options Injection
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\avruncom.exe"C:\Windows\system32\avruncom.exe"29⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\avruncom.exe"C:\Windows\SysWOW64\avruncom.exe"30⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c "for /L %a in (1,1,30) do del "C:\Windows\SysWOW64\avruncom.exe" && if exist "C:\Windows\SysWOW64\avruncom.exe" ping -n 2 0.0.0.0"30⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.031⤵
- System Location Discovery: System Language Discovery
-
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\avgvspec.exe > nul29⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c "for /L %a in (1,1,30) do del "C:\Windows\SysWOW64\avgvspec.exe" && if exist "C:\Windows\SysWOW64\avgvspec.exe" ping -n 2 0.0.0.0"28⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.029⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.029⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.029⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.029⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.029⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.029⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.029⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.029⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.029⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.029⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.029⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\avruncom.exe > nul27⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c "for /L %a in (1,1,30) do del "C:\Windows\SysWOW64\avruncom.exe" && if exist "C:\Windows\SysWOW64\avruncom.exe" ping -n 2 0.0.0.0"26⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.027⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.027⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.027⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.027⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.027⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.027⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.027⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.027⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.027⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.027⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.027⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.027⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.027⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.027⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.027⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.027⤵
- System Location Discovery: System Language Discovery
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.027⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.027⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.027⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.027⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\avgvsyt.exe > nul25⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c "for /L %a in (1,1,30) do del "C:\Windows\SysWOW64\avgvsyt.exe" && if exist "C:\Windows\SysWOW64\avgvsyt.exe" ping -n 2 0.0.0.0"24⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.025⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.025⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.025⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.025⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.025⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.025⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.025⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.025⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.025⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.025⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.025⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.025⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.025⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.025⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.025⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.025⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.025⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.025⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.025⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.025⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.025⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.025⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.025⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.025⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.025⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.025⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.025⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.025⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.025⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.025⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\avgvsyt.exe > nul23⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c "for /L %a in (1,1,30) do del "C:\Windows\SysWOW64\avgvsyt.exe" && if exist "C:\Windows\SysWOW64\avgvsyt.exe" ping -n 2 0.0.0.0"22⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.023⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.023⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.023⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.023⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.023⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.023⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.023⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.023⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.023⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.023⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.023⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.023⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.023⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.023⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.023⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.023⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.023⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.023⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.023⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.023⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.023⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.023⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.023⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.023⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.023⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.023⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.023⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.023⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.023⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.023⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\avrmnta.exe > nul21⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c "for /L %a in (1,1,30) do del "C:\Windows\SysWOW64\avrmnta.exe" && if exist "C:\Windows\SysWOW64\avrmnta.exe" ping -n 2 0.0.0.0"20⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.021⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.021⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.021⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.021⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.021⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.021⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.021⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.021⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.021⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.021⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.021⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.021⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.021⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.021⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.021⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.021⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.021⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.021⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.021⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.021⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.021⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.021⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.021⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.021⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.021⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.021⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.021⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.021⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.021⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.021⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\avmptr.exe > nul19⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c "for /L %a in (1,1,30) do del "C:\Windows\SysWOW64\avmptr.exe" && if exist "C:\Windows\SysWOW64\avmptr.exe" ping -n 2 0.0.0.0"18⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.019⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.019⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.019⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.019⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.019⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.019⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.019⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.019⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.019⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.019⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.019⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.019⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.019⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.019⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.019⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.019⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.019⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.019⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.019⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.019⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.019⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.019⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.019⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.019⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.019⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.019⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.019⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.019⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.019⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.019⤵
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\avgvscno.exe > nul17⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c "for /L %a in (1,1,30) do del "C:\Windows\SysWOW64\avgvscno.exe" && if exist "C:\Windows\SysWOW64\avgvscno.exe" ping -n 2 0.0.0.0"16⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.017⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.017⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.017⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.017⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.017⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.017⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.017⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.017⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.017⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.017⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.017⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.017⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.017⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.017⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.017⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.017⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.017⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.017⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.017⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.017⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.017⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.017⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.017⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.017⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.017⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.017⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.017⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.017⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.017⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.017⤵
- System Location Discovery: System Language Discovery
-
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\avmptr.exe > nul15⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c "for /L %a in (1,1,30) do del "C:\Windows\SysWOW64\avmptr.exe" && if exist "C:\Windows\SysWOW64\avmptr.exe" ping -n 2 0.0.0.0"14⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.015⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.015⤵
- System Location Discovery: System Language Discovery
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.015⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.015⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.015⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.015⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.015⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.015⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.015⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.015⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.015⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.015⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.015⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.015⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.015⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.015⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.015⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.015⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.015⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.015⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.015⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.015⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.015⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.015⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.015⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.015⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.015⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.015⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.015⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.015⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\avgvspec.exe > nul13⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c "for /L %a in (1,1,30) do del "C:\Windows\SysWOW64\avgvspec.exe" && if exist "C:\Windows\SysWOW64\avgvspec.exe" ping -n 2 0.0.0.0"12⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.013⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.013⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.013⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.013⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.013⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.013⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.013⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.013⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.013⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.013⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.013⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.013⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.013⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.013⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.013⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.013⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.013⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.013⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.013⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.013⤵
- System Location Discovery: System Language Discovery
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.013⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.013⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.013⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.013⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.013⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.013⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.013⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.013⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.013⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.013⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\avrmnta.exe > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c "for /L %a in (1,1,30) do del "C:\Windows\SysWOW64\avrmnta.exe" && if exist "C:\Windows\SysWOW64\avrmnta.exe" ping -n 2 0.0.0.0"10⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.011⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.011⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.011⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.011⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.011⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.011⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.011⤵
- System Location Discovery: System Language Discovery
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.011⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.011⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.011⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.011⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.011⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.011⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.011⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.011⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.011⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.011⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.011⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.011⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.011⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.011⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.011⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.011⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.011⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.011⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.011⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.011⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.011⤵
- System Location Discovery: System Language Discovery
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.011⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.011⤵
- System Location Discovery: System Language Discovery
-
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\avgvcmd.exe > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c "for /L %a in (1,1,30) do del "C:\Windows\SysWOW64\avgvcmd.exe" && if exist "C:\Windows\SysWOW64\avgvcmd.exe" ping -n 2 0.0.0.0"8⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.09⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.09⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.09⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.09⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.09⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.09⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.09⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.09⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.09⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.09⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.09⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.09⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.09⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.09⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.09⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.09⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.09⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.09⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.09⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.09⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.09⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.09⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.09⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.09⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.09⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.09⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.09⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.09⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.09⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.09⤵
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\avghostn.exe > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c "for /L %a in (1,1,30) do del "C:\Windows\SysWOW64\avghostn.exe" && if exist "C:\Windows\SysWOW64\avghostn.exe" ping -n 2 0.0.0.0"6⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.07⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.07⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.07⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.07⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.07⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.07⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.07⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.07⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.07⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.07⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.07⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.07⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.07⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.07⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.07⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.07⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.07⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.07⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.07⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.07⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.07⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.07⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.07⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.07⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.07⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.07⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.07⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.07⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.07⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.07⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\avmptr.exe > nul5⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c "for /L %a in (1,1,30) do del "C:\Windows\SysWOW64\avmptr.exe" && if exist "C:\Windows\SysWOW64\avmptr.exe" ping -n 2 0.0.0.0"4⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.05⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.05⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.05⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.05⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.05⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.05⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.05⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.05⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.05⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.05⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.05⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.05⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.05⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.05⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.05⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.05⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.05⤵
- System Location Discovery: System Language Discovery
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.05⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.05⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.05⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.05⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.05⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.05⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.05⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.05⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.05⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.05⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.05⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.05⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.05⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del C:\Users\Admin\AppData\Local\Temp\AA6548~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c "for /L %a in (1,1,30) do del "C:\Users\Admin\AppData\Local\Temp\aa65483e4d8cd10c7ce8bacc309bc0b1JaffaCakes118.exe" && if exist "C:\Users\Admin\AppData\Local\Temp\aa65483e4d8cd10c7ce8bacc309bc0b1JaffaCakes118.exe" ping -n 2 0.0.0.0"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.03⤵
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.03⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.03⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.03⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.03⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 0.0.0.03⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4412,i,1602949858158667699,12464335823361976127,262144 --variations-seed-version --mojo-platform-channel-handle=4448 /prefetch:81⤵
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Image File Execution Options Injection
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
103KB
MD5aa65483e4d8cd10c7ce8bacc309bc0b1
SHA15e4b25626f3606a6ea7669074659fb544441bf81
SHA256574b02890cf382dd0571e15ae8888e80ac37124813136ea17c68491c3699e488
SHA512740e226540a9dec5c75876295c80ff587d0cd4a123dedc7f77728488a706ed3bf0c39381f1ea8977e6a9e6cf3211a42f778d51e5be8c50416616d174fe8ae9a6
-
Filesize
72KB
-
Filesize
72KB
-
Filesize
72KB
-
Filesize
72KB
-
Filesize
72KB